Today I will describe perhaps the best task for language beginners PHP programming — Guest book. In my opinion, this task is the simplest, but at the same time it allows you to learn all the main features of working with PHP and the database MySQL data. Besides, this task infinitely expandable, allowing you to hone new technologies.
The description and solution to this problem will be written right here, without testing for functionality, so perhaps there is a typo somewhere. This was done not because of my laziness, but again because of additional training when creating a guest book by you. Also, the presented solution will be a little “crooked”, but more on that at the end of this article in the “Independent work” section.
If you don’t know how to work with PHP at all, then first I advise you to read the article PHP - where to start.
We will analyze the creation of the most primitive guest book, without design and administration. In other words, we will limit ourselves to logging into the book, registering and leaving messages.
From the problem itself it becomes clear that we can completely limit ourselves to three php files, to implement this task. Of course, the registration task can be divided into two: the registration form and adding data to the database, but we will not do this. Similar reasoning is valid for the procedure for leaving comments. Thus, we create three files: index.php, registration.php, book.php.
By the names of the files, you can immediately understand what they will be responsible for: index.php - login page, registration.php - registration page, book.php - guest book page.
The simplest thing in our case is the login page. Since the page is responsible for entering a login and password pair, it must contain a form for sending this data to the book.php page. And also a link to the registration page. We have:
Moving a little away from the topic, for those who don’t know what the code above means. Here we have bare HTML. The key is the tag form which takes two parameters action, which is responsible for the address of the page that will open after confirming the data entry, and the parameter method, which answers how the form data will be sent to the specified page (see POST and GET in simple words). Inside the form tag, input fields (input, select) are indicated, which must have the attribute name. It is by the value of this attribute that it will be possible to obtain the data entered by the user on the page specified in the action form parameter. There must be an input with the type inside the form submit, which is essentially a button, clicking on which will send data to the action page.
Let's continue... Now we need to create a new user registration page. It’s worth immediately thinking about what exactly we want to have. I decided that for a simple guest book it would be enough to have users with unique logins, as well as to know the address of their Web site (if there is one). Once we have decided what we want to know about the user, then we can start designing our database.
Go to phpMyAdmin. Let's create a database there with the name gb. In this database, we will create a table Users with the following fields:
Login varchar(50) unique //user login, unique field password varchar(150) //password www varchar(255) //website address
And since we have already entered the database editor, we can immediately think about how we will store messages. In our case, it is quite suitable to know who left the message and when, and the actual text of our message. Also, for convenience, it is worth numbering our messages. We have decided on this, which means we can safely create another Messages table with the following structure:
Id int ai(auto_increment) primary_key //message number, counter, which itself will increase mes text //message text who varchar(50) //login of the person who left the message when timestamp default(current) //time of leaving the message, according default current date and time
We've sorted out the database. Now let's move on to the registration.php file. Summarizing the above we have:
To main
A little about the code. As you have already noticed, PHP is present here. I won’t describe the form anymore, but as we can see, here the form data is sent to the same page where the this form. In other words, the registration.php file sends data to itself. Nobody forbids doing this, but you can’t always use it, as it greatly spoils the readability of the code. However, on the other hand, this clearly demonstrates the possibilities PHP language. Essentially our page is divided into two cases. The first case is when data is sent to the page POST request, the second case is when no POST request was sent to the page. In the second case, we will show the registration form, and in the first case we will begin to check the submitted data. As you can see, the data is sent in the form associative array(i.e. an array whose indexes are strings). Moreover, the indices coincide with the names of the input fields specified in the data submission form. Those. if we write
then, when sending this data with a POST request, we will have a variable
$_POST["vasa-peta"]
It is also worth noting that we do not do any login repeat checks. This check will be carried out at the database level, since the login field is marked as unique.
Now the last thing. All that remains is to make the guest book itself. A little discussion. Since the guest book works using a login and password, the first thing we have to do is check the entered login and password for availability in the database. Since we decided to add messages in the book.php file, then obviously the procedure for adding a message should follow. Well, at the very end, a display of all messages. (if you add a message after they are displayed, the added message will be displayed only after the page is reloaded). We have:
"; } } ?>
"; echo "Text: ".$row["mes"]."
"; ) ) mysql_close($link); ?>
That's essentially all. If the code is 100% working, good. If not, then I advise you to try to correct the errors yourself. Now the promised section.
Independent work
As mentioned at the beginning, this solution is “crooked”. If you still don’t understand why, then I’ll explain now. As you may have noticed in the book.php file in the form for adding a comment there are several hidden fields, two of them being the username and password entered by the user. Not good, is it? Try to correct this defect using sessions (How to work with sessions in PHP).
Try to answer the question of how the functions differ empty/isset And exit/die?
Change the query for selecting messages from the database so that when displaying messages, the website of the message author is displayed.
If you noticed, the user password in the database is stored in clear text, and this is not very good. Edit the code so that a hash of the user's password (for example MD5 or SHA1) is stored in the database.
In this post we’re going to see how we can build a guestbook easily with PHP and MySQL. This is very simple and straightforward. All we need is:
- A webserver or a hosting account
- phpMyAdmin or something similar for database access
First, we have to create a database and the necessary tables. Go to your control panel (cPanel or something) and go to databases. Create a new database. Notice the database name. Now create an user and add the user to that database. If you find this difficult, please contact the customer service of your hosting provider. The process significantly differs from host to host depending on the control panel they provide. Please note the full database name, user name and database host. In most cases the database host is “localhost”. But some providers ask customers to use a remote mysql host. In that case, please note that host down. If you’re using WAMP server on Windows, go to http://localhost/phpmyadmin/ and you shall get the options there.
Now we’re ready to import the table. Go to phpMyAdmin, select the database you created and use the following SQL commands to create the table:
CREATE TABLE IF NOT EXISTS `comments` (`id` int(11) NOT NULL AUTO_INCREMENT, `name` varchar(255) NOT NULL, `email` varchar(255) NOT NULL, `website` varchar(255) NOT NULL, `message` text NOT NULL, `timestamp` int(255) NOT NULL, PRIMARY KEY (`id`)) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
Okay, so if you execute the command, we shall have a table named “comments” with 6 fields. The “id” field is the primary key and the unique identifier. The other fields are – name, email, website, message and timestamp. The timestamp field stores the unix epoch value (how many seconds have passed after 1st January 1970) of time. It will be generated using the time() function of php. The other fields are self explanatory.
Now we shall create a configuration file which shall be used to store the mysql connection data. Create a file named: “config.php” and put the following codes in it:
So, the config.php lets you use your own configuration data. Feel free to change the values of the variables to match your setup.
Now we create the first page. Create a file named “index.php” and put these codes into it:
Post A Comment:
Exciting Comments:
Name:($comment["name"])"; echo " Email:($comment["email"])
"; echo " Website:($comment["website"])
"; echo " Message:($comment["message"])
"; echo " Posted at:" .date("Y-d-m H:i:s",$comment["timestamp"]). "
"; } } ?>
So what does this script do? It has a html form to fill up the data necessary. After the form, we fetch all the comments stored in the database and display them on the page. If no comments are found, we also print that out. Did you notice that the form action is “post.php”? Yes, the form data will be sent to posts.php which shall process the fields and store them in database. So, let’s crate post.php and put the following codes:
On this page, we check if all the fields were filled out. If not, we ask print an error message. If all the fields were filled out, we try to store the contents to database. We create the timestamp value using time() and extract the keys out of $_POST variable. If the database insertion fails, we also print out an error message. If everything is okay, we forward the visitor to the index.php where he or she shall be able to see the comments just below the form.
We’re now done with our little guestbook. It is not that feature rich but it works! In the coming posts, we shall see how we can modify it to add validation, pagination and ajax interactions. Stay tuned!
Tizag PHP Page Counter is an efficient online PHP counter independent of MySQL database. You can use this program to calculate your websites webtraffic and to claculate the total hits for your website pages. You can easily install this PHP application on your website and configure to suit your website requirements.
If you need a guestbook on your website, you are in the right place. GuestBook Script PHP is a script that is easy and quick to put on your website.
Visitors to your website can leave comments and feedback. Features: administrator page which...
CodeLock is an easy to use PHP and HTML encryptor. Codelock V2.0 works by encrypting the entire PHP page. You can also have PHP mixed with HTML and javascript. Codelock V2.0 uses unique (unconventional) algorithms for it's encryption (along with...
The DigiOz Graphic counter is a counter script written specifically for PHP files. This script counts the number of times a PHP page has been viewed through the browser. In order for the script to work, the counter.php file will have to be...
php/MySQL easy data editor. A single php page or with a single config file for security to make it easy and safe for non programmers/web designers/mysql gurus to add, edit and delete records. * * * * No need to create a new interface for each table!
HTML Resume Template is a php based script to generate resumes in HTML format.A very easy to use program.Just enter the inputs in the php page and you have your resume generated in HTML format or in just plain text also.A java script is used to...
1. Free hosting only has what it gives.
2. Better, but not at all necessary. A decent guest will leave a message as needed (via my form), and good the hacker will still bypass your $_GET, $_POST, $_COOKIE and $HTTP_REFERER too.
3. Length control is carried out, but only implicitly, by the database itself (the only thing is that the message itself can be huge - up to 64Kb).
4. Yes, there is, HtmlSpecialChars was used, AddSlashes was not used (and this is a big mistake, I admit my guilt, see below). When magic_quotes_gpc is enabled, this problem is not so severe, but the security hole remains (in the control panel).
5. Yes, I agree, it could be cut out, but the name #$@%#$^%$
no worse than AF4ETX09T43. There is a hole in the e-mail and url, you can use scripts.
6. I wonder what is not uninitialized?
There are a number of interesting techniques, such as protection against automatic input through an image (as on this site) http://www.site/webmast/php/Security-Images-in-PHP/
...
It seems there were no pictures, why complicate the demo. I have never seen a guest with such protection yet. As for this site, this is not a guest site.
Anatomy of XSS Cross-Site Scripting
http://www.woweb.ru/index.htm/id/1073393942
Very interesting, thank you.
ZY If Aftor had bothered to read (and delve into) the articles on this same site, he would have realized how unprofessional his work is. It is worth taking into account the experience of previous Authors and, at least, respecting their works - they wrote for you.
Where is there lack of respect? Sorry if I offended anyone.
As for protection, I advise you to read the first paragraph of the article again; I did not set out to review a reliable guest note, but only to show how you can write protozoa guest, for those who are just starting to learn CGI, because not everything comes at once, you have to start with something simple, and you also didn’t become so smart right away, you also made mistakes, so let’s leave the security aspects to other articles, other authors.
Yes, from a security point of view, this script is unprofessional, and I am not a professional in the field of security, which is why there is a corresponding disclaimer in the first paragraph, which, unfortunately, not everyone read.
PS
Quote:
Law "On Copyright and Related Rights"
Article 6. Object of copyright. General provisions
1. Copyright extends to works of science, literature and art that are the result of creative activity, regardless of purposes and advantages work, as well as on the method of its expression.
You can read the rest here: http://www.febras.ru/~patent/copyright/2_3part2.html
Including Article 9. paragraph 1
And it’s not up to you to decide whether I should use my right or not.Today I will give you guest book script in PHP, it’s no secret that this thing is quite popular and if there is no other opportunity to communicate with the administration, then a guest book is simply necessary. And in this article you can download guest book script in PHP, and I will also talk about the process of installing it.
Very often people ask guest book script in html or javascript. Alas, this has never happened and will never happen, since for the guest book to work, you must at least write messages to a file. And this cannot be done JavaScript, nor, especially, in HTML impossible.
Now copy the folder guest to the root of your site. Next, place a link to the guest book on your website page ( http://your_site/guest).
The next step is to set up a guest book. To do this, go to the address http://your_site/guest/admin.php. Enter password " admin" and after successful authorization, go to the " tab Configuration". Brief description of all settings:
- Script name- put your name for the guest book of your site.
- Welcome text- write any text that you want your visitors to see when visiting the guest book.
- Advertising unit- if you want to place an advertisement in the guest book, then copy its code into this field. If it is not there, then leave this field empty.
- Link to the main site- place a link to the main page of your site.
- Admin email / send messages- indicate your e-mail, and also select whether you want to receive messages to your email or not.
- Admin password- be sure to enter your password. Do not leave " admin".
- Enable message moderation?- if you want to check each message before publishing, then enable this option.
- Should you enable the ANTISPAM function?- here you can disable the anti-spam system, or choose one of three options: regular captcha, riddle or math operation. If you choose a regular digital captcha, then also indicate the length of the captcha in the text field on the right.
- Should you use the ANTI-FLOOD function?- this option allows you to filter messages off topic.
- Make links in the text active?- if you put " Yes", then the links in the text of the messages will be active. This is convenient for users, but your guest book will be a good place for a spammer.
- Enable/disable graphic emoticons?- if you put " Yes", then the user will be able to use emoticons.
- Max. name length- allowed number of characters in the username.
- Max. message length- allowed number of characters in a message.
- Messages per page- the number of messages displayed on one page.
- Following messages- sort by ascending or descending date of writing the message.
- Skin- appearance.
In fact, there are a huge number of different guest book scripts. And when I was looking for it, I went through at least two dozen and settled on this one for the following reasons.
Loading...
