Skip to content

Instantly share code, notes, and snippets.

@grfxdznr
Created November 15, 2011 02:24
Show Gist options
  • Save grfxdznr/1365943 to your computer and use it in GitHub Desktop.
Save grfxdznr/1365943 to your computer and use it in GitHub Desktop.
PHP
<?
//connect to your database
//query comments for this page of this article
$inf = "SELECT * FROM `comments` WHERE page = '".stripslashes($_SERVER['REQUEST_URI'])."' ORDER BY time ASC";
$info = mysql_query($inf);
if(!$info) die(mysql_error());
$info_rows = mysql_num_rows($info);
if($info_rows > 0) {
echo '<h5>Comments:</h5>';
echo '<table width="95%">';
while($info2 = mysql_fetch_object($info)) {
echo '<tr>';
echo '<td>"'.stripslashes($info2->subject).'" by: <a href="'.$info2->contact.'">'.stripslashes($info2->username).'</a>
</td> <td><div align="right"> @ '.date('h:i:s a', $info2->time).' on '.$info2->date.'</div></td>';
echo '</tr><tr>';
echo '<td colspan="2"> '.stripslashes($info2->comment).' </td>';
echo '</tr>';
}//end while
echo '</table>';
echo '<hr width="95%" noshade>';
} else echo 'No comments for this page. Feel free to be the first <br>';
if(isset($_POST['submit'])) {
if(!addslashes($_POST['username'])) die('<u>ERROR:</u> you must enter a username to add a comment.');
if(!addslashes($_POST['contact'])) die('<u>ERROR:</u> enter contact method in contact field.');
if(!addslashes($_POST['subject'])) die('<u>ERROR:</u> enter a subject to your comment.');
if(!addslashes($_POST['comment'])) die('<u>ERROR:</u> cannot add comment if you do not enter one!?');
//this is for a valid contact
if(substr($_POST['contact'],0,7) != 'mailto:' && !strstr($_POST['contact'],'//')) {
if(strstr($_POST['contact'],'@'))
$_POST['contact'] = "mailto:".$_POST['contact']."";
else
$_POST['contact'] = "http://".$_POST['contact']."";
} //end valid contact
//try to prevent multiple posts and flooding...
$c = "SELECT * from `comments` WHERE ip = '".$_SERVER['REMOTE_ADDR']."'";
$c2 = mysql_query($c);
while($c3 = mysql_fetch_object($c2)) {
$difference = time() - $c3->time;
if($difference < 300) die('<u>ALERT:</u> '.$c3->username.', You have already commented earlier; if you have a question, try the forums!<BR>');
} //end while
//add comment
$q ="INSERT INTO `comments` (article_id, page, date, time, username, ip, contact, subject, comment)
VALUES ('".$_GET['id']."', '".$_POST['page']."', '".$_POST['date']."','".$_POST['time']."', '".addslashes(htmlspecialchars($_POST['username']))."',
'".$_SERVER['REMOTE_ADDR']."', '".addslashes(htmlspecialchars($_POST['contact']))."',
'".addslashes(htmlspecialchars($_POST['subject']))."', '".addslashes(htmlspecialchars(nl2br($_POST['comment'])))."')";
$q2 = mysql_query($q);
if(!$q2) die(mysql_error());
//refresh page so they can see new comment
header('Location: http://' . $_SERVER['HTTP_HOST'] . $_POST['page'] . "#comments");
} else { //display form
?>
<form name="comments" action="<? $_SERVER['PHP_SELF']; ?>" method="post">
<input type="hidden" name="page" value="<? echo($_SERVER['REQUEST_URI']); ?>">
<input type="hidden" name="date" value="<? echo(date("F j, Y.")); ?>">
<input type="hidden" name="time" value="<? echo(time()); ?>">
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td><div align="right">Username: </div></td>
<td><input name="username" type="text" size="30" value=""></td>
</tr>
<tr>
<td><div align="right">Contact: </div></td>
<td><input type="text" name="contact" size="30" value=""> <i>(email or url)</i></td>
</tr>
<td><div align="right">Subject: </div></td>
<td><input type="text" name="subject" size="30" value=""></td>
</tr>
<tr>
<td><div align="right">Comment: </div></td>
<td><textarea name="comment" cols="45" rows="5" wrap="VIRTUAL"></textarea></td>
</tr>
<tr>
<td></td>
<td colspan="2"><input type="reset" value="Reset Fields">
<input type="submit" name="submit" value="Add Comment"></td>
</tr>
</table>
</form>
<?
} // end else
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment