Some time ago (a couple weeks), I created my own blogging system. No one told me how to do it and I didn’t read any tutorials on how to do it either so there were a few things I learned the hard way. As you know, Blogs are database-based, they’re all entries in a table.

You have an entry for the id, date, the content, and miscellaneous other information such as tags, and description. In this tutorial, I’d like to teach you how to do all that.

/* LET'S GET STARTED!*/

Creating The Table

For this tutorial, you’ll have to have your own database, and username. Set up a home server, with WAMP, XAMPP or whatever else. Once you have that done, create that database, I’ll call mine “blog”.

I’m not going to get into how to do that, because if you’re doing this on a server online, you’ll need special instructions. Google it and set it up.

So, let’s create an INSTALL script. Make sure that when you use this script, delete it right after:

<?php

if (!isset($_POST['submit'])) {
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="submit" name="submit" value="Install">
</form>

<?php
}

This creates an installing button. This is only for convenience. I don’t like scripts that automatically add new tables and such without control.

else {
include ('connection.php');

This little bit will connect you to the database. Here’s what my connection.php looks like:

<?php
// MySQL variables
$host = 'localhost';
$user = 'username';
$pass = 'password';
$db = 'blog';

//connect
$connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!");
//database select
mysql_select_db($db) or die ("Unable to select database!");
?>

Great, now you’re in the system (btw, you’ll have to make your own username, password, database, and all that, just like I said you’d have to do. Let’s move on to creating your administration for your site:

//creating a user table
$query = "CREATE TABLE users
(
name varchar(15),
pass varchar(255)
)";

$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());

//making the user name
$password = md5('password you want to use');
$query="INSERT INTO users (name, pass)
VALUES
('admin', '$password')";

//query
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());

Great, now you have a database entry for your user (that’s you!), I won’t get into having multiple users, right now. So bear with me. I’m using a md5 hash to make the password a bit harder to crack. Also, I’m using the usual “admin” for username. Let’s move on to the blog table:

//creating a blog table
 $query = "CREATE TABLE blog
(
id int NOT NULL auto_increment primary key,
title blob NOT NULL,
date blob NOT NULL ,
content text NOT NULL
)";
    // execute query
    $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());

$query = "INSERT INTO blog (title, date, content) VALUES ('Welcome', 'May 5th', 'First blog entry! Aren\'t you excited?');
";
	// execute query
    $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());

mysql_close($connection);
echo "Done";

}

With this, we just created a simple blog table that will have a specific id, date, title, and content. We’ve also added a dummy entry (with a date format I won’t be using by the way).
If you’re wondering about the backslash in the word “Aren’t”, don’t wonder anymore. A backslash is used to “escape” characters that may hold a different meaning in the world of programming languages.
For example, if I did not escape that character, I would probably get an error where the MySQL wonders what the “t you excited?” is about since the entry ended at “aren’”.

Before we go on, I would like to seriously address this. The best way to avoid an error is to use a well-known php function mysql_real_escape_string(). This function will automatically add backslashes to all potentially problematic characters. Also, if you use this function, don’t add extra backslashes because the function will escape those as well. There’s only one problem with that function but I’ll show you the solution later on.

Coding the Entry

Now, you’ll notice that while coding the entry, I’m leaving the system open to vulnerabilities, but that’s okay. Why is it okay? Well, unless you’re logged in, you won’t be able to get into the system. So you should be the only one who gets in there and adds entries.

You can screw up your entries by dropping tables and whatnot if you want to, but I’ll assume you won’t be making any crazy MySQL stuff. Also, you’ll have the above-mentioned function to protect you from any unfortunate mistakes.

First add the connection.php file using the include() function. Second, let’s create the form:

<h2>Add Blog Post</h2>
     <form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
    <input type="text" name="title" size="50" / ><br />
    <textarea name="content" cols="150" rows="20"></textarea>
    <br />
    <input type="submit" name="addpost" value="Add Post!" />
    </form>

Place this in the body of your html file, I know it sounds redundant and you should know about this stuff but I’m just making sure. What this form will do is send some information using the “post” method (ie. no URL mumbo jumbo like this: ?dkjw=fsjklwe&fjskl=ewjk) No one wants a three thousand character URL up there (what browser would support that anyways?). You have two separate pieces of information: textarea (where your content goes) and input type=”text” (that’s the title). Anyways, put the next piece of code inside the <head> tag, or at least above the form.

if (isset($_POST['addpost'])) {
		$title = mysql_real_escape_string($_POST['title']);
		$content = mysql_real_escape_string($_POST['content']);
		$date = mysql_real_escape_string(date('m-d-Y'));
		$sql = "INSERT INTO blog (title, date, content) VALUES ('$title', '$date', '$content')";
		$result = mysql_query($sql) or die ("Error in query: $query. ".mysql_error());

		if ($result) {
			echo "Blog id = ".$id." updated";
		}

}

Well, that’s some good stuff. The submit button in the form sent the post variable name “addpost” with the value “Add Post!”. The loop above goes into motion right when that post variable is submitted. I escaped all the strings just in case. Oh, if you didn’t know, you can use html, css, and all that other stuff in your posts. It won’t screw up anything, I promise

Anyways, you can see I used a date function to specify the date the blog was submitted. Read up more about it if you want to use a different time stamp. This one looks like this “1-13-2010″. We then added all the values we needed into the database. And voila, we just added our first entry!

What’s next?

In my next tutorial, I’ll show you how to correctly show all that data! I’ll also get into how to protect your administration sites and how to create the login site too.

STUFF TO REMEMBER

• MySQL uses a lot of special characters. To avoid an error use the mysql_real_escape_string() which will sanitize your entries to some extent. There’s one small problem with the function, but I’ll address that in the next tutorial
• Use the include() function for your connection.php file for each site that connects to the MySQL database. It’s easier than rewriting the code numerous times (especially if you decide to change the user name and all that)
• Delete the install.php installation script after you’re done. You don’t want anyone messing with your scripts. It also creates a vulnerability if you leave it on the server. If you think you’ll forget, get on PHPmyAdmin and do all the querying manually.
• HAVE FUN!