8th Aug 2008 05:40pm
148,595 views | 82 comments
Flattr this

Mini Message Board Tutorial

Many websites like to have a message board / forum on their site, but would prefer their own "product". Well if you like, feel free to follow this tutorial and you'll learn how to create a mini message board in PHP and MySQL.

Database Stuff

Before we start with any of the coding, you will need to go into your phpMyAdmin and (if you haven't already got a 'threads' and 'replies' table) paste this in the SQL box. If you already have a threads and replies table in your database then you will need to change it accordingly to what's on the tutorial.
CREATE TABLE `threads` (
`id` INT NOT NULL AUTO_INCREMENT ,
`title` VARCHAR( 255 ) NOT NULL ,
`message` TEXT NOT NULL ,
`author` VARCHAR( 255 ) NOT NULL ,
`replies` INT( 11 ) NOT NULL ,
`posted` VARCHAR( 255 ) NOT NULL ,
PRIMARY KEY ( `id` )
) ENGINE = MYISAM;

 CREATE TABLE `replies` (
`id` INT NOT NULL AUTO_INCREMENT ,
`thread` INT( 11 ) NOT NULL ,
`message` TEXT NOT NULL ,
`author` VARCHAR( 255 ) NOT NULL ,
`posted` VARCHAR( 255 ) NOT NULL ,
PRIMARY KEY ( `id` )
) ENGINE = MYISAM
This will allow the information to be stored in the database.

New Thread Form

Now as that has been added we need to start with the first page (index.php).
<?php
mysql_connect("localhost", "USERNAME", "PASSWORD");
mysql_select_db("DATABASE");
?>
The code above has connected to the database. You will need to change USERNAME to your database username, PASSWORD to your database password and DATABASE to the name of your database.

Now we need to first of all be able to make a thread. To do this you'll need to create a form on the index.php page with three boxes and a button.
<form action="newthread.php" method="POST">
Your Name: <input type="text" name="author"><br>
Thread Title: <input type="text" name="title"><br>
Thread:<br><textarea cols="60" rows="5" name="message"></textarea><br>
<input type="submit" value="Post Thread">
</form>
Your page should look something like this at the moment.

Inserting the New Thread

Now we need the form to enter the information into the database. To do this we will create a file, which is where the form will send the data to called 'newthread.php'. At the top of the file you will need to connect to the database again, then add an INSERT function.
<?php
mysql_connect("localhost", "USERNAME", "PASSWORD");
mysql_select_db("DATABASE");

$time = time();
mysql_query("INSERT INTO threads VALUES(NULL,'$_POST[title]','$_POST[message]','$_POST[author]','0','$time')");

echo "Thread Posted.<br><a href='index.php'>Return</a>";
?>
If you don't understand what's happening about, basically we're telling the script to add the data sent from the form on the previous page into the database.

Hopefully when you fill something in the form and click "Post Thread" you should get a message like this.

Showing List of Threads

Great! So far. You've been able to add a thread into the database. Now we need to be able to show this thread. To do this we will be using mysql_query() again and also mysql_fetch_array().

On index.php underneath the end of the form (</form>) add a horizontal rule (<hr>) then add this PHP beneath it. I will explain it all with comments within the code.
<?php
// We are selecting everything from the threads section in the database and ordering them newest to oldest.
$sql = mysql_query("SELECT * FROM threads ORDER BY posted DESC");

// Now we are getting our results and making them an array
while($r = mysql_fetch_array($sql)) {

// Everything within the two curly brackets can read from the database using $r[]
// We need to convert the UNIX Timestamp entered into the database for when a thread...
// ... is posted into a readable date, using date().
$posted = date("jS M Y h:i",$r[posted]);

// Now we will show the available threads
echo "<h3><a href='msg.php?id=$r[id]'>$r[title]</a> ($r[replies])</h3><h4>Posted by $r[author] on $posted</h4>";

// End of Array
}
?>
If you have followed the tutorial correctly you should now see something like this.

Reading Threads

Basically everything on the index page is done now. All that's left now is reading a thread and replying to a thread.

