10.4. Storing New Comments in the Database
When the user fills out your form and clicks the Post Comment box, the data from the form is submitted to update.inc.php. But before you do anything with update.inc.php, you need to determine how you be handle information from the form by creating a new method, called saveComment(), that cleans posted data and stores it in the database.
This method accepts the posted data as an argument, then cleans the data using strip_tags() and htmlentities(). You store the clean data in variables, which you pass to a prepared SQL statement and save in the comments table.
If nothing goes wrong, the method returns TRUE. Otherwise, it returns FALSE.
You can build this method by adding the code in bold to comments.inc.php ...
Get PHP for Absolute Beginners now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.