Yep. I'm back on Paint. =3
Anyway...

/cue tutorial

(This is written under the assumption that you have somewhat of a grasp on HTML, CSS, PHP and MySQL, and connecting to your SQL database)

Someone asked me how to make a page to post statuses on, so I decided to make this to answer their question.

So, I assume you know how to set up the basic HTML of a page, so I'll skip to the meat-and-potatoes. o3o This first part will deal mostly with the PHP and SQL/MySQL aspect.

First, we need to set up the SQL table:


CREATE TABLE feed
(
post_id int NOT NULL AUTO_INCREMENT,
username varchar(20) NOT NULL,
time_posted int(40),
post_text longtext,
PRIMARY KEY (post_id)
)


That'll set up your table for the information of the posts to be inserted into.
Next, you're going to need to set up the HTML form in order to submit your posts. This'll do:


<form method="post" action="">
<textarea name="postContents"></textarea>
<br />
<input type="submit" name="pstBtn" value="Post" />
</form>


The textarea with "name='postContents'" is where you type the text of your post obviously. The <input> with the 'type="submit"' is the button you click to submit the post.
Now, the method on this form is set equal to "post" because it can't be tampered with via the URL like GET can. The action is set equal to nothing, which means that it submits the form to the current page.

Before we handle the form information, we need to take a look at the following PHP code I use:


function userVerify(){
if(isset($_SESSION[user]) && isset($_SESSION[pass])){$user=$_SESSION[user];}

$lognamecheck="SELECT * FROM members WHERE user_name='$user' AND pass_word='$_SESSION[pass]'";
if(mysql_num_rows(mysql_query($lognamecheck))=="1"{
return $userfinal;
}
}


This is a function I made to verify if the values held in the user's current session matches up with the information on that user in the database. If it does match it, it returns the users username. Otherwise, nothing happens. We'll be using it in just a second.

Now, to handle the submitted form, we need for the server to check for a submitted form like so:


<?php

if(isset($_POST[pstBtn])){
// code goes here
}
?>


Now, we should get a bit more detailed with what the server should check for, as well as cleanse the post for any malicious input:


<?php

if(isset($_POST[pstBtn]) && isset($_POST[postContents) && trim($_POST[postContents]) > "" && userVerify()!=""{

$user=userVerify();
$post=mysql_real_escape_string(htmlspecialchars(strip_tags(trim($_POST[postContents]))));
// clean the user's post
}
?>


TIME 2 EXPLAIN

Notice all those "isset()"s? Those just check if that variable is....set. x3 You may also have notice I used the PHP trim() function a couple of times. All that trim() does is cut off any leading/trailing whitespace in a string or variable, which is good to do in a case like this.
As I mentioned earlier, we used my custom function "userVerify()". I added it to the if() statement for more security, then set the variable "$user" equal to it, since that function returns your username.

After that, we can make use of several built-in functions to clean up the users content: mysql_real_escape_string(),htmlspecialchars,strip_tags()

Without getting into too much detail, these functions (respectively): escape the data to prevent messing the the mysql query, encode the string so that characters that have meaning to HTML no longer have that meaning, and strips away the HTML open and close tags (< >.
That's how we're able to post HTML code without the code actually taking effect.


The next part of this tutorial will deal with inputting this data into the database and outputting on the page.

Link:
Part 2