This stage will teach you how to read the threads. Create a file called 'msg.php'
Connect to the database...
<?php
// Connecting to the database again
mysql_connect("localhost", "USERNAME", "PASSWORD");
mysql_select_db("DATABASE");
Add a link to the previous page, so you can go back to the index page.
// Here's a link that will allow you to go back to the index
echo "<a href='index.php'>Go Back...</a>";
Do a mysql_query to select the thread you're reading.
// This query selects the current thread using the $_GET value.
$sql = mysql_query("SELECT * FROM threads WHERE id = '$_GET[id]'");
Show the result from the thread query and show it with a horizontal rule beneath it.
// Now we are getting our results and making them an array
while($r = mysql_fetch_array($sql)) {

// Here is the thread title.
echo "<h2>$r[title]</h2>";

// Everything within the two curly brackets can read from the database using $r[]
// We need to convert the UNIX Timestamp entered into the database for when a thread...
// ... is posted into a readable date, using date().
$posted = date("jS M Y h:i",$r[posted]);

// Now this shows the thread with a horizontal rule after it.
echo "$r[message]<h4>Posted by $r[author] on $posted</h4><hr>";

// End of Array
}
Now to show the replies, using the $_GET query from the thread.
echo "<h3>Replies...</h3>";

// Here we will get it to show the replies
// This query selects the replies from the database where the thread ID matches the thread $_GET value.
$sql = mysql_query("SELECT * FROM replies WHERE thread = '$_GET[id]'");

// Now we are getting our results and making them an array
while($r = mysql_fetch_array($sql)) {

// Everything within the two curly brackets can read from the database using $r[]
// We need to convert the UNIX Timestamp entered into the database for when a thread...
// ... is posted into a readable date, using date().
$posted = date("jS M Y h:i",$r[posted]);

// Now this shows the thread with a horizontal rule after it.
echo "$r[message]<h4>Posted by $r[author] on $posted</h4><hr>";

// End of Array
}
?>
Now show the form to do the reply in.
<form action="newreply.php" method="POST">
Your Name: <input type="text" name="author">
<input type="hidden" value="<?php echo $_GET[id]; ?>" name="thread"><br>
Message:<br><textarea cols="60" rows="5" name="message"></textarea><br>
<input type="submit" value="Post Reply">
</form>
This will now allow you to do a reply to the thread. However if you test it you will get an Error 404 (cannot find the file), so now we'll need to make the 'newreply.php' file.

Inserting the Reply

Connect to the database again.
<?php
mysql_connect("localhost", "USERNAME", "PASSWORD");
mysql_select_db("DATABASE");
Get the current time as a UNIX Timestamp as a varible.
$time = time();
Insert the information sent from the form into the database.
mysql_query("INSERT INTO replies VALUES(NULL,'$_POST[thread]','$_POST[message]','$_POST[author]','$time')");
Now we will need to update the reply count in the threads database.
mysql_query("UPDATE threads SET replies = replies + 1 WHERE id = '$_POST[thread]'");
Now make a little 'reply posted' message with a link back to the thread.
echo "Reply Posted.<br><a href='msg.php?id=$_POST[thread]'>Return</a>";
?>
Give it a try and it should send a reply to the thread.

Finished

That's basically it. Obviously this is a quick and dirty method of doing a message board and it is open to so many bugs, hacks, XSS, etc.. but the code can be optimized to make it better.

What you should have learned...

  • How to build a HTML form
  • How to connect to a database
  • How to read information from a database
  • How to add new information into the database

Things to make it better?

  • Why not try adding a registration section on it, that will allow visitors to sign up and post without having to enter their name each time.
  • Add an post icons for each post, so posters can select various icons for each topic.
  • Create an Admin Control Panel, for ease of use when you need to remove a reply or thread.
  • Add more security to the board. (Search around about strip_slashes(), html_special_chars() and similar things)
  • Use nl2br() to make each line down show as a new line down.
  • Adapt on the methods used in this tutorial to make a discussion board / forum with different rooms and categories
The stuff you can do with this simple and basic script tutorial is endless.

Feedback

I'd love to hear your feedback. If you have any then please contact Dale Hay (that's me!) or leave a comment on this post.

 

Tweet ThisShare On FacebookShare On Google ReaderAdd To Del.icio.usShare On DiggShare On RedditShare On LinkedInShare On StumbleUpon

Comments

8th Aug 2008 18:24

Didn't your mother teach you to sanitize your database inputs?
By Tim


8th Aug 2008 19:43

The database stuff seems clean enough. Though I am altogether a messy coder, my Dad tells me all the time about it when I do my VB stuff.
By Dale Hay


10th Aug 2008 11:52

Thanks. it is a very nice tutorial. but can you please go with the update & delete options? thanks.
By Abubaker Swedan


10th Aug 2008 12:17

Is it just me or are you not closing your database connection?
By


10th Aug 2008 15:08

Abubaker Swedan - I will expand on this tutorial soon and make it so things can be updated and deleted. :)

*unknown* - I don't really see the point in closing the connection as the database link is closed automatically when the script finishes executing.
By Dale Hay


12th Aug 2008 06:18

It is an excellent! for me, it is my first time I see inside php and database coding staff!, very easy and best logical explanation that everyone can understand. Thanks a lot...
By Abdullahi


16th Aug 2008 23:32

i'm killing time while waiting for laptop and reading some stuff, this is one of bestly provided db basics i've came across.

thank you m8 :D
By dread coder


20th Aug 2008 00:30

Very nice basic tutorial, though I would stress the vulnerabilities of using this basic, unsanitized code on a live site.
By Reiss


20th Aug 2008 02:59

Thank you Reiss, also yeah I have mentioned it within the tutorial about the fact it is open to so many bugs and stuff. Though using this as a skeleton and working out from it would be good for an offline (or hidden online) project.
By Dale Hay


21st Aug 2008 16:30

Yeah for all you people out there, it's not required in MySql to ALWAYS close out your connection. However, it makes it a bit more secure when you do close it, and have to reopen a connection or something else...
By Derek


21st Aug 2008 17:25

The thing that would get me though is say if you had a site like MySpace where there are thousands of connections being made every minute, wouldn't closing and opening it cause a slight bit more server load?
By Dale Hay


21st Aug 2008 17:53

is there a way round so we can use the forum system into a login system
By Paul


21st Aug 2008 18:08

Are you wanting to add a login system on this forum? Or you wanting to change this tutorial to a login system?
By Dale Hay


21st Aug 2008 20:52

i want to add a login system to this forum
By Paul


22nd Aug 2008 14:48

i want to add a login system to this forum that im using
By Paul


22nd Aug 2008 22:35

I will write up a tutorial addon for this over the next couple of days. Keep checking back or subscribe to the RSS Feed.
By Dale Hay


23rd Aug 2008 01:39

Hello. I'm a very poor coder and new to PHP. I suprised myself by making it as far as, well, I posted this in another forum, I was wondering if you might be able to help:

I am trying to make a message board while viewing [URL="http://www.dalehay.com/comment/497/"]this thread[/URL]. Everything was going unexpectedly well untill I got to the part in the tutorial labeled "Showing List of Threads" and it said on the [URL="http://trymegraphics.com/mb/"]message board URL[/URL]:


Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/trymegra/public_html/mb/index.php on line 20


I added that code the way they said, but that came up and I'm wondering, was I supost to modify something, add something in a mysql thing, what? >.< I don't understand why it isn't connecting

*******************

If you are able to help me it would be MUCH appreciated. If you may, please contact me at rbj1994[at]yahoo[dot]ca (I typed it that way because I get enough spam as it is ) I'm terribally sorry if you're too busy to help me, I'll look around more to see if I might be able to resolve this issue. And you're not a messy coder! My sites are just terribally coded, and it's really rather depressing
By Rebecca


23rd Aug 2008 13:39

i want to use it with a login system
By Paultiscali


23rd Aug 2008 14:04

SQL Injection here we come!
By Remco


24th Aug 2008 22:21

Rebecca - The code above should connect, as the mysql_fetch_array() is correctly made and I have also ran through the code in this tutorial before I made it live. The problem you're coming up with is probably to do with either your server's PHP version is out-of-date (out-of-date a lot!!) or you've not entered your correct settings.

Paultiscali - As I said earlier... I'm going to make another tutorial soon that allows this message board to be login-able.

Remco - Get a life and fuck off if you're going to "SQL Inject" the things that I teach others to do. I bet you're one of these people that just sit there... browse Pixel2Life and think "Ahhh, there's a new tutorial on here.. I'm going to go on the site because I know how to do this little "script kiddy" style crap on there because I have loads of MySpace friends to show it off too." - You're a wanker and you need to get a fucking life... yeah... get a life. Toss Pot.
By Dale Hay


26th Aug 2008 04:58

Thank you so much. This is truly great code for a base of forum. I am allowed to make add-ons right? If so, I will add BBCode, Post Count, Signatures, etc.

