Blog Creation
12 Jun 2009 @ 02:31PM

Updated: 26 Jan 2010 @ 02:48PM
So, previously we've coded the ability to view existing blogs. Following that, we created our user authentication section. With that out of the way, the next big thing this site needs is for bloggers to be able to actually add new blog entries. Also, we want to allow a blogger to go back and edit a previous blog entry. Since the interface for creating and editing should be fairly similar, we'll combine the two to reduce coding. How will we accomplish such magic? Read on to find out.
Comments (0)
if (loggedIn && accessLevel == 255)
{
     content += @"<li><a href=''>Create Account</a></li>";
}
if (loggedIn && accessLevel >= 100)
{
     content += @"<li><a href='default.aspx?option=writeBlog'>Write Blog Entry</a></li>
                    <li><a href=''>See New Entries</a></li>"
;
}

We begin by adding a link to the Write Blog Entry menu option. This will just pass a GET variable called option with a value of writeBlog. That way we can catch this variable on a page load and run the appropriate code. I've also made another change by giving anyone with an accessLevel of 100 or more the ability to write blogs and see new entries. However, it still requires an accessLevel of 255 to create a new account. This is more in line with our initial goals.
Comments (0)
if (getVariable("logon", var.GET) == "true" || loginFailed)
{
     content += showLogon();
}
else
{
     bool showblogs = true;
     int blogID = 0;
     switch (getVariable("option", var.GET))
     {
          case "writeBlog":
               if (accessLevel < 100)
               {
                    break;
               }
               showblogs = false;
               try
               {
                    blogID = Convert.ToInt16(getVariable("blogID", var.GET));
               }
               catch { }
               content += writeBlog(blogID);
               break;
     }
     if(showblogs)
     {
          content += showBlogs();
     }
     
}

The above code is in the Page_Load() method. First we check to see if a request for the logon form has been passed. If not, we next initialize a variable called showblogs and set it to true. We then look for the option GET variable. Right now there's only one option, but it'll grow as we flesh out our app. Within the writeBlog section, we check to make sure the user has enough rights to do this... if not, we immediately exit out and continue to execute the code. In this case, since showblogs is still true, we just spit out the blog list. To a user, it would appear that option=writeBlog had absolutely no effect.

For anyone that does pass muster, we initialize a variable called blogID to 0, then see if it's been passed as a GET variable. This is to set up our ability for editing existing blogs. We then run a method called writeBlog() and pass in blogID as an argument. Remember, we initialized it to 0, so if we're not passing along the blogID GET variable, it'll get passed in as 0. We'll be using that to our advantage in the writeBlog() method.
Comments (0)
private string writeBlog(int blogID)
{
     string content = null, blogTitle = null, blogText = "";
     DateTime displayDate = DateTime.Now;
     bool visible = true;
     int numComments = 0;

     if (blogID > 0)
     {
          //editing blog

     }
     content += @"<form method='POST' action='default.aspx' style='display: inline;'><div class='blogEntry'>
          <div class='blogTitle'>
               <div class='title'>Title:<input name='blogTitle' size=60 value='"
+ blogTitle + @"'> Visible:<input type='checkbox' name='visible'";
     if (visible) { content += " checked"; }
     content += @"</div>
          </div>
          <div class='blogSubTitle'>
               <div class='author'>By "
+ displayName;
     if (showEmail) { content += " (<a href=\"mailto: " + email + "\">" + email + "</a>)"; }
     content += @"</div>
               <div class='date'><input name='displayDate' value='"
+ displayDate + @"'></div>
          </div>
          <div class='text'><textarea name='blogText' rows=10 style='width: 100%;'>"
+ blogText + @"</textarea></div>
          <div class='comments'>Comments ("
+ numComments + @")</div>
     </div>
     <input type='hidden' name='blogID' value='"
+ blogID + @"'>     
     <input type='submit' name='option' value='Save Blog'>
     <input type='reset' value='Clear'></form>
     <form action='default.aspx' style='display: inline;'>
          <input type='submit' value='Cancel'>
     </form>"
;

     return content;
}

Toward the top you can see where I initialize various variables. With the exception of the displayDate and numComments, these are to support editing. We'll come back to this method to make more changes later. The section of code checking if the blogID > 0 is, also, to support editing. The code to retrieve the information to edit will exist in this block. For now, it's just a placeholder.

Below that we actually create our editing form. I basically stole the layout for blog display, then adapted it as an input form. There's nothing really tricky going on here. I have input forms for all the blog fields I need, a button to submit it, a button to clear the form, and a button to just go back to the regular page view.
Comments (0)
Now let's get the input and stick it into the database.
switch (getVariable("option", var.POST))
{
     case "Save Blog":
          if (accessLevel < 100)
          {
               break;
          }
          try
          {
               blogID = Convert.ToInt16(getVariable("blogID", var.POST));
          }
          catch { }
          content += saveBlog(blogID);
          break;
}

This code sits in the Page_Load() method, right after our switch/post looking for GET variables. Since we're POSTing from the blog writing page, we need a separate switch/case to handle that. Within, I check for security level, look for a blogID (once again to support editing in the future) and then execute the method saveBlog().
Comments (0)
private string saveBlog(int blogID)
{
     string content = null;

     //initialize variables
     string select = null;
     string blogTitle = sanitize(getVariable("blogTitle", var.POST), clean.DB);
     string blogText = sanitize(getVariable("blogText", var.POST), clean.DB);
     int visible = (getVariable("visible", var.POST) == "off") ? 0 : 1;
     DateTime displayDate = DateTime.Now;
     try
     {
          displayDate = Convert.ToDateTime(getVariable("displayDate", var.POST));
     }
     catch { }

     if (blogID > 0)
     {
          //edit an existing blog
     }
     else
     {
          //create a new blog
          select = @"INSERT INTO blogs
          (userID, blogTitle, blogText, visible, createDate, displayDate, modifiedDate)
               VALUES
          ("
+ userid + ", '" + blogTitle + "', '" + blogText + "', " + visible + ", getdate(), '" + displayDate + "', getdate())";
          
     }
     query(select);

     return content;
}

In the method, we first initialize our variables by fetching what was POSTed over. We then have an if/else decision to see if this is an edit or new blog entry, leaving the edit section blank. Within the new branch, we construct our insert statement, then execute it after the if/else block. And that's it. If you notice, even though we're returning content to append to the visible page, it's actually null and never gets anything put into it. You could convert this method to have a void return type, or you could add additional error checking. For instance, if the blogTitle or blogText are empty, you could stop execution and return an error. You could also return a success message after the blog is created/edited. However, we'll leave it like this. No need to get too fancy, this tutorial is quite long without it.

With this code added, you can now add blogs. Give it a try if you'd like. With that functional, it's time to move on to deleting and editing the blogs. Below you will find a zip file with everything from our website to this point.

Files To This Point
Comments (0)