Creating A PHP Application 

A BLOG ENTRY

With the categories now available, the real work of CRUD can begin. Of course, the beginning is the creation of a blog entry. Once again a form will be used to enter the data but this form will not be as simple as the previous. A little forward thinking is needed as a blog entry may need to be edited to correct some aspect of the entry. The form fields will be identical, and it would be poor practice to duplicate the form and use separate forms for both add and editing a blog entry.

Like any other piece of reusable code, the form can be included in a php script. The main difference with a reusable piece of HTML code is that any PHP variables within the code must be available to it. Also, the form action will be directed to two different scripts, so this too must be a variable set in the parent script, that is, the script that includes the form.

The includes/blog_form.php file, which contains the form, will look like this


<h3><?php echo $blog_heading; ?></h3>

<form action="<?php echo $blog_form_action; ?>" method="post">
<input type="hidden" name="blog_content_id" value="<?php echo isset($blog_content_id) ? $blog_content_id : ''; ?>" />
<dl>
<dt>Headline</dt>
<dd><input type="text" name="blog_content_headline" value="<?php echo isset($blog_content_headline) ? $blog_content_headline : ''; ?>"/></dd>

<dt>Category</dt>
<dd>
<select name="blog_category_id">
<?php
foreach($categories as $id=>$cat)
{
echo "<option value=\"$id\"";
/*** mark as selected ***/
echo (isset($selected) && $id==$selected) ? ' selected' : '';
echo ">$cat</option>\n";
}
?>
</select>
<dd>

<dt>Blog</dt>
<dd>
<textarea name="blog_content_text" rows="5" cols="45"><?php echo isset($blog_content_text) ? $blog_content_text : ''; ?></textarea>
</dd>

<dd><input type="submit" value="<?php echo $blog_form_submit_value; ?>" /></dd>
</dl>
</form>

The form is much the same as the add_category form from used earlier, with the exception that this form has more fields. The category drop-down menu is identical to that of the add category form and a text input field is supplied for the heading along with a textarea for the blog_content_text. Once again the field names are identical to those in the database table that the form is designed for.

The form also contains several pieces of PHP code in the inputs to echo the value of form field if they are set. The form action is set with a variable along with the value of the submit button. These variables make the form re-usable later when updating blog data.

The add_blog.php file that will include the form performs several functions. Like the add category form a session is started at the top of the script and then the session token is set. The header.php file is included as is the conn.php file to connect to the database. Once again, a check is made that a valid connection has been made to the database, and if this is ok, a further check is made to be sure a category is available. If all is well, the categories are put into an array named $categories with the category_id as the index. I is this array that is passed to the form to produce the category drop-down menu.

Following from there, the variables that are in the form are set. If one of them is omitted, an error will be produced, so it is important to make sure all variables have a value, even if the value is an empty string.

The add_blog.php file will look like this.


<?php

/*** begin output buffering ***/
ob_start();

/*** include the header file ***/
include 'includes/header.php';

/*** check access level ***/
if(!isset($_SESSION['access_level']) || $_SESSION['access_level'] < 1)
{
/*** if not logged in, forward to login page ***/
header("Location: login.php");
exit;
}
else
{

/*** set the token to prevent multiple posts ***/
$form_token = uniqid();
$_SESSION['form_token'] = $form_token;

/*** get the categories from the database ***/
include 'includes/conn.php';

/*** check for database connection ***/
if($db)
{
$sql = "SELECT
blog_category_id,
blog_category_name
FROM
blog_categories";
$result = mysql_query($sql);
if(!is_resource($result))
{
echo 'Unable to find any categories';
}
else
{
/*** check for a result ***/
if(mysql_num_rows($result) != 0)
{
/*** put the categories in an array ***/
$categories = array();
while($row = mysql_fetch_array($result))
{
$categories[$row['blog_category_id']] = $row['blog_category_name'];
}

/*** set the form values ***/
$blog_form_action = 'add_blog_submit.php';
$blog_heading = "Add A Blog Entry";
$blog_content_headline = '';
$blog_content_text = '';
$blog_form_submit_value = 'Add Blog';

/*** include the blog form ***/
include 'includes/blog_form.php';
}
else
{
echo 'No categories found';
}
}
}
else
{
/*** if we are here the database connection has failed ***/
echo 'Unable to complete request';
}

/*** include the footer ***/
include 'includes/footer.php';
}
?>

The final part of adding a blog entry is to create the add_blog_submit.php file. Like the add_category_submit.php file, the task of INSERTing the data into the database is quite simple. The same process is repeated with a new SQL query for the blog table. The session token is destroyed in the same way to prevent multiple posting by hitting the refresh button.

The add_blog_submit.php file will look like this.


<?php

/*** begin output buffering ***/
ob_start();

/*** include the header file ***/
include 'includes/header.php';

/*** check access level ***/
if(!isset($_SESSION['access_level']) || $_SESSION['access_level'] < 1)
{
/*** if not logged in, forward to login page ***/
header("Location: login.php");
exit;
}
else
{
/*** check the form has been posted and the session variable is set ***/
if(isset($_SESSION['form_token'], $_POST['blog_category_id'], $_POST['blog_content_headline'], $_POST['blog_content_text']))
{
/*** first check all POST variables for type and length ***/
if(!is_numeric($_POST['blog_category_id']) || $_POST['blog_category_id']==0)
{
echo 'Blog Category Name is Invalid';
}
elseif(!is_string($_POST['blog_content_headline']) || strlen($_POST['blog_content_headline'])<3 || strlen($_POST['blog_content_headline'])>50)
{
echo 'Blog Headline is invalid';
}
elseif(!is_string($_POST['blog_content_text']) || strlen($_POST['blog_content_text'])<3 || strlen($_POST['blog_content_text'])>4096)
{
echo 'Blog Text is Invalid';
}
else
{
/*** if we are here, include the db connection ***/
include 'includes/conn.php';

/*** test for db connection ***/
if($db)
{
/*** escape the strings ***/
$blog_user_id = $_SESSION['blog_user_id'];
$blog_category_id = mysql_real_escape_string($_POST['blog_category_id']);
$blog_content_headline = mysql_real_escape_string($_POST['blog_content_headline']);
$blog_content_text = mysql_real_escape_string($_POST['blog_content_text']);

/*** the sql query ***/
$sql = "INSERT
INTO
blog_content(
blog_user_id,
blog_category_id,
blog_content_headline,
blog_content_text)
VALUES (
'{$blog_user_id}',
'{$blog_category_id}',
'{$blog_content_headline}',
'{$blog_content_text}')";

/*** run the query ***/
if(mysql_query($sql))
{
/*** unset the session token ***/
unset($_SESSION['form_token']);

echo 'Blog Entry Added';
}
else
{
echo 'Blog Entry Not Added' .mysql_error();
}
}
else
{
echo 'Unable to process form';
}
}
}
else
{
echo 'Invalid Submission';
}
}
?>

Advertisements