Thanks!!!
By Dan


26th Aug 2008 15:41

Dan, you are allowed to make addons and if you wish you can also mention / post them on here if you want to allow other people to have them too.

I will be making a login system for it over the next few days too. :)
By Dale Hay


31st Aug 2008 04:12

all i want to know is how to add the login system to the messageboard and if its ready yet and also can you answer my question on your forum please dale
By Paultiscali


2nd Sep 2008 15:53

This is a nice straightforward basic system. There are two elements of BB's that I don't understand and would love to see discussed..

1. Threading. How the heck do you retrieve nested threads when you don't know how many levels you need to pull back? I've not been able to figure out the logic to do it.

2. Quoting. How do they grab a quote from someone else's post with a button?
By James F


4th Sep 2008 01:36

uh how do i make it where there is a minumal amount that must be typed so people dont just spam the post thread button
By potato


17th Sep 2008 04:07

very good tutorial i made it compeletly true thanks
By 3m masr


18th Sep 2008 17:43

thanks for great tutorial. but
INSERT INTO threads VALUES('','$_POST[title]','$_POST[message]','$_POST[author]','0','$time')

code doesnt work with mysql 5 I solved this problem through mysql 4.1
By shelltox


23rd Sep 2008 08:59

Do you know how to update the tutorial so that
INSERT INTO threads VALUES('','$_POST[title]','$_POST[message]','$_POST[author]','0','$time')

works for mysql 5?

By Richard


23rd Sep 2008 11:17

I take it I don't use MySQL 5 as I have no problems with it, however there doesn't seem to be any solutions lingering around on the internet. Try these two edits then... as I think that may work.

Try replacing:
mysql_query("INSERT INTO threads VALUES('','$_POST[title]','$_POST[message]','$_POST[author]','0','$time')");

With:
mysql_query("INSERT INTO threads (`id`, `title`, `message`, `author`, `replies`, `posted`) VALUES('','$_POST[title]','$_POST[message]','$_POST[author]','0','$time')");

Also try replacing:
mysql_query("INSERT INTO replies VALUES('','$_POST[thread]','$_POST[message]','$_POST[author]','$time')");

With:
mysql_query("INSERT INTO replies (`id`, `thread`, `message`, `author`, `posted`) VALUES('','$_POST[thread]','$_POST[message]','$_POST[author]','$time')");
By Dale Hay


25th Sep 2008 21:08

I found the problem.
in mysql5 if you use
INSERT INTO threads VALUES('','$_POST[title]','$_POST[message]','$_POST[author]','0','$time')
it gives Incorrect integer value

use null instead of '' it works fine.
namely
INSERT INTO threads VALUES(null,'$_POST[title]','$_POST[message]','$_POST[author]','0','$time')
By shelltox


25th Sep 2008 21:11

Ahhh, thank you for that shelltox. :) I'll update the tutorial with that correction now. :)

It should work fine using NULL with MySQL 4?
By Dale Hay


29th Sep 2008 01:38

Hi, I think in replyform
<input type="hidden" value="" name="thread"><br>

value="" must be value="$_GET[id]"

and can you give us some security information about this mini board.
By shelltox


29th Sep 2008 03:32

Oops... that ended up not parsing properly when I updated the tutorial a few days ago. I've sorted that out.

Also "security" ? In what sense? This tutorial is just for a bog standard forum, nothing special - unless I turned it into a full time project, with which I'd then take time to sort out the bugs and holes in it. To be honest any script kiddie could have fun playing with this board as the amount of problems with it - it's just not 100% practical for use on a commercial basis.
By Dale Hay


20th Oct 2008 00:35

I use MySQL 5 and I have problems with replies Nummbers ()[The nummer is always 0]. Can you help me, please?
Could you send me a working Code for MySQL 5?

Thank you very much.
By Alan


20th Oct 2008 22:01

Could you send me please the correct Mini Message Board Code for MySQL 5? I'd really appreciate that.Thank you very much.


