Page 1 of 1

Simple comment form, a lot of issues - need LOTS of input!!

Posted: Thu Jun 04, 2009 8:31 pm
by pearjam
Ok, this is starting to frustrate me. :banghead:

I set out to write this by hand to learn and not just upload someone's pre-packaged code. However, because I'm new to developing with php I'm finding myself googling descriptions of what I'd like the code to do - and it's not working very well...

I've been at it for about 2 weeks now. A few days ago, I admitted I need help (hehe) and created an account here and posted. So far you all have been very helpful, and not critical. Thank you! With that, I'll jump into it.


-- Here's my goal: --
A small and simple comment section on pages of my site. A user should be able to add the comment via a form, and the comment should display on the same page.

The page only uses xhtml and php. The database is a flat file (the reasons I'm not using mysql are here).

The code for the form, processing and display should all be in the same file.

Because I'm a minimalist, I don't want an admin page, a bad word filter, smileys etc... I'm also trying to make it as few lines as possible.

I would like to have protection against xss and code injection with spam protection too (simple captcha?). I haven't gotten any of that figured out yet.

To stay organized, my naming convention is index.php indcom.txt gallery.php galcom.txt etc...


-- Here are some of the problems I've ran into: --
Without a thank you page, a refresh re-submits the same data even with nothing in the form.
*I've tried methods (meta and php) to clear the form, clear the cache and set variables to be empty / null with no luck. I'm probably doing it wrong. This is how I would like to do it though.

With a thank you page, but the php code on the form page - I can't figure out how to tell php to grab from the form, if the form's action is the thank you page, but I don't have the refresh re-submit problem.

With a thank you page with the php code on the thank you page, I have no code problems, but now have 3 files (form, processing and flat file).

I can't get captcha to work (I've installed gd w/ libs).

If I leave error reporting to all and on, I get undefined index notices.

Those are just some of the issues I've ran into.


-- Extra stuff: --
I know the code below doesn't have the right tabs, and please keep in mind I'm still learning.

Lastly, if you guys set out to do the same thing, with a clean slate, the same goals and constraints as above (few lines, same page...), how would you all go about it? Could you give examples of how you would do it?

(Also, thanks in advance for any help or insight!!)

Here's what I have so far, and it only 1/2 works - it can all go in the can of course.

Code: Select all

<?php include('indcom.txt'); ?>

Code: Select all

<form method="post" action="<?php echo $_SERVER['SCRIPT_NAME'];?>">
Who:<br /><input type="text" name="who" style="width:100px;" /><br />
What?<br /><textarea name="comment" style="width:100px;"></textarea><br />
<input type="submit" value="post" /></form>

Code: Select all

<?php
$user = $_POST["who"]; //Gets the user from the from and assigns it to $user.
$message = $_POST["comment"]; //Gets the comment from the form and assigns it to $message.
$date = date("[ Md 'y ]"); //Assigns the date at that time to $date.
if($user != ''){ //Says if nothing in field, write nothing instead of empty breaks.
$out = fopen("indcom.txt", "a+"); //Opens file to append (add) to.
rewind($out); //Should put cursor at top to write for last comment first - doesn't work.
fwrite($out, $date. " <b>$user</b> said:<br /><i>$message</i><br /><br />");
fclose($out); }
?>
Thank you again everybody for any help!

Re: Simple comment form, a lot of issues - need LOTS of input!!

Posted: Fri Jun 05, 2009 12:15 am
by califdon
You say that your goal is to learn to use PHP. What several of us are telling you is that most of your reasoning about why you want to do it in a particular way doesn't make good sense to those of us who are experienced. I taught database and Internet courses in college for over 10 years and I can tell you that one of the worst ways to learn is to learn techniques that are NOT the ones you will need to use later. So while you may think that writing to a text file will relieve you of learning too much at once, the reality is just the reverse. You will be learning something that you will later have to UNLEARN in order to do anything useful. Starting out with a simple project is sensible, but starting out with a project with non-typical features is not sensible. It will just mean that you later have to RELEARN everything again. Trust me. MySQL is an extremely stable and untroublesome server that uses almost no resources unless it is doing heavy-duty operations. There's almost nothing I can think of that is less likely to ever cause you a problem. Use it.

Re: Simple comment form, a lot of issues - need LOTS of input!!

Posted: Fri Jun 05, 2009 11:33 am
by pearjam
califdon
My goal is to write a simple comment form using php and learn what it is that I'm doing.

