This is my first attempt to write a very simple (one-file) blog-engine, build with PHP and MySQL. I want to make and have everything simple and don't want to include hundreds of files, classes and so on, because I just want to publish some text and that's is. I don't need plugins, changing templates, APIs or anything like that. The script is now working and running fine, but I'm a really novice and have just started with php/mysql. :)
So I want some feedback, what I've done wrong, what is maybe too complicated or if there is a possibility of injections or similiar? Any help and feedback is welcome (and sorry for my poor english!).
I've include some comments, so that's easier to follow my thoughts:
<?php
///////////////////////////////////////////////////// BASE
// Whats the name of the blog and how many recent articles should shown on the front
$blogname = 'The basic blogname';
$anzahl = '3';
// Alright, let's connect to the database
include_once 'include/connect.php';
// I use this to generate german date (e.g.: March --> März)
setlocale (LC_ALL, 'de_DE@euro.utf8', 'de_DE.utf8', 'de.utf8', 'ge.utf8');
///////////////////////////////////////////////////// START >>> IF
// As we using htaccess with modrewrite, we want to know, what page-name the user requested
if (isset($_GET['slug'])) {
// I'm not sure, if it makes sense (mysqli_/mysql_?) to avoid injections? Any help is welcome!
$blog = mysql_escape_string($_GET['slug']);
// Alright, now we check the database and ask if the sitename exist and if the status is "online" (published/draft)
$result = mysqli_query($con,"SELECT * FROM entries WHERE slug='$blog' AND status = 'ONLINE'");
// We call the result and check, if there is a article in the database
$num_results = mysqli_num_rows($result);
if ($num_results > 0){
// We now also include the header-file, because there we also have the $title-variable for the site / browsertab
include 'header.php';
include_once 'markdown.php';
// Create variables from the database-fields, also convert the content with markdown
while($row = mysqli_fetch_array($result)){
$title = $row['title'];
$content = $row['content'];
$my_html = Markdown($content);
$date = $row['date'];
$date = strftime('%d. %B %G', strtotime($date));
// and final: show the article on the website
echo '<h2>' . $title . '</h2>';
echo '<div id="date">' . $date . '</div>';
echo '<div id="content">' . $my_html . '</div>';
echo '<div id="link"><a href="/simple/"' . $slug . '">Back to front-page</a></div>';
// we also inlucde the footer, so that we have a complete page - header/content/footer
include 'footer.php';
}
///////////////////////////////////////////////////// ELSE >>>
// but if there is NO entry in the database with this pagename...
} else {
// again we need the header
include 'header.php';
// then we say:
echo '<h2>Error</h2>';
echo '<div id="content">There is no article with this name!</div>';
echo '<div id="link"><a href="/simple/"' . $slug . '">Back to front</a></div>';
// and include the footer
include 'footer.php';
}
///////////////////////////////////////////////////// ELSE >>>
// But if the user just open the blog and don't request a name, we want to show him the last articles (3 - see top)...
} else {
// So again we call the database and request the last published entries and sort them, limited by the amount of given entries
$result = mysqli_query($con,"SELECT * FROM entries WHERE status = 'ONLINE' ORDER BY id DESC LIMIT $anzahl");
// Again include header and markdown
include 'header.php';
include_once "markdown.php";
// We generate variables from the datebase during the loop, also convert the excerpt with markdown
while($row = mysqli_fetch_array($result)){
$title = $row['title'];
$slug = $row['slug'];
$excerpt = $row['excerpt'];
$my_html = Markdown($excerpt);
$date = $row['date'];
$date = strftime('%d. %B %G', strtotime($date));
// And publish them on the website
echo '<h2><a href="/simple/' . $slug . '">' . $title . '</a></h2>';
echo '<div id="date">' . $date . '</div>';
echo '<div id="content">' . $my_html . '</div>';
echo '<div id="link"><a href="/simple/' . $slug . '">Read more...</a></div>';
}
// Last time, we include the footer again.
include 'footer.php';
}
///////////////////////////////////////////////////// <<< FINISH
?>
Thanks - and yes, I'm willing to learn! :))