By Alan


22nd Oct 2008 12:39

For those idiots that come posting about "escaping" queries, etc., why are you reading this tutorial if you know all that? It's good for a beginner, so no need to put beginners off with that rubbish.
By Ben


30th Oct 2008 17:11

i followed this tutorial and cant seem to get it working, the index page works fine but when you try to create a new thread i get this -
Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'Sweet92_Izzy'@'localhost' (using password: YES) in /home/sweet92/public_html/private/newthread.php on line 8

Warning: mysql_select_db() [function.mysql-select-db]: Access denied for user 'sweet92'@'localhost' (using password: NO) in /home/sweet92/public_html/private/newthread.php on line 9

Warning: mysql_select_db() [function.mysql-select-db]: A link to the server could not be established in /home/sweet92/public_html/private/newthread.php on line 9

Warning: mysql_query() [function.mysql-query]: Access denied for user 'sweet92'@'localhost' (using password: NO) in /home/sweet92/public_html/private/newthread.php on line 12

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/sweet92/public_html/private/newthread.php on line 12
everything is right (username,password,database name)could someone please help me i dont whats wrong
By Katy


30th Oct 2008 21:33

By the looks of it, you've used two different usernames in the script. (Sweet92_Izzy and sweet92)
By Dale Hay


3rd Nov 2008 23:14

Could you send me please the correct Mini Message Board Code for MySQL 5? I'd really appreciate that.Thank you very much.
http://www.forum-ksa.com/vb

By aboode


5th Nov 2008 21:04

I can't get mine to work. I don't have it under the index right now because I don't want to replace my current site. I saved it as index2.php and changed the appropriate code. I get a ton of warnings when I try and run it though:


Warning: mysql_connect() [function.mysql-connect]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /home/content/j/b/a/jbabrams2/html/index2.php on line 2

Warning: mysql_select_db() [function.mysql-select-db]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /home/content/j/b/a/jbabrams2/html/index2.php on line 3

Warning: mysql_select_db() [function.mysql-select-db]: A link to the server could not be established in /home/content/j/b/a/jbabrams2/html/index2.php on line 3


Warning: mysql_query() [function.mysql-query]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /home/content/j/b/a/jbabrams2/html/index2.php on line 17

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/content/j/b/a/jbabrams2/html/index2.php on line 17

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/content/j/b/a/jbabrams2/html/index2.php on line 20


Can someone help??? My email is abrams6@illinois.edu. you can go to www.jeremyabrams.com/index2.php to view the problem for yourselves.

Thanks>
By Jeremy


5th Nov 2008 23:50

Jeremy - the reason you're getting the "Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock'" error is something to do with your servers MySQL setup. Either you don't have MySQL setup on your website server (or if you do, then it's not setup correctly).

That's the only thing I can think of for that error (as I've had it plenty of times before).
By Dale Hay


5th Nov 2008 23:51

Jeremy - the reason you're getting the "Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock'" error is something to do with your servers MySQL setup. Either you don't have MySQL setup on your website server (or if you do, then it's not setup correctly).

That's the only thing I can think of for that error (as I've had it plenty of times before).
By Dale Hay


6th Nov 2008 00:30

Well I'm using godaddy hosting services so they did everything for me...that's strange I guess ill have to call them.
By Jeremy


11th Nov 2008 05:22

Around August 26th, I thanked you for your forum. Well I went and looked at the base and decided to expand.

Here is my result as of November 08:
http://cookyx.com/forum.php
(another web site I coded)

You're going to need to register in order to post and make topics, other than that, you can view topics.

What do you think Dale? :)
By Dan


6th Dec 2008 22:51

This is not what I'm looking for
By Soko banja, Serbia


17th Dec 2008 03:10

Thanks, this is the one I want. It works fine.
By phoenyo


4th Jan 2009 14:26

Thank you ill use this to work my way into creating my own software thank you so much.
By THBP


7th Jan 2009 02:07

Nice Tutorial! Really Nice!
By Dhfola


20th Feb 2009 19:48

For some reason the replies to a current posting are not showing up.
By Joe


25th Feb 2009 18:13

Many thanks matey, Really well explain and a great foundation for me to build on. Love the site as well, really nice and colourful.
By James Sambrook


3rd Mar 2009 10:53

wOw, thats great..but the reply page for me didnt work enough..
By jam


3rd Mar 2009 19:50

jam - Thanks. Also what happens? Does it send anything through? Or does it just show a blank page?
By Dale Hay


