Part 2b: Post to your DB

Posted on by

Originally posted by Michelle.

Please note: The Build-A-Blog series is an introduction to creating a simple blog script using PHP. These tutorials are meant to help you to learn PHP and MySQL and to use these to fetch and store data and display it on a web page. These tutorials should not be used ‘as is’ on a production website – especially if you are new to PHP and do not understand what you are doing. We would recommend that you try the B-A-B series on a safe, development environment – such as an offline installation of PHP and MySQL – so you can learn how everything works.

GWG and its staffers accept no responsibility for anything that may (or may not) happen to your site or server as a result of you using these tutorials – you do so AT YOUR OWN RISK.

This is the continuation of Part 2 in a series on how to build your own blog. You can find the whole series in the Build A Blog category.

Part 2 was about how to write an HTML form with PHP processing to insert entries into your database. It got kind of long, so I am continuing here. Once your form is completely written and ready, you will add the code explained here to that same file.

Let’s recall the fields we had used in our form: month, date, year, time, title, and entry. In PHP the names of the form fields become variables that we can use in our script. For example, if we entered "June" as the month in our form, we now have a variable called $_POST['month'] that stands for "June".

Everything in this part goes ABOVE what we have done so far in part 2.

Let’s open PHP:

<?php

Ok, the first thing we need to do is tell the script that if we push submit, do this. So add this code into the same file that has your HTML form:

if (isset($_POST['submit'])) {

Now we need to tell it what to do. This goes after that open bracket. We’re going to take those variables which make up our date and time, and use them to create a timestamp to enter into the database.

Before we do that though, we need to make sure our data is free of nasty code for security reasons:

    $month = htmlspecialchars(strip_tags($_POST['month']));
    $date = htmlspecialchars(strip_tags($_POST['date']));
    $year = htmlspecialchars(strip_tags($_POST['year']));
    $time = htmlspecialchars(strip_tags($_POST['time']));
    $title = htmlspecialchars(strip_tags($_POST['title']));
    $entry = $_POST['entry'];

Back to that timestamp… Recall that timestamps are more flexible forms of dates to work with, and that’s why we’re not just entering our date variables straight into the db. It’s going to look something like this:

    $timestamp = strtotime($month . " " . $date . " " . $year . " " . $time);

That function, strtotime(), is "string to timestamp". It takes a regular date (string) and turns it into a timestamp.

Now, most people don’t like to have to add in linebreaks to their blog entries, so let’s tell our script to automatically add them to $entry for us, like so:

    $entry = nl2br($entry);

This next part detects whether the server will automatically escape quotes that we submit to the database. If it does, we won’t do anything, but if it doesn’t, we have to manually escape the quotes. If we don’t do this, it will cause an error when adding our blog entry to the database.

    if (!get_magic_quotes_gpc()) {
        $title = addslashes($title);
        $entry = addslashes($entry);
    }

Now that we’ve got it nice and formatted, we tell it to insert into our database. Open MySQL like I showed you in part 1 of this tutorial, remembering to change the appropriate parts to your own information:

    mysql_connect ('localhost', 'db_username', 'db_password') ;
    mysql_select_db ('db_name');

Next is the SQL insert. It’s a basic format of "INSERT INTO table (these columns) VALUES (these variables)" It’s very important that the order of your columns matches the order of your variables. If you have timestamp as the first column, and $timestamp as the first variable, that’s saying "insert $timestamp into the column called timestamp". Our SQL query should look like this:

    $sql = "INSERT INTO php_blog (timestamp,title,entry) VALUES ('$timestamp','$title','$entry')";

Tell the script to either insert or die:

    $result = mysql_query($sql) or print ("Can't insert into table php_blog.<br />" . $sql . "<br />" . mysql_error());

That bit of code will tell us the error if it doesn’t work. If it does work, let’s have it say so:

    if ($result != false) {
        print "Your entry has successfully been entered into the database.";
    }

Close MySQL:

    mysql_close();

Close the if statement:

}

And close PHP:

?>

So let’s look at the whole script, start to finish. Remember, this goes in the same file as your HTML form:

<?php
if (isset($_POST['submit'])) {

    $month = htmlspecialchars(strip_tags($_POST['month']));
    $date = htmlspecialchars(strip_tags($_POST['date']));
    $year = htmlspecialchars(strip_tags($_POST['year']));
    $time = htmlspecialchars(strip_tags($_POST['time']));
    $title = htmlspecialchars(strip_tags($_POST['title']));
    $entry = $_POST['entry'];

    $timestamp = strtotime($month . " " . $date . " " . $year . " " . $time);

    $entry = nl2br($entry);

    if (!get_magic_quotes_gpc()) {
        $title = addslashes($title);
        $entry = addslashes($entry);
    }

    mysql_connect ('localhost', 'db_username', 'db_password') ;
    mysql_select_db ('db_name');

    $sql = "INSERT INTO php_blog (timestamp,title,entry) VALUES ('$timestamp','$title','$entry')";

    $result = mysql_query($sql) or print("Can't insert into table php_blog.<br />" . $sql . "<br />" . mysql_error());

    if ($result != false) {
        print "Your entry has successfully been entered into the database.";
    }

    mysql_close();
}
?>

Comments are closed.