When I filter your post, here's what I'm hearing you say: 'Go ahead a learn to use mysql for this project, it will probably benefit you in the future.'

I don't have mysql installed on my server, but I can install it. I am curious though - with the goal of this comment form in mind - why is writing to a flat file a bad idea?

-----------------------------------------------------------
McInfo
I do have sqlite installed - here's the version info:
<#>~ updatedb
<#>~ rpm -qa|grep sqlite
sqlite-3.3.6-2
python-sqlite-1.1.7-1.2.1
<#>~

I looked at the link you sent with it and it looks like to establish a connection with it is over 10 lines. I read over their faq's on their main site, and I didn't see how to write to it, or how to display what I wrote.

With the flat file, you open (1 line), write (1 line), then display (1 line).

I tried using use isset() like that recent topic - and it didn't work, that's why I chose to start a new thread with the whole goal because I figured I was going about it in the wrong way. So I wrote this post, instead of 'it didn't work' there.

-----------------------------------------------------------
So far with this thread, here's what I learned about the code I posted = nothing. I wanted to know if I was aiming in the right direction with the php code was working on... If there was a more efficient, streamlined way etc... - and my feedback was about a database.

I was trying to avoid trying to figure out why these function's weren't working, and getting help here with those - only to learn that if my goal was a comment form I should of just used some other functions I didn't know existed.

This is going to suck, but because I can't explain what I'm trying to say using php terms, I'll write a mock up to explain using other terms (and it's meant to be funny):

day 1:
My goal = remove a hoop and replace it. I've never done it, any ideas?
Feedback = try using force.

day 2:
Me = it's not working...
Feedback = try putting a screwdriver between the hoop and whatever it's on and rotating the screwdriver...

day 3:
Me = that got the top part off, but the bottom part is still wedged between the cylinder and the ground.
Feedback = rotate the cylinder and use the screwdriver as a wedge.

day 4, 5:
Me = That worked! Now I can't get the replacement hoop back on... It won't fit between the ground and the cylinder.
Feedback = Raise the cylinder.

day 6:
Me = I can not lift the cylinder, I've been trying all day. I tried flipping the cylinder too.
Feedback = It's simple duh - disassemble the cylinder and reassemble the cylinder inside the new hoop.

day 7, 8:
Me = I've tried everything I can think of - the only way I can see to do that would be to cut the cylinder with a torch then weld it back inside the hoop.
Feedback = Your real problem is the hoop. Try using a fancy hoop.

day 9, 10:
Me = the fancy hoop looks nice, but costs more - isn't it going to get me the same simple result? Besides, I still can't get the new hoop over the old cylinder.
Feedback = I've been putting hoops on cylinders for years, and I always use the fancy hoop, if you don't do it this way now, you'll regret it later.

day 11, 12:
Me = Ok, I can look into getting a fancy hoop, but I was really asking how to get a hoop on a cylinder, not what type of hoop to use...
Feedback = Why do you need to have a hoop on a cylinder?

day 13:
Me = Because if I just drive with the cylinder on the ground, it will ruin the cylinder, and won't be safe.
Feedback = Are you trying to change a tire?

day 14:
Me = Yes! That's what it's called!! How do I do that!!
Feedback = Keep the tire on the "wheel". Use an "tire iron" and a "jack" on a flat surface with the car in gear. Do not get under the car. Reverse the process to replace. Note that if you are going to race the car, you will want to replace it with a fancy tire.

day 15:
Me = THAT WORKED!! Thank you! It only took 1 day, thank goodness I didn't try to cut and weld the wheel back inside the tire! I wish I would of known the right terms when I set out to do this!! Now, does anyone know how to replace the device that illuminates an area?
Feedback = No problem, glad we could help. To illuminate a large area, use a large fire, don't use this if the area is inside building.....
Me = Here we go again...


Anyway I hope that explains what I'm trying to say.

So, what would be the most php efficient way to put a comment in a form, have it write to a file, and display the results all on the same page?

Re: Simple comment form, a lot of issues - need LOTS of input!!

Posted: Fri Jun 05, 2009 11:56 am
by akuji36
Try phpmyadmin for lynx (php and Mysql)

http://linux.softpedia.com/get/Database ... -077.shtml

It displays the work that mysql has done for you and you can learn php without

too much hassle.

Another option recieve the the data sent to your php form via a

php email script and save it on your email server. Also you can try somthing

like http://www.formmail.com/. The script will process your form. No worries

Rod

Re: Simple comment form, a lot of issues - need LOTS of input!!

