Configuration - PHP

We'll create a file called 'chatter.php', this file is going to be used to store the database connection info.

<?php
$con = mysql_connect("localhost","user","pass");
$db = mysql_select_db("database");
?>

Post Chatter

Cut and paste the following code into a blank file and named it 'post.php' (without quotes).

<?php
include('chatter.php');
if ($name == '' || $msg == '' || $name == 'name' || $msg == 'message') {
die ("Error! You cannot fill in an empty shout. Please try again.");
}
$blockedip = "select * from blocked_ips WHERE ip='".$REMOTE_ADDR."'";
$ipcheck = mysql_query($blockedip);
while ($row = mysql_fetch_array($ipcheck)){
if( $row["ip"] == $REMOTE_ADDR){
die ("IP banned, you cannot post.");
}
}
$blockedname = "select * from blocked_nicks WHERE name='".$name."'";
$namecheck = mysql_query($blockedname);
while ($row = mysql_fetch_array($namecheck)){
if( $row["name"] == $name){
die ("Username has been banned. You may not post.");
}
}
$last_entry = "select * from chatterblock order by id desc limit 1";
$check = mysql_query($last_entry);
while ($row = mysql_fetch_array($check)){
$lastname = $row["name"];
$lastmsg = $row["msg"];
}
if ($lastname == $name && $lastmsg == $msg){
die ("Error! Duplicate entry detected, please submit only once.");
}
$name = htmlspecialchars($name);
$msg = htmlspecialchars($msg);
$q = "insert into chatterblock (id,name,msg,url,entered,ip) VALUES ('','$name','$msg','$url',now(),'$REMOTE_ADDR') ";
$result = mysql_query($q);
if ($result) {
header('Location: view.php');
}
?>

Basically, the above code runs a check to make sure the user doesn't submit a blank entry. Notice that in our chatter.html, we stated the default value for name to be 'name' and msg to be 'message', therefore the basic check should also include the default values. Otherwise, the user can just click 'submit' endless times, and you get the same meaningless entry over again.

Next, the script will strip off all the HTML tags that may be inserted into the chatterblock. This ensures that no one enters codes that may cause the chatterblock to look weird, among other things. Then it'll insert the entry into the database to be stored and, if successful, redirect the user to view the chatterblock.