Structure and code of Guestbook

[erikla]

Dear people here at phpfreaks

 

I am working on updating an old guestbook with outdated code (predecated). I will follow the suggestions I have received here on this forum already by using the new MySQL PDO technique. I am pretty rusty on PHP and MySQL, since I haven't been using it for years. So it took me a while to get Xampp running and installing Virtual hosts, so I can test my code locally. This is all working now. I have decided to start from scratch, building my guestbook up gradually in order to be able to understand each step better. I am inspired by the following tutorial:

 

http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers

 

So far I have created four files

1. contribution_to_guestbook.html

2. put_in_guestbook.php

3. show_content_of_guestbook.php

4. mysql_functions.php

 

The guestbook is implemented as a table with the name guestbook in the MySQL database with the name my_database. The database contains six fields, which are: id, time, ip, name, email and contribution. The user can write a contribution by filling in his name, email address and contribution in the form placed in the first file. These data for the fields name, email and contribution respectively are being sent to the second file. At the same time the datetime is automatically registered along with the IP address of the users computer in the fields time and ip. When inserted in the table in the database via the second file, the primary field id is automatically added and incremented by 1. After the insertion in the database, the user is directed to file 3, where the content of the whole guestbook is being displayed for the user to see. The 4th file is containing the connection details for the database, including the password. 

 

NB! The IP address of the users computer is not being displayed but only collected in the case one want to block spammers from specific computers with fixed IP addresses. In order to better block for spam from computer bots, I will later place a question in the first file to only admit humans ...

 

My questions

1. Is the structure of my guestbook convenient? Would it be appropriate to create functions to make the code more readable and if so, how can I do it?
    
2. I wanted to make a prepared statement in the 3. file in which I select the content on the guestbook in order to display it. Can it be done, and if so how do the code look like?
    
3. I know I need more error handling. Also I need to test user input. For example if no contribution is being written, an error message should be shown to the user, etc. Do you have some suggestions here and how to do it?
    
4. What about security? I hope the password for my database will not be accessible in any way?

 

I will appreciate any comments on the four questions above and eventual something else I have overlooked! I hope my thread is not too long. Hope for some replies ...

 

Here is my code so far (still just a framework!):

 

 

1. contribution_to_guestbook.html

<!doctype html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Contribution to Guestbook</title>
<style type="text/css">
body,td,th {font-family: Verdana, Geneva, sans-serif;}
form1 table tr td {color: #06C;}
h1 {color: #0000A0;}
</style>
</head>


<body>
<form method="POST" action="put_in_guestbook.php">

<h1>Contribution to Guestbook</h1>

<table border="0" cellspacing="5" cellpadding="5">
  <tr>
  	<td>Name</td>
    <td>
    <INPUT type="text" name="name" size=40 maxlength=100>
    </td>
  </tr>
  <tr>
  	<td>Email</td>
    <td>
    <INPUT type="text" name="email" size=40 maxlength=100>
    </td>
  </tr>
  <tr>
  	<td valign="top">Contribution</td>
    <td>
    <TEXTAREA name="contribution" cols=60 rows=10></TEXTAREA>
    </td>
  </tr>
  <tr>
    <td></td>    
    <td align="center">
    <INPUT type="submit" value="Submit contribution">
    </td>
  </tr>
</table>
</form>
<p></p>



</body>
</html>

2. put_in_guestbook.php

<?php

require("mysql_functions.php");

$ip = $_SERVER['REMOTE_ADDR'];  //Clients IP address collected
$name = $_POST['name'];  //Data from input form etc.
$email = $_POST['email'];
$contribution = $_POST['contribution'];

try {
  
  $db = new PDO('mysql:host='.$server.';dbname='.$database.';charset=utf8mb4', $username, $password);  //Connecting to database
  $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
  
  $stmt = $db->prepare("INSERT INTO guestbook(`time`, `ip`, `name`, `email`, `contribution`) VALUES(NOW(), ?, ?, ?, ?)");
  $stmt->execute(array($ip, $name, $email, $contribution));  //Placing the new contribution with details in Guestbook
  
  $db = NULL;  //Closing database
  header("Location: show_content_of_guestbook.php");  //Redirecting to another page to show content of guestbook  
  
} catch(PDOException $ex) {
	echo "Could not insert into guestbook";
}

?>

3. show_content_of_guestbook.php

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf8mb4" />
<title>Guestbook</title>
</head>

<body>

<?php
require("mysql_functions.php");

header('Content-Type: text/html; charset=utf-8');

try {
  $db = new PDO('mysql:host='.$server.';dbname='.$database.';charset=utf8mb4', $username, $password);  //Connecting to database
  $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
  
  foreach ($db->query('SELECT * FROM guestbook') as $row) {
	echo "Contribution number: ".$row['id']."<br/>";
	echo "Time: ".$row['time']."<br/>";
	echo "Name: ".$row['name']."<br/>";
	echo "Email: ".$row['email']."<br/>";
	echo "Contribution: ".$row['contribution']."<br/>"."<br/>";
	
  $db=NULL;  //Closing database	
  }
} catch(PDOException $ex) {
	echo "An error ocurred";
}

?>

</body>
</html>

4. mysql_functions.php

<?php

$server = 'localhost';
$username = 'root';
$password = 'my_password';
$database = 'my_database';

?>

Regards,

 

Erik

Edited July 16, 2014 by erikla