Blog Comments on Submit
Posted: Mon Oct 02, 2006 4:37 pm
I am building a custom blog script that functions almost exactly like WordPress or Moveable Type... where people can read the blog and directly beneath, fill out a little form to add their own comments. Since each blog entry has a primary key (blog_id), and any comments for any particular blog must contain that blog_id so there is the association... how should I pass the blog_id back to the script for processing the comments when a visitor clicks the "submit comments" button?
Should I embed the blog_id within the form xhtml using a hidden input??? I would think this would not be desirable since it could be easily forged and cause headaches for me upon moderation (ie... a mal-intended user could post a whole bunch of comments with blog_id's that don't exist yet, etc.). The other option I can think of would be to pass it in a $_SESSION variable with the user. Less likely to be tampered with, but then again, I'd have to use sessions. Any other ideas??
What is your suggestion for passing blog_id back to the script for DB inserting the comments? What would you do? Thanks for your help.
Should I embed the blog_id within the form xhtml using a hidden input??? I would think this would not be desirable since it could be easily forged and cause headaches for me upon moderation (ie... a mal-intended user could post a whole bunch of comments with blog_id's that don't exist yet, etc.). The other option I can think of would be to pass it in a $_SESSION variable with the user. Less likely to be tampered with, but then again, I'd have to use sessions. Any other ideas??
What is your suggestion for passing blog_id back to the script for DB inserting the comments? What would you do? Thanks for your help.