Scratch Pad

At the base of every dynamic web site are very simple principles: reading and writing data from a database, and sending/receiving data from the user's browser. This article will show how those principles can be tied together for a simple web app.

Here is the code for a bare-bones online scratch pad. Written in PHP using PDO and requires MySQL. I'm releasing the code under the GPL so feel free to port it to other systems.

The scratch pad uses the following core web techniques:

  • HTML Forms
  • PHP Post
  • PDO database access inside PHP
  • MySQL table creation
  • Displaying data from a MySQL database

If left open for any visitor to edit, this Scratch Pad ends up being a chaotic (sometimes fun) mix of random mini discussions and vandalism. If you want to use it for simple notes-to-self accessible from anywhere, I suggest hiding it well or using an .htaccess file for simple password protection.

The core of this may be useful to anyone thinking of creating a blog or some sort of simple CMS. I plan on expanding this to create a very simple tumblelog. I think I can do it in under 100 lines :)

Don't expect much as far as security or error handling. The bindParam should cut out sql-injection, and the htmlspecialchars should prevent people from posting malicous code. Note that you should change the database user and password if you use this in the wild. Adding an index to the table will help keep it fast once you get tons of records. I use an insert instead of an update so that it's possible to retrieve past versions of the file.

The source:


<?php
/**
TheBox: Simple online scratch pad in 50 lines.  
by Clint Bellanger 2007/03/21.  Released under the GPL.

Requres MySQL, PHP with PDO.  Change 'author' and 'password' below (3 places).

MySQL setup:
create database devblog;
use devblog;
create table simpleblog (body text, stamp datetime);
grant select, insert on devblog.simpleblog to 'author'@'localhost' 
  identified by 'password';
*/ 

  function get_blog() {
    $db = new PDO('mysql:host=localhost;dbname=devblog', 'author','password');
    $sql = 'select body from simpleblog order by stamp desc limit 1;';
    $result = $db->query($sql);
    if ($row = $result->fetch()) $body = $row['body'];
    $db = null;
    if (isset($body)) return htmlspecialchars($body);
  }

  function handle_post() {
    if (isset($_POST['body'])) {
      $db = new PDO('mysql:host=localhost;dbname=devblog', 'author','password');
      $sql = 'insert into simpleblog(body,stamp) values(?,now());';
      $stmt = $db->prepare($sql);
      $stmt->bindParam(1,$_POST['body']);
      $stmt->execute();
      $db = null;
    }
  }

  handle_post(); 

?><html>

<head>
  <title>The Box - Dev</title>
</head>
<body>
 
  <form action="thebox.php" method="post"> // change "thebox.php" if needed
    <textarea name="body" cols="80" rows="24"><?php    
      echo get_blog(); ?></textarea><br />

    <input type="submit" value="save" />
  </form>
</body>
</html>

I have a demo running at http://pfunked.net/projects/dev/thebox.php, so check it out.

Clint Bellanger thinks web vandalism needs a place to flourish. He is also a developer for PFunked.

This article is released under the terms of the Creative Commons Share-Alike License. The source code listed above is released under the terms of the GNU Public License