Home arrow Site Administration arrow Page 8 - Talk To Me!

The Last Word - Administration

You've seen how many Web sites (including this one) allow you topost comments and opinions on the material they publish. If you've everwished you had this capability on your Web site, or are simply curious asto how this is accomplished, read on.

TABLE OF CONTENTS:
  1. Talk To Me!
  2. The Job
  3. Building The Foundation
  4. Mole In A Hole
  5. Speak Now, Or Forever Hold Your Peace
  6. Of Trees And Branches
  7. Closing The Loop
  8. The Last Word
By: Vikram Vaswani, (c) Melonfire
Poor Best
Rating: starstarstarstarstar / 1
March 12, 2001

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement
There are a couple of other things that can be added to complete this application. First, since all this work will come to naught if the article and section numbers are not transmitted correctly, you can build in a rudimentary error check by validating the presence of these two variables before performing any database operation. In case these variables are not present, simply redirect the user to an error page.

<?
// redirect if missing important parameters
// place at the top of every page
if (!$article || !$section) { header("Location: error.php"); }
?>

In the interests of consistency, you might also like to connect related posts to one another by including the string "Re: " in the subject line of replies, as on USENET. This is a relatively simple operation to accomplish - simply add this refinement to "post.php".

<form action="<? echo $PHP_SELF; ?>" method="post">
<input type="hidden" name="replytopost" value="<?php echo $replytopost; ?>">
<input type="hidden" name="section" value="<?php echo $section; ?>">
<input type="hidden" name="article" value="<?php echo $article; ?>">
<table border="0" cellspacing="5" cellpadding="0">
<tr>
<td colspan=2>
<font face="Verdana, Arial" size="2" color="Black"><b>Your
comment:</b></font><p>
</td>
</tr>
<tr>
<td><font face="Verdana, Arial" size="2" color="Black">Name</font></td>
<td><input type="text" name="username" size="25"></td>
</tr>
<tr>
<td><font face="Verdana, Arial" size="2" color="Black">Email
address</font></td>
<td><input type="text" name="email" size="25"></td>
</tr>
<?
// if this is a reply to an existing post
if ($replytopost)
{
// connect to database and pre-fill the subject field
include("config.php");
$connection = mysql_connect($hostname, $user, $pass) or die ("Unable to
connect!");
$query = "SELECT subject FROM $table WHERE id='$replytopost'";
$result = mysql_db_query($database, $query, $connection) or die ("Error in
query: $query . " . mysql_error());
list($subject) = mysql_fetch_row($result);
// fix the subject line if necessary
$substring = substr($subject,0, 3);
if ($substring != "Re:")
{
$subject = "Re: " . $subject;
}
}
?>
<tr>
<td><font face="Verdana, Arial" size="2" color="Black">Subject</font></td>
<td><input type="text" name="subject" size="25" value="<? if ($subject) {
echo $subject; } ?>"></td>
</tr>
<tr>
<td><font face="Verdana, Arial" size="2" color="Black">Comment</font></td>
<td><textarea name="post" rows="5"></textarea></td>
</tr>
<tr>
<td colspan=2 align=center><input type="submit" name="submit" value="Add
Comment"></td>
</tr>
</table>
</form>

In the case of replies (indicated by the presence of the $replytopost variable), the subject field in the form is pre-filled with the subject of the parent post (obtained by querying the database), and the string "Re: " is prefixed to it. The user can, of course, replace this suggested subject line with anything else (s)he chooses.

Here's what it looks like:



Finally, it should be said that this system, as described above, is by no means perfect. For example, the passing of parameters via the URL GET method is an inherent vulnerability, allowing experienced users to alter the parameters and the subsequent attributes of the record in the database. A possible solution to this is to store the relevant numbers in session variables, which are inaccessible to the user, and thereby prevent mischief.

It should also be noted that the architecture on which this application is premised is by no means optimal - a few obvious flaws present themselves, the primary one being the odd duality of the article and section number combination. However, when performing development on an existing, active Web site with a pre-defined database architecture (as we were), and given the constraints inherent in such a situation, it's difficult to redesign a system from scratch, and often, the only practical (and cost-effective) option is to simply build on existing plumbing rather than going back to square one.

Either way, I hope this case study has given you some insight into how many Web sites build their online discussion forums, and perhaps also sparked some ideas on how you can apply this application to your own development activities. See you soon!

This article copyright Melonfire 2001. All rights reserved.


 
 
>>> More Site Administration Articles          >>> More By Vikram Vaswani, (c) Melonfire
 

blog comments powered by Disqus
   

SITE ADMINISTRATION ARTICLES

- More Top WordPress Plugins for Social Media
- Optimizing Security: SSH Public Key Authenti...
- Patches and Rejects in Software Configuratio...
- Configuring a CVS Server
- Managing Code and Teams for Cross-Platform S...
- Software Configuration Management
- Back Up a Joomla Site with Akeeba Backup
- Install and Optimize PlayOnLinux on Ubuntu a...
- Top Wordpress Plugins for e-Commerce
- Top WordPress Plugins to Fight Spam
- Top Six Drupal Modules to Prevent Spam
- Install XAMPP on Windows
- Manage Backups for WordPress Files and Datab...
- WordPress Security Tips
- How to Back Up WordPress Files and Databases
Find More Site Administration Articles


© 2003-2012 by Developer Shed. All rights reserved. DS Cluster 6 - Follow our Sitemap

Dev Shed Tutorial Topics: