shout.php

<?php
 
$self = $_SERVER['PHP_SELF']; //the $self variable equals this file
$ipaddress = ("$_SERVER[REMOTE_ADDR]"); //the $ipaddress var equals users IP
 
include ('connect.php'); // for db details
 
if(isset($_POST['send'])) {
 
    if(isset($_COOKIE['user']) && strlen($_COOKIE['user']) > 1) {
        $name = $_COOKIE['user'];
    }
    else {
        $name = 'Guest';
    }
 
    if(empty($_POST['post'])) {
        echo('<p class="error">You did not enter a post.</p>');
    } else {
        $post = htmlspecialchars(mysql_real_escape_string($_POST['post']));
 
        $sql = "INSERT INTO shouts SET name='$name', post='$post', ipaddress='$ipaddress';";
 
        if (@mysql_query($sql)) {
            echo('<p class="success">Thanks for shouting!</p>');
        } else {
            echo('<p class="error">There was an unexpected error when submitting your shout.</p>');
        }
    }
}
 
$query = "SELECT * FROM `shouts` ORDER BY `id` DESC LIMIT 50;";
 
$result = @mysql_query($query) or die('<p class="error">There was an unexpected error grabbing shouts from the database.</p>');
 
while ($row = mysql_fetch_array($result)) {
 
    $epost = stripslashes($row['post']);
 
    echo('<div style="color: #00FFFF; float: left; padding-right: 5px;">'
        .$row['name'].':</div>');
    echo('<div class="post">'.$epost.'</div><hr />');
}
?>
 
<form action="<?php $self ?>" method="post">
    <h4 style="padding: 0; margin: 1px;">Shoutbox</h4>
    <input name="send" type="hidden" />
    <input type="submit" value="Shout" />
    <h5 style="padding: 0; margin: 1px; color: #778899;">Shout:</h5><textarea name="post" cols="25" rows="1"></textarea>
</form>