8th Mar 2009 22:34

brilliant tutorial, really helped me understand the process, the best I've seen.
thanks
xx
By Nicky Donkin


11th Mar 2009 00:36

thanks a lot for ur briliant work , it helped me a lot to learn . but the last code " insert" is not working.
From the replies if I add text and post it then its showing error .
could u please help me on this .

thanks mate .
By sarwar


4th Apr 2009 07:42

The code you provided is

<?php
// We are selecting everything from the threads section in the database and ordering them newest to oldest.
$sql = mysql_query("SELECT * FROM threads ORDER BY posted DESC");

// Now we are getting our results and making them an array
while($r = mysql_fetch_array($sql)) { // line 17

// Everything within the two curly brackets can read from the database using $r[]
// We need to convert the UNIX Timestamp entered into the database for when a thread...
// ... is posted into a readable date, using date().
$posted = date("jS M Y h:i",$r[posted]);

// Now we will show the available threads
echo "<h3><a href='msg.php?id=$r[id]'>$r[title]</a> ($r[replies])</h3><h4>Posted by $r[author] on $posted</h4>";

// End of Array
}
?>




when I try this get error
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/danwari1/public_html/data/index.php on line 17


I added
or die(mysql_error())
to the code

and now it shows the error

No database selected



how to solve this, can any one help me !!
By BanwariLal


4th Apr 2009 14:55

Hi,

I have been following your guide and everything is working fine, except for one thing.

All the entries in the mysql table show the following:

Array=[The actual entry]

I have no idea what could be causing this:(

Any Ideas,

Martyn
By Martyn Breckenridge


4th Apr 2009 15:12

Further to my last message, i figured out what it was. I had:

mysql_query("INSERT INTO index_access
VALUES(NULL,'$_GET=[$ip]','$_GET=[$ua]','$time')");

when it should have been:

mysql_query("INSERT INTO index_access
VALUES(NULL,'$ip','$ua','$time')");

Martyn
By Martyn Breckenridge


26th Apr 2009 09:51

This site is very cool throughout the Internet by a hot girl [url=http://king-xxx.blogspot.com/][color=red]Clik[/color][/url]
By Suiplybup


3rd May 2009 16:31

This is great but only one thing :

<?php
mysql_connect("localhost", "USERNAME", "PASSWORD");
mysql_select_db("DATABASE");

Should here be a <?php Tag?

$time = time();
mysql_query("INSERT INTO threads VALUES(NULL,'$_POST[title]','$_POST[message]','$_POST[author]','0','$time')");

echo "Thread Posted.<br><a href='index.php'>Return</a>";
?>
By Destiny


3rd May 2009 17:24

Destiny - There is no need for a " <?php " as it's already got it above. The " $time = time(); " follows straight on after the " mysql_select_db() " bit.
By Dale Hay


30th May 2009 13:09

This is a really great tutorial. Would it be possible for you to discuss the types of security issues which a basic system such as this would be vulnerable to, and how these could be addressed?

By Pedrito


1st Jun 2009 16:54

Hi bud did you get the new add-on uploaded... I checked your site but couldnt find it! thanks for a great script.
By Dave Johns


1st Jun 2009 23:07

Hello Dave,

I am slowly starting to work on the addons now. One that I am working on is the login side of things after it being requested by Paul (on the forum "ConvoWorld")
By Dale Hay


7th Jun 2009 02:27

Just want to make sure any one can use this. Why would security be a major concern if php is on the server side and the database is on the server as well? I would think that adding login systems to our indivisual sites would decrease these vulnerabilities, right. Adding by adding the ip address to the file(database) would deter illegal action as well.
By Jim


8th Jun 2009 20:17

So cool, thanx man. This is such an basic tutorial, even I can understand it,
By bassline77


9th Jun 2009 00:36

Jim - There's always flaws easily to be found within PHP and MySQL. It's just annoying if they get exploited and cause havoc on the site.

bassline77 - Cheers mate.
By Dale Hay


3rd Jul 2009 03:30

Who knows where to download XRumer 5.0 Palladium?
Help, please. All recommend this program to effectively advertise on the Internet, this is the best program!
By CocoChanels


