[DEV] LinkTheDay

Feb 10, 2016
48
14
Hello,
I am here today to show off my project that is my way of learning PHP and MySQL(Maybe some JS later on?). I've been working on this for 2 weeks.

So, what it is? Well, it's not the best idea. But this is a way to save any links on the web and access it very easy by giving it a title and sort it in orders. What I mean with that is the first link you upload will be the last one after adding some more, and the newer one will always be on top.

So, when you upload the link your link also goes on the "Flow" of the site, this is a place where ALL links shared is being shown, easy like that.
Well, this is good. But there's alot of sites like this, so what I wanted to do is create a user system so I can search for users or friends and see their profile and links and heart/Favourite them.

So what steps has been done?
  • Create an account and login (100%)
  • Post links to your profile and flow(85%)
  • See registered users (100%)
  • Admin panel (10%) - It works good, but more admin power to come!
What to come?
  • Heart/Favourite other users links
  • Follow other users
  • Search for users
  • Publish or not publish to the public Flow
  • Profile editing(Profile picture, bio, sex, country, etc)
This will be a good mix of keeping stuff at one place for those who uses links alot and a way to keep in touch with other people.
Notice that this is NOT the final design, it's just a template for me to keep stuff clean.
Code snippets(Not the best, Im not so familiar with this yet)
PHP:
if(isset($_POST['btn-update'])) {
    $updateMyPost = mysqli_real_escape_string($con, $_POST['updateMyPost']);
    $user_id = mysqli_real_escape_string($con, $_POST['user_id']);
    $prefix = mysqli_real_escape_string($con, $_POST['prefix']);

    if(mysqli_query($con, "INSERT INTO posts(link, user_id, prefix) VALUES('$updateMyPost', '$user_id', '$prefix')")) {

    } else {
        echo 'fail!';
    }
}

PHP:
if(isset($_SESSION['user'])) {

$sql = "SELECT * FROM posts WHERE user_id=".$_SESSION['user'];
$result = $con->query($sql);

if ($result->num_rows > 0) {
    while($row = $result->fetch_assoc()) {
        ?> <span style="float:right"> Your ID: <?php echo $row['user_id']; ?></span> <?php
        ?> <span style="float:left"><a href="<?php echo $row['link']; ?>" target="_blank"><?php echo $row['prefix']; ?></span></p></a><br><br> <?php
    }
        } else {
       ?> <center> <?php echo "Update your first link!"; ?> </center> <?php
        }
    }
}

Pictures
Keep in mind that some pictures are taken with different databases.
fbd2aa6c61a4468798c6311fe17e757f.png

d8d07190762afa8ddf1a6ab71dc46f78.png

af79e47704c956c4426c372a74de6a0b.png

7033dc86aca07005d05915da100fdde8.png



A special thanks to Tommy for giving me knowledge and being supportive.
- Best regards.
 
Last edited:

BIOS

ಠ‿ಠ
Apr 25, 2012
906
247
Instead of repeatedly escaping every variable and executing queries like you currently are, look into prepared statements. They are one of the few benefits that you have access to when using MySQLi.

For example:
PHP:
<?php
if(isset($_POST['btn-update'])) {

    $updateMyPost = $_POST['updateMyPost'];
    $user_id = $_POST['user_id'];
    $prefix = $_POST['prefix'];

    if(!is_int($user_id)){
        $error = 'fail!'; // user_id isn't a valid integer
    }
  
    // other checks...

    if(!$error){

        $stmt = mysqli_prepare(
            $con,
            "INSERT INTO posts
                (link, user_id, prefix)
            VALUES
                (?, ?, ?)"
        );

        mysqli_stmt_bind_param($stmt, "s", $updateMyPost);
        mysqli_stmt_bind_param($stmt, "i", $user_id);
        mysqli_stmt_bind_param($stmt, "s", $prefix);

        mysqli_stmt_execute($stmt);

    }else{
        echo $error;
    }

}
?>

Good luck :p
 
Feb 10, 2016
48
14
Instead of repeatedly escaping every variable and executing queries like you currently are, look into prepared statements. They are one of the few benefits that you have access to when using MySQLi.

For example:
PHP:
<?php
if(isset($_POST['btn-update'])) {

    $updateMyPost = $_POST['updateMyPost'];
    $user_id = $_POST['user_id'];
    $prefix = $_POST['prefix'];

    if(!is_int($user_id)){
        $error = 'fail!'; // user_id isn't a valid integer
    }

    // other checks...

    if(!$error){

        $stmt = mysqli_prepare(
            $con,
            "INSERT INTO posts
                (link, user_id, prefix)
            VALUES
                (?, ?, ?)"
        );

        mysqli_stmt_bind_param($stmt, "s", $updateMyPost);
        mysqli_stmt_bind_param($stmt, "i", $user_id);
        mysqli_stmt_bind_param($stmt, "s", $prefix);

        mysqli_stmt_execute($stmt);

    }else{
        echo $error;
    }

}
?>

Good luck :p

This is clever, I will take a look at it and maybe replace it ASAP!

Thanks for the reply! :)

I will update this summer when I will be finished with the site!
 
Last edited:

Users who are viewing this thread

Top