Tutorials

Part 2b: Post to your DB

This is the continuation of Part 2 in a series on how to build your own blog. You can find the whole series in the Build A Blog category.

Part 2 was about how to write an HTML form with PHP processing to insert entries into your database. It got kind of long, so I am continuing here. Once your form is completely written and ready, you will add the code explained here to that same file.

Let’s recall the fields we had used in our form: month, date, year, time, title, and entry. In PHP the names of the form fields become variables that we can use in our script. For example, if we entered "June" as the month in our form, we now have a variable called $_POST['month'] that stands for "June".

Everything in this part goes ABOVE what we have done so far in part 2.

Let’s open PHP:

<?php

Ok, the first thing we need to do is tell the script that if we push submit, do this. So add this code into the same file that has your HTML form:

if (isset($_POST['submit'])) {

Now we need to tell it what to do. This goes after that open bracket. We’re going to take those variables which make up our date and time, and use them to create a timestamp to enter into the database.

Before we do that though, we need to make sure our data is free of nasty code for security reasons:

    $month = htmlspecialchars(strip_tags($_POST['month']));
    $date = htmlspecialchars(strip_tags($_POST['date']));
    $year = htmlspecialchars(strip_tags($_POST['year']));
    $time = htmlspecialchars(strip_tags($_POST['time']));
    $title = htmlspecialchars(strip_tags($_POST['title']));
    $entry = $_POST['entry'];

Back to that timestamp… Recall that timestamps are more flexible forms of dates to work with, and that’s why we’re not just entering our date variables straight into the db. It’s going to look something like this:

    $timestamp = strtotime($month . " " . $date . " " . $year . " " . $time);

That function, strtotime(), is "string to timestamp". It takes a regular date (string) and turns it into a timestamp.

Now, most people don’t like to have to add in linebreaks to their blog entries, so let’s tell our script to automatically add them to $entry for us, like so:

    $entry = nl2br($entry);

This next part detects whether the server will automatically escape quotes that we submit to the database. If it does, we won’t do anything, but if it doesn’t, we have to manually escape the quotes. If we don’t do this, it will cause an error when adding our blog entry to the database.

    if (!get_magic_quotes_gpc()) {
        $title = addslashes($title);
        $entry = addslashes($entry);
    }

Now that we’ve got it nice and formatted, we tell it to insert into our database. Open MySQL like I showed you in part 1 of this tutorial, remembering to change the appropriate parts to your own information:

    mysql_connect ('localhost', 'db_username', 'db_password') ;
    mysql_select_db ('db_name');

Next is the SQL insert. It’s a basic format of "INSERT INTO table (these columns) VALUES (these variables)" It’s very important that the order of your columns matches the order of your variables. If you have timestamp as the first column, and $timestamp as the first variable, that’s saying "insert $timestamp into the column called timestamp". Our SQL query should look like this:

    $sql = "INSERT INTO php_blog (timestamp,title,entry) VALUES ('$timestamp','$title','$entry')";

Tell the script to either insert or die:

    $result = mysql_query($sql) or print ("Can't insert into table php_blog.<br />" . $sql . "<br />" . mysql_error());

That bit of code will tell us the error if it doesn’t work. If it does work, let’s have it say so:

    if ($result != false) {
        print "Your entry has successfully been entered into the database.";
    }

Close MySQL:

    mysql_close();

Close the if statement:

}

And close PHP:

?>

So let’s look at the whole script, start to finish. Remember, this goes in the same file as your HTML form:

<?php
if (isset($_POST['submit'])) {

    $month = htmlspecialchars(strip_tags($_POST['month']));
    $date = htmlspecialchars(strip_tags($_POST['date']));
    $year = htmlspecialchars(strip_tags($_POST['year']));
    $time = htmlspecialchars(strip_tags($_POST['time']));
    $title = htmlspecialchars(strip_tags($_POST['title']));
    $entry = $_POST['entry'];

    $timestamp = strtotime($month . " " . $date . " " . $year . " " . $time);

    $entry = nl2br($entry);

    if (!get_magic_quotes_gpc()) {
        $title = addslashes($title);
        $entry = addslashes($entry);
    }

    mysql_connect ('localhost', 'db_username', 'db_password') ;
    mysql_select_db ('db_name');

    $sql = "INSERT INTO php_blog (timestamp,title,entry) VALUES ('$timestamp','$title','$entry')";

    $result = mysql_query($sql) or print("Can't insert into table php_blog.<br />" . $sql . "<br />" . mysql_error());

    if ($result != false) {
        print "Your entry has successfully been entered into the database.";
    }

    mysql_close();
}
?>

UPDATE: There should be no variable called $day in this script. It was supposed to be called $date, and I screwed up. It’s corrected in the tutorial now, but if you’ve already done your script you’ll need to fix it!

Comments

Error Comments are closed for this entry.