php_mysql_apache [Electronic resources] نسخه متنی

Adding Posts to a Topic

In this final step, you will create replytopost.php, which will look remarkably similar to the form and script used to add a topic. Listing 19.5 shows the code for this all-in-one form and script.

Listing 19.5 Script to Add Replies to a Topic

1: <?php
2: //connect to server and select database; we''ll need it soon
3: $conn = mysql_connect("localhost", "joeuser", "somepass")
4:     or die(mysql_error());
5: mysql_select_db("testDB",$conn)  or die(mysql_error());
6:
7: //check to see if we''re showing the form or adding the post
8: if ($_POST[op] != "addpost") {
9:    // showing the form; check for required item in query string
10:    if (!$_GET[post_id]) {
11:        header("Location: topiclist.php");
12:        exit;
13:    }
14:
15:      //still have to verify topic and post
16:    $verify = "select ft.topic_id, ft.topic_title from
17:     forum_posts as fp left join forum_topics as ft on
18:     fp.topic_id = ft.topic_id where fp.post_id = $_GET[post_id]";
19:
20:    $verify_res = mysql_query($verify, $conn) or die(mysql_error());
21:     if (mysql_num_rows($verify_res) < 1) {
22:        //this post or topic does not exist
23:        header("Location: topiclist.php");
24:        exit;
25:    } else {
26:        //get the topic id and title
27:        $topic_id = mysql_result($verify_res,0,''topic_id'');
28:        $topic_title = stripslashes(mysql_result($verify_res,
29:         0,''topic_title''));
30:
31:        echo "
32:        <html>
33:        <head>
34:        <title>Post Your Reply in $topic_title</title>
35:        </head>
36:        <body>
37:        <h1>Post Your Reply in $topic_title</h1>
38:        <form method=post action=\"$_SERVER[PHP_SELF]\">
39:
40:        <p><strong>Your E-Mail Address:</strong><br>
41:        <input type=\"text\" name=\"post_owner\" size=40 maxlength=150>
42:
43:        <P><strong>Post Text:</strong><br>
44:        <textarea name=\"post_text\" rows=8 cols=40 wrap=virtual></textarea>
45:
46:        <input type=\"hidden\" name=\"op\" value=\"addpost\">
47:        <input type=\"hidden\" name=\"topic_id\" value=\"$topic_id\">
48:
49:        <P><input type=\"submit\" name=\"submit\" value=\"Add Post\"></p>
50:
51:        </form>
52:        </body>
53:        </html>";
54:    }
55: } else if ($_POST[op] == "addpost") {
56:    //check for required items from form
57:    if ((!$_POST[topic_id]) || (!$_POST[post_text]) ||
58:     (!$_POST[post_owner])) {
59:        header("Location: topiclist.php");
60:        exit;
61:    }
62:
63:    //add the post
64:    $add_post = "insert into forum_posts values ('''', ''$_POST[topic_id]'',
65:     ''$_POST[post_text]'', now(), ''$_POST[post_owner]'')";
66:    mysql_query($add_post,$conn) or die(mysql_error());
67:
68:    //redirect user to topic
69:    header("Location: showtopic.php?topic_id=$topic_id");
70:    exit;
71: }
72: ?>

Lines 35 make the database connection at the outset of the script. Although you''re performing multiple tasks depending on the status of the form (whether it''s being shown or submitted), both conditions require database interaction at some point.

Line 8 checks to see whether the form is being submitted. If the value of $_POST[op] is not "addpost", the form has not yet been submitted. Therefore, it must be shown. Before showing the form, however, you must check for that one required item; lines 1013 check for the existence of a value for post_id in the GET query string. If a value in $_GET[post_id] does not exist, the user is redirected to the topic listing page.

If you made it past the check for a topic_id, lines 1720 issue a complicated-looking query that gets the topic_id and topic_title from the forum_topics table, based on the only value that you know: the value of the post_id. This query both validates the existence of the post and gets information you will need later in the script. Lines 2124 act on the results of this validity test, again redirecting the user back to the topiclist.php page.

If the post is valid, you extract the value of topic_id and topic_title in lines 2729, again using stripslashes() to remove any escape characters. Next, the entirety of the form for adding a post is printed to the screen, and that''s it for this script until the form submission button is clicked. In the form, you see that the action is $_SERVER[PHP_SELF] on line 38, indicating that this script will be recalled into action. Two hidden fields are present, in lines 46 and 47, which hold the information that needs to be passed along to the next iteration of the script.

Moving along to line 55, this block of code is executed when the script is reloaded and the value of $_POST[op] (one of the hidden fields in the form) is "addpost". This block checks for the presence of all required fields from the form (lines 5761) and then, if they are all present, issues the query to add the post to the database (lines 6466). After the post is added to the database, the showtopic.php page is reloaded (lines 6970), showing the user''s new post along in the line.

If you save this file as replytopost.php and place it in your Web server document root, try it out and you may see something like Figures 19.8 and 19.9.