Posted: Fri Jun 05, 2009 1:37 pm
by pearjam
Rod,

If there was no other option, I would install phpmyadmin. Using CL to manipulate mysql is like brain surgery. Try pulling an ftp password entry from one line on one table for one user in a human readable form. Yuck. I may end up installing phpmyadmin anyway to get past the database roadblock that's keeping experienced php folks from answering how to create the php code here.

I removed sendmail from this server when I installed to keep the risk low because I dont' use it for a mail server and it can be compromised if I'm screwing with an open from on a site.

As a matter of fact, I may install phpmyadmin later this weekend. Then maybe someone will help...

It looks like a Newbie made progress with helping a Newbie towards a simple goal. Awesome.

Re: Simple comment form, a lot of issues - need LOTS of input!!

Posted: Fri Jun 05, 2009 3:15 pm
by califdon
~pearjam, I didn't mean to frustrate you so (and your "tire" narrative was indeed humorous). Let's see if I can be more helpful this time. Coming from a background of teaching, my inclination is to optimize the whole learning process, and from that perspective, a project that uses a text file to store visitor submitted comments and display them on a web page doesn't make any sense. Nobody would ever design such a system--well, nobody I know, anyway. So you would be learning techniques that are very unlikely to help you with any real project, and you would be wasting time that you could have spent learning techniques that you would actually be likely to use in the future. So much for my motivation.
-- Here are some of the problems I've ran into: --
Without a thank you page, a refresh re-submits the same data even with nothing in the form.
*I've tried methods (meta and php) to clear the form, clear the cache and set variables to be empty / null with no luck. I'm probably doing it wrong. This is how I would like to do it though.

With a thank you page, but the php code on the form page - I can't figure out how to tell php to grab from the form, if the form's action is the thank you page, but I don't have the refresh re-submit problem.
If you're saying that using the browser's Refresh button and then clicking on the Submit button sends the form data to the server again, yes, that's what always happens. I don't know of any way to avoid that. If the issue is that the data that was entered in the form remains there when you refresh it, the way to avoid that is to clear all the form fields using Javascript (yes, I know, that raises additional issues) in the <body onLoad= event.
With a thank you page with the php code on the thank you page, I have no code problems, but now have 3 files (form, processing and flat file).
Web development often involves quite a number of different script files. You should not decide that one re-entry script is necessarily better than several separate scripts, based on some vague concept that "simpler is better" or something. There are many factors that need to be considered when structuring your code logic, and over-simplifying the task can lead to poor design. Don't cripple your thinking by arbitrary rules, especially those that you make up yourself. Listen to the experience of others who have been through all this.
I can't get captcha to work (I've installed gd w/ libs).
There are so very many captcha methods and scripts out there, we can't help you overcome this without knowing exactly what code you have tried and what the failure mode was.
If I leave error reporting to all and on, I get undefined index notices.
That means that you're making reference to an array index that doesn't exist because you haven't defined it.

I hope that's more helpful to you than my earlier response.

Re: Simple comment form, a lot of issues - need LOTS of input!!

Posted: Fri Jun 05, 2009 7:44 pm
by pearjam
califdon
I understand what you mean. It just seems like writing to a file for simple text would be easier... I'm not trying to go against the flow - but at the same time, I hate to think of doing all that - just so someone can write "Joe is a turd" or "Joe loves Sally" or whatever. I just don't want a race car when a hyundai will get me there.

McInfo
I can try the code you wrote - did you write that by hand? Looks very awesome - thank you for keeping it simple. Does sqlite make rows like mysql? If so, is there a way to remove rows via the command line and not an admin panel? Also I noticed that there is no connection log in info to the db used? How does that work?


All - I'm afraid if I install phpmyadmin, next thing you know I'll install cpanel or plesk and after that comes the wordpress. :( The whole goal was simple, lightly dynamic, fast, lean and clean... just a text editor and a web server.

Re: Simple comment form, a lot of issues - need LOTS of input!!

Posted: Fri Jun 05, 2009 9:42 pm
by califdon
I realize that it SEEMS like it is easier, but think of it this way: you're an experienced carpenter and someone asks you to help them learn how to build a table, but they want to build it with a slanting top, because they don't want to go to the trouble of using a level, and all they REALLY want to learn right now is how to drive nails. You can see that it's a mistake because they would be learning the wrong way to build a table, but that's not apparent to the person who's asking for the help. That's how I see your predicament. I couldn't in good conscience explain to you how to make something work that I think is teaching you the wrong way to approach a PHP project, even though I know exactly how to make it work if there were some reason you absolutely could not use a database. It would be wasting your own time.