16th Jun 2012 01:14

Just wanted to say - Great Forum!!! It has helped me tons.
By PoitocloutTfn


20th Aug 2012 12:43

Hi-ya, I`m a newbie here. I am sorry if this Isn`t the best section for this request but I was hoping a member here on dalehay.me would be ok to show me where I can find a stream of The Dark Knight Rises On the internet for free. Thanks
By HozyDiasiasor


20th Aug 2012 14:12

Sorry HozyDiasiasor, but legally I cannot help you with a link to stream The Dark Knight Rises.
By Dale Hay


5th Nov 2012 08:31

I admit, I have not been on dalehay.me in a long time however it was another joy to see It is such an important topic and ignored by so many, even professionals. I thank you to help making people more aware of possible issues. Wonderful!
By Tisha.Y


22nd Feb 2013 22:38

Hello. And Bye. Thank you very much.
By OCCUNCRUILK


23rd Feb 2013 06:53

Hello. And Bye. Thank you very much.
By OCCUNCRUILK


1st Mar 2013 10:21

Thanks a million for this great tutorial mate. Cheers
By suneth kalhara


14th Mar 2013 15:39

Hi,

Could you tell me how to implement a delete thread function??
By Jess


14th Mar 2013 17:19

Hello Jess,

To delete a thread you would need to have a secure page (that only you can access) and have a link from the thread (that only you can see) that goes to a page like delete.php?id={thread_id} that contains something along the lines of:

<?php
$thread_id = (int)$_GET['id'];
mysql_query("DELETE FROM threads WHERE id = '" . $thread_id . "'");
?>


That will delete a certain thread.
By Dale Hay


19th Mar 2013 00:35

Hi,

In reply the post below, I cannot seem to get this function to work.

I have incorporated the code as follows on

msg.php
echo "<br><a href='delete.php?id='$_GET[id]'>Delete Thread</a>";

delete.php
<?php
$thread_id = (int)$_GET['id'];
mysql_query("DELETE FROM threads WHERE id = "'" . $thread_id . "'");
?>

Currently I cannot seem to get this to work would you be able to help me solve this problem. The code is the same as yours apart from the variables and the changes added with Delete.

Cheers,
Jess


Hello Jess,

To delete a thread you would need to have a secure page (that only you can access) and have a link from the thread (that only you can see) that goes to a page like delete.php?id={thread_id} that contains something along the lines of:

<?php
$thread_id = (int)$_GET['id'];
mysql_query("DELETE FROM threads WHERE id = '" . $thread_id . "'");
?>

That will delete a certain thread.
By Jess


19th Mar 2013 00:39

Hi,

I have tried to implement the above function but I get errors.

delete.php
<?php
$thread_id = (int)$_GET['id'];
mysql_query("DELETE FROM threads WHERE id = "'" . $thread_id . "'");
?>

msg.php
echo "<br><a href='delete.php?id='$_GET[id]'>Delete Thread</a>";

Can you help me solve this issue?

Cheers
By Jess


19th Mar 2013 02:42

Have you added on the delete.php page the mysql_connect() stuff?

delete.php
<?php
mysql_connect("localhost", "USERNAME", "PASSWORD");
mysql_select_db("DATABASE");

$thread_id = (int)$_GET['id'];
mysql_query("DELETE FROM threads WHERE id = "'" . $thread_id . "'");
?>
By Dale Hay


19th Mar 2013 19:52

Hi Dale,

Yes I have included the connection strings in the delete.php

The issue that I have is that I cannot pick the id from which the user would like to delete.php

http://mywebexample.com/messageboard/delete.php?id=

Code in the message.php is
<?php
echo "<br><a href='delete.php?id='$_GET[id]'>Delete Thread</a>";
?>

Can you see the issue?

Thank you for your help so far
Jess
By Jess


20th Mar 2013 00:09

Hey Jess,

I've sent you an email to the address you used when posting your comment. We can sort it out quicker that way. :)
By Dale Hay


28th Jul 2015 10:32

Thanks for the article. It has given me some blur ideas of what I have been searching for, though it did not give me the complete idea. But helps a lot, thank you. Come up with more such articles, wish to follow.
Rahul D
Best PHP Training Institute in Chennai
http://phptraininginchennai.co.in/
By Rahul D


Post your comment...

Your Name:

Your Email:

Your Comment:

Are You Human?

Tick this box to confirm you're not a bot.

  • © Dale Hay, 2005 - 2016