|
Third: Saving the comments
Again, this is a very similar process to that used before in the starter tutorials for retrieving information 'posted' from a form. Here's the second piece of code you'll need - but don't copy it just yet...
<?php
// collect data sent from form
$page_id = $_POST['page_id'];
$ip = $_POST['ip'];
$dated = $_POST['dated'];
$name = $_POST['name'];
$location = $_POST['locn'];
$comments = $_POST['comments']
// connection variables
include("db_conn.php") // the usual host/username/password/database name
$db_table = "page_comments";
// connect to host and select db
mysql_connect($host, $db_user, $db_pass);
mysql_select_db($db_name);
// create and execute the query to insert data
$query = "INSERT INTO $db_table (id, name, location, comments, ip, dated, page_id)
VALUES ('', '$name' , '$location' , '$comments', '$ip', '$dated', '$page_id')";
$result = mysql_query($query);
?>
There are a number of problems with the code above. In no particular order:
- A form with nothing substantive in the 'comments' field would be treated the same way as real visitor responses and added to the database, etc.
- There is no feedback to the visitor [or a way of returning to the page commented on]
- The 'comments' could include html code, php code, etc. which needs to be removed
- The comments could include bad words that we might not want posted to our site
- You would only know if comments were added when you visited that page
Is there a solution?
All of these are solvable (and are detailed later in the tutorial), but to keep the flow going let's discuss how the comments are actually retrieved and placed on the relevant page of our site for future visitors ...
« previous | next »
|