My first PHP practice!
- Allow user to add comments to the database
- Query comments from the database and show them
- Session
- Database query & update
- Prevent SQL injection
- Prevent HTML injection
- Prevent excessive requests
- html documents should start by
<!DOCTYPE html>
- You may customize styles in <style> tag:
.xxx {*}
. To use this style:<span class="xxx">
- To prevent SQL injections:
$stmt = $conn->prepare("SELECT * FROM table WHERE name=?");
// Check if $stmt is false
$stmt->bind_param("s", $name); // https://www.php.net/manual/en/mysqli-stmt.bind-param.php
$stmt->execute();
$stmt->close();
- To prevent HTML injections:
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
- To handle forms:
<form method="*" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>">
- Return value of
time()
is in seconds - Don't forget to close database connection
- After processing POST request, redirect to other pages to prevent the "resubmit data" popup of the browser:
header("Location: #");