← Back to Projects // PHP + MYSQL

Dynamic Guestbook System

A server-side rendered guestbook with PHP, demonstrating CRUD operations, input sanitization, CSRF protection, and MySQL persistence.

No entries yet. Be the first to sign!

// PHP + MySQL with CSRF Protection & Prepared Statements
<?php
session_start();
require_once 'config.php';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // Validate CSRF token
    if ($_POST['csrf_token'] !== $_SESSION['csrf_token']) {
        die('CSRF validation failed');
    }
    // Sanitize and insert via prepared statement
    $db = getDB();
    $stmt = $db->prepare(
        'INSERT INTO guestbook_entries (name, message) VALUES (?, ?)'
    );
    $stmt->execute([$name, $message]);
}
?>
                