I've seen loads of people looking for a PHP/mySQL shoutbox tutorial, so I decided to write one, shoutboxes are often abused by users, so this shoutbox will have some protection features built in to it. NOTE : You must be running at least PHP 4.1.0 for this to work.
Firstly, lets setup our table, enter this SQL data into mySQL or a GUI for mySQL such as phpMyAdmin.
CREATE TABLE `shoutbox` (
`id` INT(11) NOT NULL AUTO_INCREMENT,
`message` TEXT NOT NULL,
`author` VARCHAR(80) NOT NULL,
`eml` VARCHAR(50) NOT NULL,
`date` VARCHAR(50) NOT NULL,
`ip` VARCHAR(20) NOT NULL ,
PRIMARY KEY (`id`))
Now lets get on with the script !
<?php
// You just need to configure these 4 variables to match your server.
$db_host = "localhost"; // mySQL database host
$db_user = "username"; // mySQL database user
$db_password = "password"; // mySQL database password
$db_name = "database"; // the name of your mySQL database
// If a user has submitted a post, we want to :
// 1. Validate it
// 2. Strip unwanted html
// 3. Make sure messages and names aren't too long
// 4. Add it to our database.
if($_POST['submit']) {
// 1. Validate it, by checking all the form inputs were filled in
if(!$_POST['author']) {
echo 'Error ! : No name entered';
die;
}
if(!$_POST['eml']) {
echo 'Error ! : No email entered';
die;
}
if(!$_POST['message']) {
echo 'Error ! : No message entered';
die;
}
// 2. Strip unwanted HTML
// Look up the strip_tags() function at
// http://www.php.net/manual/en/function.strip-tags.php for more info
$message = strip_tags($_POST['message'], '');
$eml = strip_tags($_POST['eml'], '');
$author = strip_tags($_POST['author'], '');
// 3. Make sure messages and names aren't too long
// We will use the strlen() function to count the length.
$message_length = strlen($message);
$author_length = strlen($author);
if($message_length > 150) {
echo "Error ! : Your message was too long, messages must be less than 150 chars";
die;
}
if($author_length > 150) {
echo "Error ! : Your name was too long, names must be less than 150 chars";
die;
}
// 4. Add it to our database.
// If the script hasn't died yet due to an error in the inputted data
// we need to add the data to the database
// Lets connect to our database.
mysql_connect($db_host,$db_user,$db_password) or die(mysql_error());
// Select the database.
mysql_select_db($db_name) or die(mysql_error());
// Lets define the date format we want to enter to our database
// go here for more details
// http://www.php.net/manual/en/function.date.php
$date = date("h:i A dS M");
// This will produce 11:02 25th Aug
// Set the query as $query
$query = "INSERT INTO shoutbox (message, author, eml, date, ip)
VALUES ('$message','$author','$eml','$date','$_SERVER[REMOTE_ADDR]')";
mysql_query($query);
mysql_close();
// Show thanks message and take them back to the main shoutbox
echo "Thanks for your post<BR>";
echo "<A HREF='shoutbox.php'>View the shoutbox</A>";
// If they haven't submitted a post, we want to :
// 1. Show the latest shouts
// 2. Show the shout post form
} else {
// 1. Show the latest shouts
// Lets connect to our database.
mysql_connect($db_host,$db_user,$db_password) or die(mysql_error());
// Select the database.
mysql_select_db($db_name) or die(mysql_error());
// Set the query as $query, and get the last 10 posts.
$query = "SELECT message, author, eml, date, ip
FROM shoutbox order by id DESC LIMIT 10";
$result = mysql_query($query);
echo "<TABLE>";
while($r=mysql_fetch_array($result))
{
// To modify the appearance, edit this :
echo "<TR>
<TD><font size='1'>
Posted $r[date] by <A HREF='mailto:$r[eml]'>
$r[author]</A></font></TD>
</TR>
<TR>
<TD><font size='1'>$r[message]</font></TD>
</TR>
<TR>
<TD><HR></TD>
</TR>";
}
echo "</TABLE>";
// 2. Show the shout post form
?>
<FORM METHOD=POST ACTION="shoutbox.php">
<TABLE>
<TR>
<TD>Name :</TD>
<TD><INPUT TYPE="text" NAME="author"></TD>
</TR>
<TR>
<TD>Email :</TD>
<TD><INPUT TYPE="text" NAME="eml"></TD>
</TR>
<TR>
<TD>Message :</TD>
<TD><INPUT TYPE="text" NAME="message"></TD>
</TR>
<TR>
<TD> </TD>
<TD><INPUT TYPE="submit" name="submit" value="post"></TD>
</TR>
</TABLE>
</FORM>
<?php
}
?>
It would be a bad idea to directly plant this script into your page, as a long word would stretch your page sideways, I recommend to save it as shoutbox.php, and use this code to make an IFRAME in your page.
<IFRAME src="shoutbox.php" width="300"></IFRAME>
This shoutbox is secure from the most common forms of abuse, but I'm sure you guys will want to make it more secure, and add more features :) If you have any questions, go ask in the forums. |
