Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2

Thread: Comment class

  1. #1
    New Coder
    Join Date
    Mar 2006
    Location
    I'm lost, livin inside myself
    Posts
    97
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Comment class

    This is something I've been working on for my site, I'm trying to put the ability to comment on articles into a class. I think it's something that can be used on other sites with a few alterations.

    It can grab existing comments in the database, as well as insert new comments into it. It records the comments, name and email the person inputs. It also validates the email and the domain name using techniques brought in this thread.

    Tell me what you think and how it can be improved, this is the first class I've written and I'd like some critique on how to improve it, OOP is fairly new to me.

    PHP Code:
    <?php
        
    /*
    ################################################
    # Comment Class
    ################################################
    */

        
    class Comments{
            
            var 
    $id;
            var 
    $table;
            var 
    $fields = array('name','comment','time');
            var 
    $field;
            var 
    $ip;
            var 
    $SQL;
            var 
    $result;
            var 
    $comments_final;
            var 
    $comment_id;
            var 
    $email;
            var 
    $name;
            var 
    $comment;
            var 
    $valid;
            
            
    //here's the constructer
            
            
    function Comments($itemid$comtable$ip){
                
    $this->ip $ip;
                
    $this->id $itemid;
                
    $this->table "`".$comtable."`";
            }
            
            
    //getting comments from the past
            
            
    function GetComments(){
                
    $this->field implode(','$this->fields);
                
    $this->SQL "SELECT ".$this->field." FROM ".$this->table." WHERE `columnid`='".$this->id."' ORDER BY `commentid` ASC";
                
    $this->result mysql_query($this->SQL) or die("There was a problem with this query:".mysql_error());
                
    $this->comments_final "<table width='70%' align='center'><tr><td>Reader Comments</td></tr>\n";
                while(
    $row mysql_fetch_assoc($this->result))
                {
                    
    $this->comments_final .= "\t<tr>\n\t\t<td><b>".$row['name']."</b>&nbsp;&nbsp;&nbsp;".$row['time']."<br />\n<br />".htmlentities(stripslashes($row['comment']))."</td></tr\n>";
                }
                
    $this->comments_final .= "</table><br />
    <hr /><span class='headertext'><a name=\"comment\"></a>Add a comment</span><br /><table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" height=\"451\" width=\"100%\">
    <tbody>
    <tr>
    <td align=\"center\" valign=\"center\">
    <form name=\"form\" action=\""
    .$_SERVER['PHP_SELF']."\" method=\"post\">
    <table border=\"0\" cellpadding=\"0\" cellspacing=\"4\">
    <tbody>
    <tr>
    <td align=\"right\">Name</td>
    <td><input id=\"name\" size=\"40\" name=\"name\"></td></tr>
    <tr>
    <td align=\"right\">e-mail</td>
    <td><input id=\"email\" size=\"40\" name=\"email\"></td></tr>
    <tr>
    <td align=\"right\">Comment</td>
    <td><textarea id=\"message\" name=\"message\" rows=\"9\" cols=\"60\"></textarea> </td></tr>
    <tr>
    <td><input type=\"hidden\" value=\"sentdata\" name=\"sent\" /></td>
    <td><input id=\"send\" value=\"Send\" name=\"send\" type=\"submit\"></td>
    </tr></tbody></table></form><br /></td></tr></tbody></table>"
    ;
                return 
    $this->comments_final;
            }
            
            function 
    AddComment($name$columnid$comment$email)
            {
                
    $this->SQL "SELECT `commentid` FROM ".$this->table." WHERE `columnid`=".$this->id." ORDER BY `commentid` DESC LIMIT 1";
                
    $this->result mysql_query($this->SQL);
                while(
    $row mysql_fetch_assoc($this->result))
                {
                    
    $this->commentid $row['commentid'] + 1;
                }
                if((!
    $name) or (!$columnid) or (!$comment) or (!$email))
                {
                    
    $this->valid false;
                    break;
                }
                
    $this->name $name;
                
    $this->column_id $columnid;
                
