Jump to content

Recommended Posts

And I'm talking as basic as you can go! I'm trying to implement a commenting system on my website for news articles I post, and I've only gotten as far as creating the script to connect to my database (I use mysql). I've tried every open source script online for this app and I've not been able to get any one to work within my website. They'll work on separate blank html pages, but I can't figure out how to put the code into my existing pages, which is a huge problem.

 

As a result, I've resorted to creating my own script, which shouldn't be too difficult to make. If anyone could possibly describe a step by step process on how this can be done I would be incredibly grateful! Just note that I don't want to use ajax, jscript or any other languages like that, just PHP.

 

Another question I have, is how would I organize my database to include all news articles, and comments with a news article "id"? Would I need to put both in separate tables and just assign each comment with the uniqe id associated with whatever news article?

 

And the last thing, I want pagination for my news. I have it to where if I insert a news article column into my table "mynews", it'll show up on the home page, but how and where would I insert a pagination code to make the articles "paginate"?

Link to comment
https://forums.phpfreaks.com/topic/226148-basic-commenting-system/
Share on other sites

I realized I just posted this, but I added a whole more info regarding the scripts I'm using and when i tried to update the last post, it wouldn't let me.

 

And I'm talking as basic as you can go! I'm trying to implement a commenting system on my website for news articles I post, and I've only gotten as far as creating the script to connect to my database (I use mysql). I've tried every open source script online for this app and I've not been able to get any one to work within my website. They'll work on separate blank html pages, but I can't figure out how to put the code into my existing pages to go with each article.

 

As a result, I've resorted to creating my own script for the comment box system, which shouldn't be too difficult to make. If anyone could possibly describe a step by step process on how this can be done I would be incredibly grateful! Just note that I don't want to use ajax, jscript or any other languages like that, just PHP.

 

The second thing I want to discuss is my News Content Management System. I used an open source script for this, and it's really basic and easy to understand. I use it because I prefer it to manually typing in an article in dreamweaver (this gets really annoying and I had to find out the hard way). So, I turned to the CMS to help make posting news articles easier. The only problem I have with this script is the form page, as you'll see upon scrolling down.

 

Here's the code I use to connect to my database:

 

<?php 
    $username = "commentboxacp"; //your username 
    $password = "enter password here"; //your password 
    $host = "enter host name here"; //your mySQL server 
    $database = "commentboxacp"; //The name of the database your table is in 

         mysql_connect($host,$username,$password) or die("Error connecting to Database!<br>" . mysql_error()); //connect, but if there is a problem, display an error message telling why there is a problem 
         mysql_select_db($database) or die("Cannot select database!<br>" . mysql_error()); //Choose the database from your mySQL server, but if there is a problem, display an error telling why 
?>

 

Of course, I put the password and hostname in when I upload the script but I removed it here for obvious reasons.

 

 

Now, this next script I inserted into my home page (index.php).

 

<? 
include("cms/news/dbconnect.php"); //include the file to connect to the database 
$getnews = mysql_query("SELECT * FROM mynews ORDER BY id DESC"); //query the database for all of the news 

while($r=mysql_fetch_array($getnews)){ //while there are rows in the table 
extract($r); //remove the $r so its just $variable 

echo("<hr> 
<font size=4>$type: </font><font size=3>$title</font><br> 
<font size=1><em>Posted by $user</em></font><font size=1> | added on $time</font><br><br> 
<font size=2>$message</font><br><br>
<font size=2><a href=cms/news/index.php>Read More - $url</a></font><br>

<!--beginning of comment box-->

<!--end of comment box--><p>"); 

} 

?>

 

When I put this on my home page, whatever's stored in my database will replace the "$" variables (that's what I think they're called) in the html format I created. This works great. The only problem I have with it is that I don't know how to assign the text css classes or insert divs to contain the articles. I also need a code for pagination, once the number of news articles I post exceeds a certain number, like "10".

 

Also, notice that I put this right after the variables that display the information for the articles.

<!--beginning of comment box-->

<!--end of comment box--><p>"); 

 

Is this where I would put the html comment box? Assuming so, every time a new article is added to the database, a comment box would appear right underneath it.  How would I assign it a unique id so that it'll only display comments related to the specific news article?

