Project assignment 4. Due Tuesday, May 1 at 10 pm
For this part of the project you need to provide forms for users to
post and comment, validate the user data and store it into the
database. Validation should be done using regular expressions (we will
cover those on Tuesday, April 17 - please be there!)
Add a link on the front page (and possibly on other pages, as a part of
the menu bar, if any) to let the user post a new post. Clicking on the
link should open a page with a post form.
The post form should require a user to enter the following data:
You need to validate the data as follows:
- their login name (this will go away after we implement sessions
and login, but we need it for now).
- the post subject (can be empty)
- the post contents
- Check that the user name is no more than 10 characters long and
consists only of
valid characters (letters, digits, and underscores). Note that
you need to check this before the next step (why?)
- Check that the user name exists in the database. You may want to
get the user ID as well since you will need it when the post is added
to the database.
- Check that the subject is not too long and has only valid
characters (you probably want to allow spaces in addition to the
symbols in part 1, what else?)
- Check that the post message is not too long and not empty. Check
that there is no more than three
a tags in the post:
posts with a large number of links are often spam.
Some HTML tags
should be disallowed -
form tag, for instance. You don't
need to make a full-proof checking system, just demonstrate how you
would allow some tags but not other ones. Write (in comments) what
is allowed in posts and what is not allowed.
is the list of all HTML tags.
If the data did not pass validation on any of the counts, display the
form with a meaningful error message to the user. Make sure to redisplay
all entries that passed the validation so that they don't need to be
After the data has been validated you need to add it to the
database. Use your group login name and password to connect to the
- Make sure to fill in all relevant fields: post_author,
post_date, post_content, post_title, and comment_count (set to
- Use the function
mysql_real_escape_string to put
appropriate escape characters before adding text fields to the
database (see the example of inserting data into the database
that we considered in class)
- Make sure to lock and unlock tables as needed.
The user should be able to comment on a post by clicking the "Comment
on this" link of the post. The link should bring the user to a page
with a form. Note that you need to pass the post ID (through a GET
method) to the comment form. Since you need to pass it further to the
php file that handles the comment form, you may either still use the
GET method or include it as a hidden
field in the form:
where the value is the post ID. Then you can obtain it in the php file
that handles the form like this:
<input type="hidden" name="post_id" value="..."
The rest of the comment form is similar to the post form. It
requires the user to enter (at least):
You need to check the validity of both (you may use the same functions
as you used for validating post data, in this case store the functions
in a separate file and include the file in both files that handle
- their login name
- the comment contents
After you have validated the data, store it in the database. Make
sure to increment the comment count in the wp_posts table.
Test your forms carefully to make sure that all the data is stored
correctly and that the data is validated so that the incorrect data
does not get stored.
Project "groups" of one person
If you are working on youer own, you only need to implement
everything related to posts, but not to comments. If you have
questions, please let me know.
Since all groups of two people will be required to implement
at least one additional feature (of your choice) for the final
installment, here are some suggestions of things that you can start
- Threads of comments (the ability to reply to a comment rather than
just a post)
- Post categories - let the user choose a category (out of a
pull-down menu?) for their posts and provide a search option to find
all posts in a category.
- Allow the user to turn off comments for their own post (set
comment_status to "close" and check before inserting a comment; you
might also just not provide the comment link for such posts)
- Allow deleting a post or a comment. Make sure that the correct
user login is provided (i.e. a person is allowed to delete only their
own posts or comments). When deleting a post, make sure that all its
comments are deleted as well.
This page is a part of CSci 1101
course web site.
The views and opinions expressed in this page are strictly those of the page author. The contents of this page have not been reviewed or approved by the University of Minnesota.