    $this->comment addslashes($comment);
                
    $this->email $email;
                if(
    CheckEmail($this->email) == false)
                {
                    
    $this->valid false;
                    break;
                }
                if(
    ValidateDomain($this->email) == false)
                {
                    
    $this->valid false;
                    break;
                }
                
    $this->SQL "INSERT INTO `".$this->table."`('columnid', 'name', 'comment', 'commentid', 'time', 'email', 'ip') VALUES (`".$this->column_id."`, `".$this->name."`, `".$this->comment."`, `".$this->commentid."`, NOW(), `".$this->email."`, `".$this->ip."`) LIMIT 1";
                
    $this->result mysql_query() or die("could not perform query because:".mysql_error());
                
    $this->valid true;
            }
            
            function 
    CheckEmail($string){
                
    $beg '[-!#\$%&\'\*\+\/=\?\^_`{}\|~0-9A-Z]+(?:\.[-!#\$%&\'\*\+\/=\?\^_`{}\|~0-9A-Z]+)*';
                   
    $end '[-0-9A-Z]+(?:\.[-0-9A-Z]+)*';
                
    $full_pattern '/^'.$beg.'(?:@'.$end.')?$/iD';
                if (
    preg_match($full_pattern$string)) 
                {
                    return 
    true;
                }
                else
                { 
                    return 
    false;
                }
            }
            
            function 
    ValidateDomain($string){
                
    $email $string;
                
    $intitial_url explode("@",$email);
                
    $url "http://".$initial_url[1];
                
    $url2 "http://www.".$initial_url[1];
                
    $hf1 = @fopen($url,"rb");
                
    $hf2 = @fopen($url2,"rb");
                if (
    strlen($hf1) == 0){
                    if (
    strlen($hf2) == 0) {
                        return 
    false;
                        
    fclose($hf1);
                        
    fclose($hf2);
                        break;
                    }
                    else
                    {
                        return 
    true;
                        
    fclose($hf1);
                        
    fclose($hf2);
                        break;
                    }
                }
                else
                {
                    return 
    true;
                    
    fclose($hf1);
                    
    fclose($hf2);
                    break;
                }
            }

            function 
    ValidationMessage()
            {
                if(
    $this->valid == true)
                {
                    
    $this->message "Your comment has been submitted, thank you for your input."
                }
                if(
    $this->valid == false)
                {
                    
    $this->message "There was an error submitting your message. Please check that all fields are filled out and the email address is valid."
                }
                return 
    $this->message;
            }
        }
        
    ?>
    Here's the way I use it

    PHP Code:
    require 'CommentsClass.php';
    $com =& new Comments($_GET['id'], "table"$_SERVER["REMOTE_ADDR"]);
    if(
    $_POST['sent'] == 'sentdata')
    {
    $com->AddComment($_POST['name'], $_GET['id'], $_POST['comment'], $_POST['email']);
    $validation $com->ValidationMessage();
    }

    $comments $com->GetComments();
    echo 
    $validation;
    echo 
    $comments

  • #2
    Regular Coder
    Join Date
    Dec 2004
    Location
    Manchester, UK
    Posts
    134
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I'll try to provide some constructive criticism

    I'd probably break the markup out into a template file... placing that amount of markup in a class is generally not a good idea since you need to edit the class in order to change the layout slightly.

    $_SERVER['PHP_SELF'] is tainted and can be exploited. In fact, many of the $_SERVER superglobals are tainted. Do you actually need the 'action' attribute in there at all or can you maybe have the user specify where it should point to?

    EDIT | Yikes. Don't do this:
    PHP Code:
    $this->SQL "INSERT INTO `".$this->table."`('columnid', 'name', 'comment', 'commentid', 'time', 'email', 'ip') VALUES (`".$this->column_id."`, `".$this->name."`, `".$this->comment."`, `".$this->commentid."`, NOW(), `".$this->email."`, `".$this->ip."`) LIMIT 1"
    Be sure to mysql_real_escape_string() on those value which have come straight from $_POST.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •