Adding Posts to a Topic

In this final step, you will create the replytopost.php script, which contains code that looks similar to the script used to add a new topic. Listing 21.5 shows the code for this all-in-one form and script, which begins with the database connection on line 2. Although the script performs different tasks depending on the status of the form (whether it's being shown or submitted), both conditions require database interaction at some point.

Listing 21.5. Script to Add Replies to a Topic

1:  <?php
2:  //connect to server
3:  $mysqli = mysqli_connect("localhost", "joeuser", "somepass", "testDB");
4:
5:  //check to see if we're showing the form or adding the post
6:  if (!$_POST) {
7:      // showing the form; check for required item in query string
8:      if (!isset($_GET["post_id"])) {
9:         header("Location: topiclist.php");
10:        exit;
11:  }
12:
13:   //still have to verify topic and post
14:   $verify_sql = "SELECT ft.topic_id, ft.topic_title FROM forum_posts
15:                   AS fp LEFT JOIN forum_topics AS ft ON fp.topic_id =
16:                   ft.topic_id WHERE fp.post_id = '".$_GET["post_id"]."'";
17:
18:   $verify_res = mysqli_query($mysqli, $verify_sql)
19:                  or die(mysqli_error($mysqli));
20:
21:   if (mysqli_num_rows($verify_res) < 1) {
22:       //this post or topic does not exist
23:       header("Location: topiclist.php");
24:       exit;
25:   } else {
26:       //get the topic id and title
27:       while($topic_info = mysqli_fetch_array($verify_res)) {
28:           $topic_id = $topic_info['topic_id'];
29:           $topic_title = stripslashes($topic_info['topic_title']);
30:       }
31:
32:       echo "
33:       <html>
34:       <head>
35:       <title>Post Your Reply in ".$topic_title."</title>
36:       </head>
37:       <body>
38:       <h1>Post Your Reply in $topic_title</h1>
39:       <form method=\"post\" action=\"".$_SERVER["PHP_SELF"]."\">
40:       <p><strong>Your E-Mail Address:</strong><br/>
41:       <input type=\"text\" name=\"post_owner\" size=\"40\"
42:       maxlength=\"150\"></p>
43:       <p><strong>Post Text:</strong><br/>
44:       <textarea name=\"post_text\" rows=\"8\" cols=\"40\"
45;       wrap=\"virtual\"></textarea>
46:       <input type=\"hidden\" name=\"topic_id\" value=\"$topic_id\">
47:       <p><input type=\"submit\" name=\"submit\" value=\"Add Post\"></p>
48:       </form>
49:       </body>
50:       </html>";
51: }
52:
53: //free result
54: mysqli_free_result($verify_res);
55:
56: //close connection to MySQL
57: mysqli_close($mysqli);
58:
59: } else if ($_POST) {
60:    //check for required items from form
61:    if ((!$_POST["topic_id"])  (!$_POST["post_text"]) 
62:    (!$_POST["post_owner"])) {
63:        header("Location: topiclist.php");
64:        exit;
65:    }
66:
67:   //add the post
68:   $add_post_sql = "INSERT INTO forum_posts (topic_id,post_text,
69:                    post_create_time,post_owner) VALUES
70:                    ('".$_POST["topic_id"]."',
'".$_POST["post_text"]."',
71:                    now(),'".$_POST["post_owner"]."')";
72:     $add_post_res = mysqli_query($mysqli, $add_post_sql)
73:                   or die(mysqli_error($mysqli));
74:
75:   //close connection to MySQL
76:   mysqli_close($mysqli);
77:
78:   //redirect user to topic
79:   header("Location: showtopic.php?topic_id=".$_POST["topic_id"]);
80:   exit;
81: }
82: ?>

Line 6 checks to see whether the form is being submitted. If $_POST does not have a value, the form has not yet been submitted, and it must be shown. Before showing the form, however, you must check for that one required item; lines 811 check for the existence of a value for post_id in the GET query string. If a value in $_GET["post_id"] does not exist, the user is redirected back to the topic listing page.

If you made it past the check for a value in $_GET["post_id"] , lines 1419 issue a complicated-looking query that gets the values of the topic_id and topic_title fields from the forum_topics table, based on the only value that you know: the value of $_GET["post_id"] . This query both validates the existence of the post and gets information you will need later in the script. Lines 2124 act on the results of this validity test, again redirecting the user back to the topiclist.php page if the test fails.

If the value of $_GET["post_id"] represents a valid post, you extract the value of topic_id and topic_title in lines 2730, again using stripslashes() to remove any escape characters . Next , the entirety of the form for adding a post is printed to the screen, and that's it for this script until the form submission button is clicked. In the form, you see that the action is $_SERVER["PHP_SELF"] on line 39, indicating that this script will be recalled into action. A hidden field in line 46 holds the information that needs to be passed along to the next iteration of the script.

Moving on to line 53, this block of code is executed when the script is reloaded and $_POST contains a value. This block checks for the presence of all required fields from the form (lines 6165) and then, if they are all present, issues the query to add the post to the database (lines 6873). After the post is added to the database, the user is redirected to the showtopic.php page (lines 7980), using the appropriate query string to display the active topic.

If you save this file as replytopost.php and place it in your web server document root, try it out and you may see something like Figures 21.8 and 21.9.