Hi everyone! I'm making my own blog framework, and I'd like to know the best way to store post's content. I planned for storing the content in files because I plan to support Markdown editing then updating the resulting php, but won't that be faster in a SQL Database? (storing the MArkdown sources externally then storing the result in a DB?)

Thanks in Advance.
Post not working but the style is defined.

Either MySQL/MariaDB or sqlite will probably do.

Well, I would go for mySQL as it is easy to implement with PHP and mySQL is fun.

But then again, i wrote for withg a blog which uses system-msg as a backend which uses markdown, it can be found here: http://withg.org/blog/

Well, system-msg already stored to flat files, you just wrote a web interface for it instead of using it as a backend.

Quote from: Sorunome on February 18, 2014, 04:45:43 pm

Well, I would go for mySQL as it is easy to implement with PHP and mySQL is fun.

But then again, i wrote for withg a blog which uses system-msg as a backend which uses markdown, it can be found here: http://withg.org/blog/

Well, system-msg already stored to flat files, you just wrote a web interface for it instead of using it as a backend.

Yeah, if it wouldn't already exist as files, i would've have probably gone for database.

well, storing would be then like
INSERT INTO `blog_posts` (post,whateverOtherColumnsYouWantToSet) VALUES ('%s','%s')
Well, substituting %s  with the corresponding value of cource

Updating would be like this:
UPDATE `blog_posts` SET post='%s' WHERE postId=%d
If you want to update more columns, just add them with a comman, like this:
post='%s',name='5s'

And to fetch:
SELECT post,name,whatever FROM `blog_posts` WHERE postId`%d


I hope that quick guide helped a tad

nonononono, NEVER put php variables directly into a query, evil things can be done then easilly, like SQL injection and stuff like that.

Allow me to copy-pasta you a function i wrote that does all that escaping stuff automatically:
class Sql{
private $mysqliConnection;
private $queryNum;
public function __construct(){
$this->queryNum = 0;
}
private function connectSql(){
if(!isset($this->mysqliConnection)){ //if no connection yet we create one
$this->mysqliConnection = new mysqli('localhost','sql_user','sql_password','sql_database');
if ($this->mysqliConnection->connect_errno)
die('Could not connect to SQL DB: '.$this->mysqliConnection->connect_errno.' '.$this->mysqliConnection->connect_error);
$this->mysqliConnection->autocommit(true);
}
}
public function query($query,$args = [],$num = false){
$this->connectSql(); //connect to sql
for($i=0;$i<count($args);$i++) //escape arguments
$args[$i] = $this->mysqliConnection->real_escape_string($args[$i]);
$result = $this->mysqliConnection->query(vsprintf($query,$args)); //insert arguments in query and execute it
$this->queryNum++; //add one to the query counter
if($this->mysqliConnection->errno==1065) //empty
return array();
if($this->mysqliConnection->errno!=0)
die($this->mysqliConnection->error.' Query: '.vsprintf($query,$args));
if($result===true) //nothing returned
return array();
$res = array();
$i = 0;
while($row = $result->fetch_assoc()){
$res[] = $row;
if($num!==false && $i===$num){ //if the user set an element then we only reaturn that one
$result->free();
return $row;
}
if($i++>=150) //we don't want php to mem overflow
break;
}
if($res === []){ //if the result is empty we create a dummy array with the assoc fields, each containing NULL
$fields = $result->fetch_fields();
for($i=0;$i<count($fields);$i++) //create each field and set it to NULL
$res[$fields[$i]->name] = NULL;
if($num===false) //if we didn't set an element we expect it to be an array in an array
$res = array($res);
}
$result->free();
return $res; //return the result
}
}
$sql = new Sql();
Ok, this has also some features you may actually won't need, lol.
The key is to do a mysqli_real_escape_string() on all your data before putting it in, and be sure, that if you enter a string in SQL you put single quotes around it.
Example usage:
$res = $sql->query("SELECT * FROM `blog_posts` WHERE id=%d",[$number]);
$res will contain now an array with all results, but, as in this case, you only need the first result, I would do something like:
$res = $sql->query("SELECT * FROM `blog_posts` WHERE id=%d",[$number],0);
The 0 tells it to only grab the first result.
If the result is empty that function will still create array stuff, but put NULL everywhere in.

Oh, another example for string stuff:
$sql->query("INSERT INTO `blog_posts` (post,name) VALUES ('%s','%s')",[$post,$name]);

Ok, maybe that was a bit overkill now, you can write your own functions too, just make sure you _real_escape_string() everything you put in and use single quotes around strings! And if you put in an int make sure it IS an int, you can do that by pre-fixing the php variables with (int), example: (int)$id

oh, ok, nice! But i would still use the single quotes on strings

Hi back!

Currently trying to implement correctly back-side, I need to support sessions. How do I manage them the best way? Don't remember my lessons... --"