 

Now, here's the cms form that doesn't work (I have NO IDEA what the problem is here). The way it's scripted, an error message should pop up if the database wasn't queried. When I test it, the database doesn't update, but no error message is displayed.

 

<?php 
include("dbconnect.php"); //include the file that connects to the database 
if(!empty($title)) { //if the title is not empty, than do this function 
$title = addslashes($title); 
$user = addslashes($user); 
$message = addslashes($message); 
$url = addslashes($url);
$time = addslashes($time);
$type = addslashes($type);

$sql = "INSERT INTO mynews (id, title, user, message, url, time, type) VALUES ('NULL', '$title','$user','$message','$url','$time','$type')"; //Insert all of your information into the mynews table in your database 
$query = mysql_query($sql) or die("Cannot query the database.<br>" . mysql_error()); 
echo "Database Updated."; 
} else { //However, if the title variable is empty, than do this function 
?> 
<form name="news" method="post" action="<?php echo $PHP_SELF; ?>"> 
  <h1>Post New Article</h1>
  <p>Please fill out all of the following fields:</p>
<table width="100%" border="0" cellpadding="0" cellspacing="0"> 
<tr>
  <td class="cmsNewsformText">Type*:</td>
  <td><font size="1">
    <input name="type" type="text" class="cmsNewforms" size="50" />
  </font></td>
</tr>
<tr> 
<td width="109" class="cmsNewsformText">News Topic/Title*: </td> 
<td width="471"> 
<font size="1"> 
<input name="title" type="text" class="cmsNewforms" value="enter title of article" size="50"> 
</font></td> 
</tr> 
<tr> 
<td width="109" class="cmsNewsformText">Username*:</td> 
<td width="471"> 
<font size="1"> 
<input name="user" type="text" class="cmsNewforms" value="enter username" size="50"> 
</font></td> 
</tr>
<tr>
  <td class="cmsNewsformText">Url*:</td>
  <td><font size="1">
    <input name="url" type="text" class="cmsNewforms" value="enter url of news article" size="50" />
  </font></td>
</tr> 
<tr> 
<td width="109" class="cmsNewsformText">Message*:</td> 
<td width="471"> 
<font size="1"> 
<textarea name="message" cols=43 rows=10 class="cmsNewforms">enter body of article
</textarea> 
</font></td> 
</tr> 
</table> 
<p> 
<font size="1"> 
<input name="Submit" type="submit" class="Button1" value="Submit">
</font> 
</p> 
</form> 
<?php 
} //end this function 
?>

 

The way this script it supposed to work is to take the information put in the fields and return it to the database. The script on the home page would then run through the database and pull that information to display. The problem though is that the information isn't getting sent. This is the only script out of the three that doesn't work. Help?

 

you are not passing the fields to the code

 

look

$title = addslashes($title); 
$user = addslashes($user); 
$message = addslashes($message); 
$url = addslashes($url);
$time = addslashes($time);
$type = addslashes($type);

 

see? try making this

$title = addslashes($_POST['title']); 
$user = addslashes($_POST['user']); 
$message = addslashes($_POST['message']); 
$url = addslashes($_POST['url']);
$time = addslashes($_POST['time']);
$type = addslashes($_POST['type']);

 

 

try it and let me know if worked properly

you are not passing the fields to the code

 

look

$title = addslashes($title); 
$user = addslashes($user); 
$message = addslashes($message); 
$url = addslashes($url);
$time = addslashes($time);
$type = addslashes($type);

 

see? try making this

$title = addslashes($_POST['title']); 
$user = addslashes($_POST['user']); 
$message = addslashes($_POST['message']); 
$url = addslashes($_POST['url']);
$time = addslashes($_POST['time']);
$type = addslashes($_POST['type']);

 

 

try it and let me know if worked properly

 

That didn't work. It's still just refreshing the page and doesn't seem to be talking to my database at all.

you are not passing the fields to the code

 

look

$title = addslashes($title); 
$user = addslashes($user); 
$message = addslashes($message); 
$url = addslashes($url);
$time = addslashes($time);
$type = addslashes($type);

 

see? try making this

$title = addslashes($_POST['title']); 
$user = addslashes($_POST['user']); 
$message = addslashes($_POST['message']); 
$url = addslashes($_POST['url']);
$time = addslashes($_POST['time']);
$type = addslashes($_POST['type']);

 

 

try it and let me know if worked properly

 

Here's the url to the form

 

http://www.djsmiley.net/postnews.php

 

This is with the code you gave me.

 

<?php 
include("dbconnect.php"); //include the file that connects to the database 
if(!empty($title)) { //if the title is not empty, than do this function 
$title = addslashes($_POST['title']); 
$user = addslashes($_POST['user']); 
$message = addslashes($_POST['message']); 
$url = addslashes($_POST['url']);
$time = addslashes($_POST['time']);
$type = addslashes($_POST['type']);

$sql = "INSERT INTO mynews (id, title, user, message, url, time, type) VALUES ('NULL', '$title','$user','$message','$url','$time','$type')"; //Insert all of your information into the mynews table in your database 
$query = mysql_query($sql) or die("Cannot query the database.<br>" . mysql_error()); 
echo "Database Updated."; 
} else { //However, if the title variable is empty, than do this function 
?> 
<form name="news" method="post" action="<?php echo $PHP_SELF; ?>"> 
  <h1>Post New Article</h1>
  <p>Please fill out all of the following fields:</p>
<table width="100%" border="0" cellpadding="0" cellspacing="0"> 
<tr>
  <td class="cmsNewsformText">Type*:</td>
  <td><font size="1">
    <input name="type" type="text" class="cmsNewforms" size="50" />
  </font></td>
</tr>
<tr> 
<td width="109" class="cmsNewsformText">News Topic/Title*: </td> 
<td width="471"> 
<font size="1"> 
<input name="title" type="text" class="cmsNewforms" value="enter title of article" size="50"> 
</font></td> 
</tr> 
<tr> 
<td width="109" class="cmsNewsformText">Username*:</td> 
<td width="471"> 
<font size="1"> 
<input name="user" type="text" class="cmsNewforms" value="enter username" size="50"> 
</font></td> 
</tr>
<tr>
  <td class="cmsNewsformText">Url*:</td>
  <td><font size="1">
    <input name="url" type="text" class="cmsNewforms" value="enter url of news article" size="50" />
  </font></td>
</tr> 
<tr> 
<td width="109" class="cmsNewsformText">Message*:</td> 
<td width="471"> 
<font size="1"> 
<textarea name="message" cols=43 rows=10 class="cmsNewforms">enter body of article
</textarea> 
</font></td> 
</tr> 
</table> 
<p> 
<font size="1"> 
<input name="Submit" type="submit" class="Button1" value="Submit">
</font> 
</p> 
</form> 
<?php 
} //end this function 
?>

I'm also having an issue when launching the "displaynews.php". I've never encountered this issue before now:

 

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/content/d/j/s/djsmiley/html/displaynews.php on line 13

 

Here's the code for "displaynews.php". The error in action: http://www.djsmiley.net/displaynews.php

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Display News</title>
</head>

<body>
<? 
include("dbconnect.php"); //include the file to connect to the database 
$getnews = mysql_query("SELECT * FROM mynews ORDER BY id DESC"); //query the database for all of the news 

while($r=mysql_fetch_array($getnews)){ //while there are rows in the table 
extract($r); //remove the $r so its just $variable 

echo("<hr> 
<font size=3>$title added on $date</font><br> 
<font size=1>Posted by $user</font><br> 
<font size=2>$message</font><p>"); 

} 

?>
</body>
</html>

 

<form name="news" method="post" action="<?php echo $PHP_SELF; ?>"> 

 

try changing the action="..." to <?php echo $_SERVER['PHP_SELF']; ?>

 

displaynews.php -> try this code

<?php
include("dbconnect.php"); //include the file to connect to the database 
$getnews = mysql_query("SELECT * FROM mynews ORDER BY id DESC"); //query the database for all of the news 

while($r=mysql_fetch_array($getnews)){ //while there are rows in the table 

echo "<hr>";
echo "<font size=\"3\">$r['title'] added on $r['date']</font><br>";
echo "<font size=\"1\">Posted by $r['user']</font><br>";
echo "<font size=\"2\">$r['message']</font><p>"; 

} 

?>

 

see if this solves

As for your pagination, you can use either one of these and modify it to your needs.

 

The first can do any posts amount, the second I hard coded set to 10 posts per page, which I didn't need more.

It takes more math to predetermine all the +jump-to pages

 

Can see them both working and the codes embed below them.

http://get.blogdns.com/paginate

 

and this is more deluxe

http://get.blogdns.com/dynaindex/paginate.php

 

Basically it controls the limit in a mysql query determined by what current page you are on.

 

Since it gets the script and also queries in the url you should be able to use a GET['comment'] in the code you are doing and it would pass the value to the next set of comments

OMG dude i just realized in my "dbconnect.php" file i was pointing to the wrong database lol.

 

i fixed that and now the original code i had works. u can view it at http://www.djsmiley.net/displaynews.php

 

im still encountering issues with the form though. im still using the code with ur modifications and it's not working.

As for your pagination, you can use either one of these and modify it to your needs.

 

The first can do any posts amount, the second I hard coded set to 10 posts per page, which I didn't need more.

It takes more math to predetermine all the +jump-to pages

 

Can see them both working and the codes embed below them.

http://get.blogdns.com/paginate

 

and this is more deluxe

http://get.blogdns.com/dynaindex/paginate.php

 

Basically it controls the limit in a mysql query determined by what current page you are on.

 

Since it gets the script and also queries in the url you should be able to use a GET['comment'] in the code you are doing and it would pass the value to the next set of comments

 

I just reviewed the code from the links you provided and all of it seems like japanese to me. Do you know how and where I can insert this code into the script I have posted? Or is it a more complicated matter than just copying and inserting?

<form name="news" method="post" action="<?php echo $PHP_SELF; ?>"> 

 

try changing the action="..." to <?php echo $_SERVER['PHP_SELF']; ?>

 

 

Or even better, since $_SERVER['PHP_SELF'] is a known XSS vulnerability as a form action, just use action="" to submit a form to itself.

<form name="news" method="post" action="<?php echo $PHP_SELF; ?>"> 

 

try changing the action="..." to <?php echo $_SERVER['PHP_SELF']; ?>

 

 

Or even better, since $_SERVER['PHP_SELF'] is a known XSS vulnerability as a form action, just use action="" to submit a form to itself.

 

This didn't work either, so I decided to change the action="" to action="process.php"

 

Here is the code for process.php

<?php
$name=$_POST['user']; 
$email=$_POST['title']; 
$location=$_POST['message']; 
$type=$_POST['type']; 
$url=$_POST['url']; 
mysql_connect("your hostname", "cmsnewsacp", "your password") or die(mysql_error()); 
mysql_select_db("cmsnewsacp") or die(mysql_error()); 
mysql_query("INSERT INTO `mynews` VALUES ('$user', '$title', '$message', '$type', '$url')"); 
Print "The article has successfully been posted"; 
?> 

 

Now, when you send the form, it directs you to the "The article has successfully been posted" message, but it's still not getting sent to my database and IDK Y  :shrug:

 

Here's the code again for postnews.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Post News</title>
</head>

<body>

<form name="news" method="post" action="process.php"> 
  <h1>Post New Article</h1>
  <p>Please fill out all of the following fields:</p>
<table width="100%" border="0" cellpadding="0" cellspacing="0"> 
<tr>
  <td class="cmsNewsformText">Type*:</td>
  <td><font size="1">
    <input name="type" type="text" class="cmsNewforms" size="50" />
  </font></td>
</tr>
<tr> 
<td width="109" class="cmsNewsformText">News Topic/Title*: </td> 
<td width="471"> 
<font size="1"> 
<input name="title" type="text" class="cmsNewforms" value="enter title of article" size="50"> 
</font></td> 
</tr> 
<tr> 
<td width="109" class="cmsNewsformText">Username*:</td> 
<td width="471"> 
<font size="1"> 
<input name="user" type="text" class="cmsNewforms" value="enter username" size="50"> 
</font></td> 
</tr>
<tr>
  <td class="cmsNewsformText">Url*:</td>
  <td><font size="1">
    <input name="url" type="text" class="cmsNewforms" value="enter url of news article" size="50" />
  </font></td>
</tr> 
<tr> 
<td width="109" class="cmsNewsformText">Message*:</td> 
<td width="471"> 
<font size="1"> 
<textarea name="message" cols=43 rows=10 class="cmsNewforms">enter body of article
</textarea> 
</font></td> 
</tr> 
</table> 
<p> 
<font size="1"> 
<input name="Submit" type="submit" class="Button1" value="Submit">
</font> 
</p> 
</form> 

</body>
</html>

 

And here's displaynews.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<? 
include("dbconnect.php"); //include the file to connect to the database 
$getnews = mysql_query("SELECT * FROM mynews ORDER BY id DESC"); //query the database for all of the news 

while($r=mysql_fetch_array($getnews)){ //while there are rows in the table 
extract($r); //remove the $r so its just $variable 

echo("<hr> 
<font size=3>$title added on $date</font><br> 
<font size=1>Posted by $user</font><br> 
<font size=2>$message</font><p>"); 

} 

?>

</body>
</html>

 

Does anyone know why this could be?

 

The link to the form is http://www.djsmiley.net/postnews.php

To see the news displayed from the database: http://www.djsmiley.net/displaynews.php

Yes, your insert isn't inserting anything.

 

mysql_query("INSERT INTO `mynews` VALUES ('$user', '$title', '$message', '$type', '$url')"); 

should be something like, of course use your values in the database whatever they are

mysql_query("INSERT INTO mynews (user, title, message, type, url)
VALUES ('$user', '$title', '$message', '$type', '$url')"); 

 

Well that's to be specific, but inserting the other way should still insert them, I did see you originally had it the specific way to start off.

There's no logic in place to return any debugging information.

 

mysql_select_db("cmsnewsacp") or die(mysql_error()); 
$query = "INSERT INTO `mynews` VALUES ('$user', '$title', '$message', '$type', '$url')";
if( $result = mysql_query($query) ) {
if( mysql_affected_rows() > 0 ) {
	echo 'The article has successfully been posted';
} else {
	echo 'Query ran successfully, but no record was inserted.';
}
} else {
        // Next line should be changed to a generic 'Sorry, there was an error' type of message in a production environment . . .
echo "<br>Query: $query<br>Failed with error: " . mysql_error() . '<br>';
}
?>

block unwanted characters

http://php.net/manual/en/function.mysql-real-escape-string.php

 

fix quotes and such

http://php.net/manual/en/function.htmlentities.php

 

You just can't let anyone input what they want.

 

btw, i did a test post and it didn't show my name or the text, got the insert and then select values correct and the same on both display.php and process.php?

block unwanted characters

http://php.net/manual/en/function.mysql-real-escape-string.php

 

fix quotes and such

http://php.net/manual/en/function.htmlentities.php

 

You just can't let anyone input what they want.

 

btw, i did a test post and it didn't show my name or the text, got the insert and then select values correct and the same on both display.php and process.php?

 

Yeah, I fixed that about a second before you posted this. I guess I misnamed a variable in process.php

<?php
$user=$_POST['user']; //for example, "$user" was named something else which is why it didn't display your name you typed
$title=$_POST['title']; 
$message=$_POST['message']; 
$type=$_POST['type']; 
$url=$_POST['url']; 
mysql_connect("hostname", "username", "password") or die(mysql_error()); 
mysql_select_db("cmsnewsacp") or die(mysql_error()); 

mysql_query("INSERT INTO mynews (user, title, message, type, url)
VALUES ('$user', '$title', '$message', '$type', '$url')"); 
Print "The article has successfully been posted"; 
?> 

 

MOD Edit: DB login credentials removed . . .

Take your mysql_query string, and turn it into something like:

$sql = sprintf("INSERT INTO mynews (user, title, message, type, url)
VALUES ('%s', '%s', '%s', '%s', '%s')",
mysql_real_escape_string($user),
mysql_real_escape_string($title),
mysql_real_escape_string($message),
mysql_real_escape_string($type),
mysql_real_escape_string($url));
$result = mysql_query($sql); 

 

As always Un-tested (may be a parse error).

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.