Adding a comment system to my website
Solution 1
This is simple php guest book tutorial. I know its not exactly what you asked for, but its very similar. Customize it to suit your need. PS: i would really think about what eykanal wrote. You would need to add a column for the article id, page id etc...
Follow-up:
As everyone has mentioned, this example/tutorial is not the most secure/correctly designed piece of work and is only meant to show you the level of complexity and give you and idea of what you're getting into. After reading it i would also read a bit on php/mysql injection vulnerabilities and simple db design principals
Solution 2
If you don't want to code your own comment system, you can use http://disqus.com/
Solution 3
There are many ways to do that... i try to give you a simple idea (without use patterns or complex method):
1) Create a Database Table to contain comments, i suggest these fields:
id (integer)
news_id (fk to id of the news)
date (i.e. Timestamp)
name (varchar(30... or less))
message (text)
2) In your frontEnd page add a form composed of 4 fields: news-id : self-explanatory name : input text field message : textarea captcha: (to avoid bot completion) i suggest you recaptcha.
<form action="add_comment.php" method="POST">
<label for="name">Your Name:</label>
<input type="text" id="name" name="name" />
<label for="name">Your Comment:</label>
<textarea id="comment" name="comment"></textarea>
<input type="hidden" name="news_id" value="<?php echo $news_id?>"/>
<input type="submit" value="Ok" name="save"/>
</form>
This form send data in POST to add_comment.php that need to implement these steps:
2.A) check if $_POST data exist
if(isset($_POST["save"]))
It would be better check provenience of data (to be sure that are from your site).
2.B) If $_POST data exists,check mandatory fields and store error in some structure:
if( (trim($_POST["name"]) == "") and (strlen($_POST["name"]) < 5) ){
$name_error = true;
}
2.C) If there aren't errors, save data to the database:
- open db connection
- assemble a query. Do not forget to wrap every variable into quotes and run it through mysql_real_escape_string (or use prepared statements)
- run this query
- redirect to the current page
2.D) If there are errors, redirect to main page with a variable in get &error=1. In your main page check if this variable is set to define if you need to print some error messages. (better to stay on the same page and display errors as well as fill entered data (avoid xss scripting ))
3) Manage your main page adding a script to select comment from DB, here some steps:
3.A) For each news you print, get the id (or the unique key used to store news in db).
3.B) Perform a simple select query like this to get all comment for this news:
$query = "SELECT name,message from comments where id_news = '{$_newsid}' order by date DESC";
3C) For each comment you obtain with this query you can print data in this way :
<?php foreach($query_fetched_results as $comment):?>
<p class='name'><?php echo $comment['name'];?></p>
<p class='comment_body'><?php echo $comment['message'];?></p>
<?php endforeach;?>
4) Check number of comment is pretty simple, perform a count on data obtained from query at point 3B.
Solution 4
Aside from handling spam, this is fairly simple. It's a great learning exercise the first time through.
To save the comments...
In your HTML, you make a form with your comment fields. Submit the form with POST.
In your PHP, read the fields out of $_POST and check them for validity - name is x characters long, not blank, etc. Run your data from the user through mysql_real_escape_string() and put it together in an INSERT query string. Run the query. A key idea here - don't trust the users input - check it every way you can think of. There's loads of help on Stack Overflow on the subject.
To display the comments...
Run a SELECT query looking for the ID that corresponds to your posting. Output names and comments to a string (using strip_tags() to remove unwanted HTML from comments), introducing your own layout HTML as needed. You can easily count the comments as you output each comment to your string. Then output the formatted comments to the page.
There are lots of options to consider along the way - do you want to allow certain HTML? How are you handling the inevitable spam? Are you threading comments, allowing avatars, Gravitars, email addresses, URLS for posters, etc? Are you making the posts through some system or just building pages?
EDIT: corrected my suggestion on mysql_real_escape_string(). Thanks to Col. Shrapnel for pointing out my mistake.
Solution 5
you can use IntenseDebate.
features:
Comment Threading
Improve the conversation within the comment section and reply directly to an individual comment. Indented replies make following various conversations manageable.
Reply-By-Email
Respond to and moderate comments with ease via email, even if you're on the go. Just because you're away from your computer doesn't mean the conversation stops.
Email Notifications
Commenters receive email alerts when a response to their comment is posted, linking them directly to the response. Add in reply-by-email, along with the option to subscribe to all comments and let the debate ensue!
ntenseDebate features
Email Notifications
Commenters receive email alerts when a response to their comment is posted, linking them directly to the response. Add in reply-by-email, along with the option to subscribe to all comments and let the debate ensue!
Commenter Profiles
Commenter profiles let you and your readers learn more about each other. Watch the conversation go to new levels once you and your readers are able to get to know each other. Don't forget, their universal profiles can be used on any site with IntenseDebate!
Moderation/Blacklisting
IntenseDebate offers some truly hardcore moderation options. Customize your settings to moderate by keywords, number of links, commenter email, and/or IP addresses.
Reputation Points & Comment Voting
Your readers will start to build their commenter reputations when they create an IntenseDebate account. Their reputation score is based on the quantity, and more importantly the quality, of the comments they've made across all sites with IntenseDebate. Bring the quality comments to the forefront.
Plugins API
We've opened up our code for developers to introduce their own creations into the debate. These enhancements include Seesmic video comments, PollDaddy polls, YouTube videos, smileys, and more. Interested in building your own customizations? Check out our Plugins API.
OpenID
Your readers can post comments easily using their OpenID. They can tie their OpenID to their IntenseDebate profile so they won't have to worry about remembering another set of login credentials.
Widgets
We've built some fancy widgets based on your feedback. You can display your blog's comment stats, the most recent comments made on your blog, your most popular posts, the most recent comments you've made, and even who the top IntenseDebaters are.
Give your commenters the option to send a simultaneous tweet when they post a comment. It's a great way to let your commenters spread the word about your site and drive new traffic and comments!
Facebook Connect
Open up the debate and let anyone with a Facebook account post comments on your site with our Facebook Connect integration!
RSS Readers & Tracking
RSS readers make life simple. That's why we've integrated IntenseDebate comments with Google Reader and Bloglines (with more RSS readers on the way) so you can read and post comments directly from your RSS reader.
Related videos on Youtube
18 : 26
06 : 03
03 : 24
26 : 24
55 : 57
05 : 13
03 : 00
13 : 50
09 : 02
01 : 12
Comments
-
MJ93 about 2 years
Hey everyone, I'm trying to add some type of comment system to my website for the news that I post on the main page. What I would like it to do is have anybody comment on it (they don't need to login). The comment submission form just required a Name and comment. What would be the simplest way to do this? It would also be nice to have it display how many comments there currently are on the news post. I dont need anything fancy. Thanks!
-
eykanal over 13 yearsNo login required = tons of comment spam. Whatever solution you go with, I suggest you incorporate captchas or something similar into it.
-
-
Your Common Sense over 13 yearsrun whole query through mysql_real_escape_string? -
Surreal Dreams over 13 yearsOh, that was dumb. I'll fix that.
-
Your Common Sense over 13 yearsIn fact, mysql_real_escape_string has nothing to do with user input. it's database stuff. It should be done even there was no user input at all. it's just like formatting of some sort, a syntax rule. SQL syntax. And mysql_real_escape_string would help you nothing. It works only within quotes.
-
MatterGoal over 13 yearsThank you col shrapnel! the hidden field in the form in point 2 is indispensable! Thank you also for the any other info added!
