[webdesigner93]

Ok so im kinda doing a very big tutorial as you might can see lol yes its a forum this will be broken into parts since i dont really wanna sit here all day writing. Ok so the first thing we will be doing and getting outa the way is creating a file called config.php. This file will hold our protect functions and the connection to the database. First lets start by creating a function called protection

CONFIG.PHP (Protect function)

Ok so first off we do this in creating a function and a variable called string

<?php
function protection($string){
$string = mysql_real_escape_string($string);
$string = strip_tags($string);

return $string;
}
?>

Ok so basically this protects any data inserted in the database from mysql injection.

Next part we will work on is connecting to a database called forum part2 of this tutorial will be creating the database but for now lets write the function that will connect to it.
CONNECTION FUNCTION
ok so lets create a function called connect

[code]
<?php
function protection($string){
$string = mysql_real_escape_string($string);
$string = strip_tags($string);

return $string;
}

function connect(){
mysql_connect(localhost,username,'pass') or die ("Can not connect to database");
mysql_select_db(forum);
}
?>

Alright so far we have 2 functions one that connects to the database and the other that protects info inserted in the database so pretty simple so far huh well it'll prob get harder but imma try to explain it best i can for the purpose of this tutorial we wont deal with registrations and logins just a basic forum. And we also are not gonna do a really big layout on this since im just teaching u but just basic lol ok so lets move on to add_topic.php. Basically this file will as it says insert topic data into our database table named topics which will be in our database named forum.

ADD_TOPIC.PHP

alright so lets break it down nice and easy the first thing we will do is include our file config.php and call our connect function

<?php
include("config.php");
connect();

?>

So we included our file then called the connect function right below it as u can see next we will create the variables to hold the data for our 3 main fields the topic title,topic description, and topic body

<?php
include("config.php");
connect();
$title = protection($_POST['title']);
$description = protection($_POST['description']);
$body = protection($_POST['body']);
?>

Ok so now u can see we have our variables and one thing i forgot to mention is we wrap our variables in the protection function to keep them safe when inserted.
lets create a new array called errors this will hold any errors such as if someone leaves a field blank then it will display any errors before continuing.

<?php
include("config.php");
connect();
$title = protection($_POST['title']);
$description = protection($_POST['description']);
$body = protection($_POST['body']);

//error array
$errors = array();
?>

Alright we got the main variables out the way now we will do a little error checking for the form that we will create later on.

<?php
 include("config.php");
connect();
$title = protection($_POST['title']);
$description = protection($_POST['description']);
$body = protection($_POST['body']);

//error array
$errors = array();
//Only do the stuff below if the submit button is pressed
if(isset($_POST['submit'])){
if(!$title){

$errors[] = "I am sorry you must provide your topic with a title!";
}
if(!$body){
$errors[] = "The main body of your topic can not be left blank!";
}
if($title){
$check = "SELECT * FROM topics WHERE title = '".$title."'";
$check2 = mysql_query($check) or die (mysql_error());
if(mysql_num_rows($check2) == 1){
$errors[] = "The title you have supplied has already been used for a topic";
}
}

if(count($errors) > 0){
foreach($errors AS $error){

echo "<p>$error <br /></p>";

}
}else{
$insert = "INSERT INTO `topics` (`id`,`title`,`description`,`body`,`datetime`)
VALUES('id','$title','$description','$body',now())
";
mysql_query($insert) or die(mysql_error());
echo "<p><center>Thank you the topic ".$title." has now been added</center></p>";
// Close database connection since we dont need it no more right now
mysql_close();
}
}
//Create our submit form
//only show the form below if the submit button has not been pressed
if(!isset($_POST['submit'])){
echo "
<form method=\"POST\" action=\"add_topic.php\">
";
echo "
<p><b>Title: </b><input type=\"text\" name=\"title\"></p>
<p><b>Description(optional): </b><input type=\"text\" name=\"description\"></p>
\"></p>
<p><textarea name=\"body\" rows=\"7\" cols=\"40\"></textarea></p>

<p><input type=\"submit\" name=\"submit\" value=\"Add new topic\"></p> 
";
echo "</form>";
}
?>

Ok so that basicly concludes this part so far so feel free to try it out if i made any mistake in the code please let me know and i'll fix them right away cause i have not tested it yet before i posted thanks and cheers

[a.g.r.c]

Nice to see you taking the effort for this.

I glanced over it, and the protection at the start....

http://www.jaygilfor...n-one-function/

Maybe try that one.

[webdesigner93]

a.g.r.c, on 28 September 2009 - 02:51 AM, said:

Nice to see you taking the effort for this.

I glanced over it, and the protection at the start....

http://www.jaygilfor...n-one-function/

Maybe try that one.

Hmmm well i've used the protection im using here in all my forum systems so far so it seems to work good thanks anyways

[Lucasferrera]

this is nice..

[webdesigner93]

Ok so today we are gonna get started on index.php this will be where all our topics are listed i've also included the database dump file at the end of this tutorial just insert it in phpmyadmin to create the table topics in the database forum


alight lets begin first off we will start out by including our config file

INDEX.PHP

<?php
include("config.php");
connect();
?>

alright so we made a connection to our database lets start out by checking to see if theirs any topics in the topics table

<?php
include("config.php");
connect();

$sql1 = "SELECT * FROM topics ORDER BY id ASC";
$sql2 = mysql_query($sql1) or die (mysql_error());
if(mysql_num_rows($sql2) < 1){

echo "<p><center><strong>I am sorry their currently are no topics to display</strong>
<a href=\"add_topic.php\">Add a new topic now</a>
</center></p>";
}else{
echo "
<table cellpadding=\"3\" border=\"1\" cellspacing=\"3\" width=\"660px\">
<tr>

<th>Topic title</th>


<th>Date/time created</th>
<th>Description</th>
<th># Of Replys</th>

</tr>
";


while($topic_info=mysql_fetch_assoc($sql2)){

$id = $topic_info['id'];
$title = stripslashes($topic_info['title']);
$desc = stripslashes($topic_info['description']);
$datetime = $topic_info['datetime'];
$body = stripslashes($topic_info['body']);
echo "<tr><td><a href=\"show_topic.php?id=".$id."\">".$title."</a> <td>".$datetime."</td><td>".$desc."</td></tr></td>
";

}
echo "</table>";
}

?>

Hmmm ok so thats basically our start on the index page we might add more things or such as we go through the forum tutorial but what it basically does is check if any topics exist if none do it displays a message saying so the if any topics do exist it goes to a while loop and list every topic in desc order this concludes part 2 hope you have been enjoying this tutorial so far the database dump file is attached to this post.

Attached File(s)

•  forum.sql.zip (617bytes)
  Number of downloads: 5

[webdesigner93]

Ok welcome to our part 3 of this forum tutorial now i have not covered how to create a database and its table in mysql but im assuming you know that since your reading this so im just gonna tell you to create a new table named replys with the fields id,tid,reply,date the id will be auto incriment and your primary key the tid will be the topic id you are replying to and then reply will be your main reply you can prob set it to about 10000 cahracters under VARCHAR and then the date just do date/timestamp. Ok so the next thing we will do is create a new file named show_topic.php and we are gonna include our config file and connect function at the top

SHOW_TOPIC.PHP

<?php
include("config.php");
connect();
?>

Ok so after we have that lets create 2 variables id which will use $_GET and reply

<?php
//connect to database
include("config.php");
connect();
//our variables
$id = protection($_GET['id']);
$reply = protection($_POST['reply']);

?>

Also notice we have our protection function wrapped around the variables to keep them safe when inserted or passed to the query. Alright so now we have the above code lets start next by checking if the topic exist or not.

<?php

//connect to database
include("config.php");
connect();

//our variables
$id = protection($_GET['id']);
$reply = protection($_POST['reply']);
//checking if the topic exist

$sql1 = "SELECT * FROM topics WHERE id='".$id."'";
$sql2 = mysql_query($sql1) or die(mysql_error());
if(mysql_num_rows($sql2) == 0){
 echo "<center><p><b>I am sorry this topic does not exist</b> 
<a href=\"index.php\">Return to forum home</a></p></center>";
}
?>

Ok so the above code below the comment //checking if the topic exist will see if our topic exist and if not it will display a message saying so and have a link beside it letting you go back to the index.Next we will to and else statement if the topic does exist.

<?php

//connect to database
include("config.php");
connect();
//our variables
$id = protection($_GET['id']);
$reply = protection($_POST['reply']);
//checking if the topic exist

$sql1 = "SELECT * FROM topics WHERE id='".$id."'";
$sql2 = mysql_query($sql1) or die(mysql_error());
if(mysql_num_rows($sql2) == 0){
 echo "<center><p><b>I am sorry this topic does not exist</b> <a href=\"index.php\">Return to forum home</a></p></center>";
}else{
//if topic exist

$sql3 =mysql_fetch_assoc($sql2);
  if(isset($_POST['submit'])){
 $sql4 ="INSERT INTO `replys` (`id`,`tid`,`reply`,`date`) 
 VALUES('id','$id','$reply',now())
 ";
 mysql_query($sql4) or die(mysql_error());
 }
 echo "<p><a href=\"add_topic.php\">Add a new topic</a></p>";
 echo "<h2>".$sql3['title']."</h2>
 <p style=\"width:550px;\">".$sql3['body']."</p>
 ";
 $sql6 = "SELECT*FROM replys WHERE tid = '".$id."'";
 $sql7 = mysql_query($sql6) or die (mysql_error());
 
 while($reply_info=mysql_fetch_assoc($sql7)){
 	$reply2 = stripslashes($reply_info['reply']);
 	$datetime = $reply_info['date'];
 echo"<b>Reply created on and at ".$datetime."</b><p>".$reply2."</p>";
 }

}

?>

Ok so the above code list our topics main body and list the replys to the topic under the main body now i know my tutorials arnt real detailed but im writing these on the basis that you have some knowledge of php if not then you should not be building forums until you do i hope you enjoyed reading this next part to our forum tutorial. Also make sure you create the form textarea for adding the reply and name this reply

[webdesigner93]

Ok so basically setting up where you can add reply is was the last thing we needed to do to forum now obviously your gonna wanna add style to it and a layout. Theirs also many other details you may add such as register and login and an admin panel or set up where all users have there own profile due to the complexity and time it takes to do all of this im not gonna go into it but i hope you have enjoyed the simple forum tutorial and feel free to change things and use it on your own site.

[BenTheDesigner]

webdesigner93, on 06 October 2009 - 11:12 AM, said:

Ok so basically setting up where you can add reply is was the last thing we needed to do to forum now obviously your gonna wanna add style to it and a layout. Theirs also many other details you may add such as register and login and an admin panel or set up where all users have there own profile due to the complexity and time it takes to do all of this im not gonna go into it but i hope you have enjoyed the simple forum tutorial and feel free to change things and use it on your own site.

A forum with no registration, login, profiles or admin panel? Why would you bother with solutions like IPBoard and phpBB already available and fully featured? Just a thought...

BenTheDesigner

[Jst Hosting - Thomas]

BenTheDesigner, on 09 October 2009 - 12:17 PM, said:

A forum with no registration, login, profiles or admin panel? Why would you bother with solutions like IPBoard and phpBB already available and fully featured? Just a thought...

BenTheDesigner

Ditto, why re-create the wheel?

[Hannah Bee]

I agree with the others. I would only ever code a forum for a learning experience, but wouldn't ever release it. With great scripts like IPBoard, phpBB and SMF we don't need much more.

[webdesigner93]

phpninja, on 11 October 2009 - 02:20 PM, said:

I agree with the others. I would only ever code a forum for a learning experience, but wouldn't ever release it. With great scripts like IPBoard, phpBB and SMF we don't need much more.

well i personally prefer coding my own forum for my sites and stuff which i've had some pretty good ones but yea i can understand what your saying

[Hannah Bee]

I understand where you're coming from. I end up writing my own scripts for things over using someone else's a lot of the time. I'm just really picky, heh. I've just always found existing forum scripts to be good enough for me.

[webdesigner93]

phpninja, on 15 October 2009 - 02:26 PM, said:

I understand where you're coming from. I end up writing my own scripts for things over using someone else's a lot of the time. I'm just really picky, heh. I've just always found existing forum scripts to be good enough for me.

lol yes i do agree i've just in the past had a prob with spam with existing scripts prob was just that one script i think but from then on out i've just decided to always make my own lol which it takes more time i guess but i love doing it so its all good

[rallport]

webdesigner93, on 14 October 2009 - 04:25 PM, said:

well i personally prefer coding my own forum for my sites and stuff which i've had some pretty good ones but yea i can understand what your saying

Other than for a learning experience, it's largely pointless coding your own forum - waste of time.

Hell, all the good forum software can be integrated into your site's design too.

[rallport]

Hi,

Nice tutorial.

Just out interest why are you using the original mysql php methods.

Surely something as potentially busy as a forum, woul benefit from mysqli or even better, PDO. Just interested, why you chose the original mysql, that has been superseeded by mysqli.

[rallport]

Seems weird not to be using php's built in function for creating your sql query. Your firstb sql statement could be condensed into a single line to make things tidier:

$sql1 = sprintf("SELECT * FROM topics WHERE id='%s'", mysql_real_escape_string($id) );

Just my 2c as you've made your an unecessary wrapper function when php has all these built in.

For future reference, if you had been using PDO you have used prepared staements and bound parameters - all the protection is built in simply by using the class.