Like this article? We recommend
Like this article? We recommend
Like this article? We recommend
Adding Reviews
First, from a code organization standpoint, it’d be better to put all of the review logic into one or more includable files and then include it on product pages:
include('includes/reviews.php');
This way, the product pages can remain unadulterated and the same review code can easily be used, or modified, as needed. The reviews.php script would do several things:
- Show the review form
- Handle the review form
- List the existing reviews
- Handle secondary actions, such as flagging reviews or comments as inappropriate, indicating that reviews were helpful, adding comments to reviews, indicating that comments where helpful, and so forth
Hopefully you’ve done plenty of web development already, so you know that a form for adding reviews would just be like so:
<form action="thispage.php" method="post" accept-charset="utf-8">
<fieldset><legend>Review This Product</legend>
<p><label for="rating">Rating</label><input type="radio" name="rating"
value="5" /> 5 <input type="radio" name="rating" value="4" /> 4
<input type="radio" name="rating" value="3" /> 3 <input type="radio"
name="rating" value="2" /> 2 <input type="radio" name="rating" value="1" /> 1</p>
<p><label for="review">Review</label><textarea name="review" rows="8" cols="40">
</textarea></p>
<p><input type="submit" value="Submit Review"></p>
<input type="hidden" name="product_type" value="actual_product_type" id="product_type">
<input type="hidden" name="product_id" value="actual_product_id" id="product_id">
</fieldset>
</form>
Clearly you’d want to use some CSS to make it pretty, but that’s the basic idea. The main catch is that the product ID and product type (or whatever the database must have in order to associate a review with an item) must be stored in hidden inputs. You’d have the PHP script that displays the product write these values to the inputs.
If login is required, you might add (PHP) code that only shows the form to logged-in users, or prints a comment saying the user must log in to review the product. Similarly, if you have a system in place for guaranteeing a person only ever reviews a product once, you’d have PHP check for that scenario before showing this form.
The form submission could go to a new page, but then the user would need to click the Back button to return to the product page, which isn’t ideal. I would instead submit the form back to the product page. For example, on any dynamic website, the same PHP script is used to display all the content of a specific type. In my Effortless E-Commerce with PHP and MySQL book, the first example site uses the page.php script to show any page of content. The action attribute of the form would point to the same page.php. You can accomplish this by just leaving the attribute empty, or by using PHP to dynamically set the value.
For the reviews.php script to know when to handle a form submission, it can check how the script was accessed:
if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form.
When the review form is submitted, the form data should be validated. You should also apply strip_tags() to the data to prevent Cross-Site Scripting (XSS) attacks or other bad behavior. And non-numeric values would be run through an escaping function, such as mysqli_real_escape_string(). Or you could just use prepared statements or stored procedures for better security and performance.
If you add an anchor to the form’s action attribute—action="page.php#reviews"—the user will be taken to the reviews section of the page upon the submission, which is a nice touch.
If the reviews.php script is also handling some of the other actions—inappropriate reviews or comments, helpful indicators, etc.—the script would need to watch for those submissions, too. I would use hidden inputs named “task” to indicate which action is being taken.