And you don't have to use MySQL. You could use SQLite or PostgreSQL or Oracle or MS SQL Server. But the application you described just ought to use a database. You will find phpMyAdmin to be a great help, but it isn't absolutely necessary. I have one rather large project where nobody knows how to log in to the hosting service to get to the phpMyAdmin, but they do have the FTP login credentials and the database login credentials, so I've developed a fairly major web database (10 related tables with up to 7,500 rows) that handles thousands of bucks of PayPal transactions monthly and has over 30 PHP scripts, and have never had the luxury of having a cPanel or phpMyAdmin. I just never thought it was important enough to spend the time trying to get authorization to contact their hosting service and struggle through all the explanations of why I needed to be able to login. You would have to learn a little about how to use DDL (data definition language SQL, as contrasted with DML, data manipulation language SQL), but compared with learning bad design practices that you later have to reverse in your thinking--no contest!

If you just want to learn PHP, choose a small project to start with that doesn't need to store data at all. You can learn about PHP variables and arrays and how to get form data from a web page. You could ask the user to enter their name, then have a PHP script that reverses the name, or combines it with today's date, and sends back the results. Or whatever. Then, when you have seen how PHP works, hooking up to a database is a fairly easy step. All I'm saying is that you'd be making a mistake to try to do what is clearly a database project by cobbling something together using a text file, which would involve all sorts of awkward ways to delete records or sort data or search for data, all of which you'd probably want to do in a visitor's comments application, even if you don't want to do it for this practice project. Spend your time and effort learning something that will actually be useful in the future. That's my advice.

Re: Simple comment form, a lot of issues - need LOTS of input!!

Posted: Sat Jun 06, 2009 12:14 pm
by pearjam
Well...

So I'm chatting with my boss last night at a bbq and he was telling me that the draw back of a flat file is that it is locked while writing. Of course I hadn't thought about that. The chances of two visitors writing at the same time would be extremely low, but none the less...

So I did a little research and found that sqlite is similar in this regard. I may of read it wrong, but I think it said it can't read from a file while it's being written to. Which may be, for me - the drawback of flat file. It probably happens in the flash of an instant, so it likely isn't a big deal.

However, I'm going to look into using mysql (w/ phpmyadmin). As a matter of fact, I'm off to do that now...

I'll likely still need everyones help - if you guys aren't fed up with me yet. :D

Re: Simple comment form, a lot of issues - need LOTS of input!!

Posted: Sat Jun 06, 2009 2:33 pm
by califdon
No, you're most welcome to come back with questions, as needed. The lock-out issue is probably not critical, at least for your current learning exercise; what I think IS critical is that you don't waste your learning time on impractical techniques. Text files just aren't a good way to store data that you will later need to recover, not as a single file, but as pieces of related segments of data, and so they are just never used for that. Thus, you shouldn't be studying that technique, as it will be useless knowledge and will tend to obscure your view of future designs.

I'm partial to MySQL because I use it a lot and because it is an extremely well supported and well documented database engine that is also proven to be reliable and robust in really heavy-duty applications by commercial applications, and it is easy to install, maintain and use on all platforms -- and it's FREE! :-) What's not to like? But there are certainly alternatives and I would be the last to tell anyone that they should use it in preference to another database.

In any case, I advise you to keep your goals clearly in mind. What is it that you want to learn? If it's PHP, you can learn enough to earn a PhD without ever touching a database or storing any data anywhere at all. However, PHP has excellent facilities for connecting to a variety of database engines and I can't imagine that anyone would want to avoid learning how to use those facilities. It would be my recommendation, though, that you should learn something about databases at the same time. Relational database theory is fascinating to me, and it is a professionally rich field because our modern world runs on data! Commercially, politically, scientifically, medically, everything turns on the storage and use of data. Those who really understand how to store data and retrieve information have a great career potential ahead of them! There's a hierarchy of terminology that's worth pondering:
DATA -> INFORMATION -> KNOWLEDGE -> WISDOM
Data can be aggregated to become Information. Information can be combined with other facts to become Knowledge. Knowledge can be combined with understanding to become Wisdom.

...but you can't do it with text files! :lol: