Need PHP / MYSQL Blog help urgent

[Blaze97]

Okay so you may have noticed an earlier post from myself that problem have been fixed,

 

Some background info, The website is currently on my test server so not connected to the internet. I have only been learning PHP for the last 3-4 days so I am fairly new to most things so please keep your explanations simple, The finished code here is being designed for use on large scale websites with a lot of users around 100,000+ per 24 hour period and therefor will need to be secure. Yet I have no idea how to do that, The script once finished will also be freely distributed and contributors will be fairly credited.

 

I have some new problems that I need help fixing, So I am creating a PHP Blog connected to my MYSQL Database, Currently there is no admin backend that's a job for later but I do have the following files.

 

index.php - This displays all blog posts for all my categorys

news.php - This displays each blog post on there own

config.php - This contains my server connect code

 

I also have the following fields in my database

articleid - Unique ID number of each blog post

category - The category the blog post is in

title - The title of each blog post

body - The body of each post

author - The name of the author

date - date of posting

 

But now I need to add some comments so can anyone please help out, The comments should only appear below the article on the 'news.php' page so I was hoping someone could write me a script to post and display the comments, (No login system needed I got that covered surprisingly.) if you can also give me a .sql file to add the needed tables to my database that would be greatly appreciated,

 

Lastly would it be possible for someone to secure the script so it is invulnerable to SQL Injection attacks and any other form of attack that someone could pull off on the site.

 

So bring on the code,

 

Index.php

<?php include("config/config.php");
$data = mysql_query("SELECT * FROM blog ORDER by date ASC") 
or die(mysql_error()); 
while($row = mysql_fetch_array($data))
  {
echo "<table class='main'> <tr> <td> <a href='/news.php?articleid=" . $row['articleid'] . "' class='article_title'>" . $row['title'] . "</a>
<p>" . $row['introduction'] . "</p></td><tr><td ALIGN='RIGHT' class='small'> Posted by:" . $row['author'] . ", on " . $row['date'] .  ",</td></tr></table>";
  }
?>

Comments:I have removed all the junk out and left the basic script,

 

news.php

<?php include("config/config.php");
$data = mysql_query("SELECT * FROM blog WHERE articleid = {$_GET['articleid']} ORDER by date ASC")
or die(mysql_error()); 
while($row = mysql_fetch_array($data))
  {
echo "<table class='main'> <tr> <td> <a href='/news.php?articleid=" . $row['articleid'] . "' class='article_title'>" . $row['title'] . "</a>
<p>" . $row['introduction'] . "</p></td><tr><td ALIGN='RIGHT' class='small'> Posted by:" . $row['author'] . ", on " . $row['date'] .  ",</td></tr></table>";
  }
?>

Comments:So here's the complex bit if someone could please add the comments below the article here,

 

Thanks again,

Blaze,

(Really bad PHP Programmer)

[Skewled]

You should attempt this on your own first and post feasible code, then ask for assistance. If you're unable to do that you could visit the freelancing forum: http://www.phpfreaks.com/forums/index.php?board=8.0 and make a offer for the work to be completed.

[Blaze97]

Yeah, I would post on the freelance forum but I'm keeping this to a budget of zero, I suppose I can probably sort out the comment script I had a think over it today and got an idea how to do it,

 

But still really need help preventing SQL Injection attacks and any other stupid attack that exists.

 

So if anyone can help with that I'd be greatful

[Muddy_Funster]

Lastly would it be possible for someone to secure the script so it is invulnerable to SQL Injection attacks and any other form of attack that someone could pull off on the site.

 

Short answer - No.

Long Answer - Nothing is impervious to attack (if it was people wouldn't be finding ways into goverment systems as often as they do).  Read up on the use of SSL, mysql_real_escape_string() and Data Sanatisation and you should be as safe as you will need to be.