What is a guestbook?

A Simple Guestbook

Improving the Simple Guestbook

• No validity checks
• No provision for a large guestbook

Valitity checks

The "gbook.php" script doesn't check either the $name or $comments values. It doesn't check if they were present or empty. What's wrong with that? (you ask) If the $name entry is missing or empty you end up with guestbook entries that are blank -- not a very good looking guestbook.

Note that this simple guestbook is ensuring that no < characters are put into the geustbook file without being encoded. This prevents someone from maliciously writing PHP code in their comment that could, for example, delete all of your files!

We took care of the programming danger but there is also potential social danger in a guestbook. Someone may write something that is offensive or slanderous and the entry is effectively anonymous - there it no way to know who did it.

Because of the potential for abuse, the "simple-php-guestbook" data file is re-initialized every time this page is loaded.

If you view the source of my real guestbook (use the "Guestbook" button in the site navagation column at the left of the screen then use the "Show me how" button to view its source) you will see that it checks for the presence of the $name value and it also encodes any "<" characters.

Size provisions

When thousands of people have signed your guestbook, it may take a very long time for its contents to be viewed.

The viewing procedure should only show a limited number of entries and then provide a means to scroll or page through the entries.