below is my program
<?php$servername = "localhost";$username = "root";$password = "12345bbbb";$dbname = "myDB";// Create connection$conn = new mysqli($servername, $username, $password);// Check connectionif ($conn->connect_error) { die("Connection failed: " . $conn->connect_error);}?><div id="addCommentContainer"> <p>Add a Comment</p> <form id="addCommentForm" method="post" action=""> <div> <label for="name">Your Name</label> <input type="text" name="name" id="name" /> <label for="email">Your Email</label> <input type="text" name="email" id="email" /> <label for="url">Website (not required)</label> <input type="text" name="url" id="url" /> <label for="body">Comment Body</label> <textarea name="body" id="body" cols="20" rows="5"></textarea> <input type="submit" id="submit" value="Submit" /> </div> </form></div>$comments = array();$result = mysql_query("SELECT * FROM comments ORDER BY id ASC");while($row = mysql_fetch_assoc($result)){ $comments[] = new Comment($row);}class Comment{ private $data = array(); public function __construct($row) { /* / The constructor */ $this->data = $row; } public function markup() { /* / This method outputs the XHTML markup of the comment */ // Setting up an alias, so we don't have to write $this->data every time: $d = &$this->data; $link_open = ''; $link_close = ''; if($d['url']){ // If the person has entered a URL when adding a comment, // define opening and closing hyperlink tags $link_open = '<a href="'.$d['url'].'">'; $link_close = '</a>'; } // Converting the time to a UNIX timestamp: $d['dt'] = strtotime($d['dt']); // Needed for the default gravatar image: 'http://cdn.tutorialzine.com/img/default_avatar.gif'; return ' <div class="comment"> <div class="avatar"> '.$link_open.' <img src="http://www.gravatar.com/avatar/'. md5($d['email']).'?size=50&default='. urlencode($url).'" /> '.$link_close.' </div> <div class="name">'.$link_open.$d['name'].$link_close.'</div> <div class="date" title="Added at '. date('H:i on d M Y',$d['dt']).'">'. date('d M Y',$d['dt']).'</div> <p>'.$d['body'].'</p> </div> '; } public static function validate(&$arr) { /* / This method is used to validate the data sent via AJAX. / / It return true/false depending on whether the data is valid, and populates / the $arr array passed as a paremter (notice the ampersand above) with / either the valid input data, or the error messages. */ $errors = array(); $data = array(); // Using the filter_input function introduced in PHP 5.2.0 if(!($data['email'] = filter_input(INPUT_POST,'email',FILTER_VALIDATE_EMAIL))) { $errors['email'] = 'Please enter a valid Email.'; } if(!($data['url'] = filter_input(INPUT_POST,'url',FILTER_VALIDATE_URL))) { // If the URL field was not populated with a valid URL, // act as if no URL was entered at all: $url = ''; } // Using the filter with a custom callback function: if(!($data['body'] = filter_input(INPUT_POST,'body',FILTER_CALLBACK, array('options'=>'Comment::validate_text')))) { $errors['body'] = 'Please enter a comment body.'; } if(!($data['name'] = filter_input(INPUT_POST,'name',FILTER_CALLBACK, array('options'=>'Comment::validate_text')))) { $errors['name'] = 'Please enter a name.'; } if(!empty($errors)){ // If there are errors, copy the $errors array to $arr: $arr = $errors; return false; } // If the data is valid, sanitize all the data and copy it to $arr: foreach($data as $k=>$v){ $arr[$k] = mysql_real_escape_string($v); } // Ensure that the email is in lower case (for a correct gravatar hash): $arr['email'] = strtolower(trim($arr['email'])); return true; } private static function validate_text($str) { /* / This method is used internally as a FILTER_CALLBACK */ if(mb_strlen($str,'utf8')<1) return false; // Encode all html special characters (<, >, ", & .. etc) and convert // the new line characters to <br> tags: $str = nl2br(htmlspecialchars($str)); // Remove the new line characters that are left $str = str_replace(array(chr(10),chr(13)),'',$str); return $str; }/*/ This array is going to be populated with either/ the data that was sent to the script, or the/ error messages:/*/$arr = array();$validates = Comment::validate($arr);if($validates){ /* Everything is OK, insert to database: */ mysql_query(" INSERT INTO comments(name,url,email,body) VALUES ( '".$arr['name']."', '".$arr['url']."', '".$arr['email']."', '".$arr['body']."' )"); $arr['dt'] = date('r',time()); $arr['id'] = mysql_insert_id(); /* / The data in $arr is escaped for the mysql insert query, / but we need the unescaped text, so we apply, / stripslashes to all the elements in the array: /*/ $arr = array_map('stripslashes',$arr); $insertedComment = new Comment($arr); /* Outputting the markup of the just-inserted comment: */ echo json_encode(array('status'=>1,'html'=>$insertedComment->markup()));}else{ /* Outputting the error messages */ echo '{"status":0,"errors":'.json_encode($arr).'}';}$(document).ready(function(){ /* The following code is executed once the DOM is loaded */ /* This flag will prevent multiple comment submits: */ var working = false; /* Listening for the submit event of the form: */ $('#addCommentForm').submit(function(e){ e.preventDefault(); if(working) return false; working = true; $('#submit').val('Working..'); $('span.error').remove(); /* Sending the form fileds to submit.php: */ $.post('submit.php',$(this).serialize(),function(msg){ working = false; $('#submit').val('Submit'); if(msg.status){ /* / If the insert was successful, add the comment / below the last one on the page with a slideDown effect /*/ $(msg.html).hide().insertBefore('#addCommentContainer').slideDown(); $('#body').val(''); } else { /* / If there were errors, loop through the / msg.errors object and display them on the page /*/ $.each(msg.errors,function(k,v){ $('label[for=+k+]').append('<span class="error">'+ v+'</span>'); }); } },'json'); });})
