Ever since my free host doesn’t allow me to use SMTP to send email from my website, I’ve got a serious problem of obtaining feedback from my visitors. Some told mailed me saying “Your feedback form sucks, it didn’t work, and always return an error.” Well the question is why need a feedback form? The answer is your visitor may want to contact you and yet remain anonymous then they can send a feedback instead of an email. Secondly, when you’re browsing a site and you want to say something about it, its far easier to scribble something on a feedback form on the side bar than click ->contact to check the admin email then open an email program (or webmail) and send a mail.

So, I’ve made my point clear about the benefit of having a feedback form. The obvious question is how do I get feedback when I couldn’t send mail from my website? In my search I found an answer, use php and MySQL which ofcourse my host still allows me to do so. So, get ready for a little bit of scripting.

So here’s what we need:

First Part:

  1. A database that hold User feedback say feedback.
  2. A simple html file that you can accept feedback from visitors say userfeedback.php.
  3. A form handler to insert the information from the feedback.html file well in my case I posted the form to itself.

#1. For the database I created a very simple database with the following command:

CREATE TABLE feedback
(id INT(6) NOT NULL AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(70),
email VARCHAR(70))
message text,
daycreated datetime);

#2. For the simple userfeedback.php file I created, the following is the code, and since I’m posting the form to it self hence the file could handle the feedback and populate the database.

<html>
<head>
<title>Simple Feedback Form</title>
</head>
<body>
<?php
$host = ""; // Here you should enter your host name
$db_user = ""; // Enter your database username
$db_password = ""; //Enter your database password
$db = ""; //Enter the database name
$tbl_name="feedback"; // Table name
 
$name = trim($_POST['name']);
$email = trim($_POST['email']);
$message = trim($_POST['message']);
 
if($email and $message){     //check if email address and message is entered
 
 // Connect to server and select databse.
mysql_connect("$host", "$db_user", "$db_password")or die("cannot connect");
mysql_select_db("$db")or die("cannot select DB");
 
$query = 'INSERT INTO '.$tbl_name.' SET name = "'.$name.'", email = "'.$email.'", message = "'.$message.'",daycreated = NOW()';
 
if(mysql_query($query)){
echo '<p><strong>Thank you for your querry. we\'ll get back to you soon.</strong></p>';
}
else
{
echo '<p>Opps!, your entry could not be submitted.</p>';
}
}
else    //if email and message is not entered then show them the form..
{
?>
<p>Kindly fill up the feedback form</p>
<form action="" method="post">
<label>Your Name:</label>
<input type="text" name="name" value="" /><br />
<label>Your Email:</label>
<input type="text" name="email" value="" /><br />
<label>Enter your Message:</label><br />
<textarea cols="15" rows="3" name="message"></textarea><br />
<input type="submit" value="Send Feedback" />
</form>
<?php
} //Closing the else statement
?>
 
</body>
</html>

Now the part of getting the information from the visitor is completed. With time you’ll find that your feedback form is full of spam message sent by bots. So as you’ll need a CAPTCHA. Well personally its a time consuming to code a CAPTCHA yourself. So best option is use and API like reCAPTCHA which is free and reliable [More on this later on].

Second Part

We’ll need an authentication method to access those information from the database and in turn delete or take action. In my case since I’m the only admin of the site hence I didn’t bother to put a page for user registration. While at the same time I don’t want to use myphpadmin to check my database every time, hence I device a simple script to do that. So here are the steps:

#1. Create a user database and add an admin information as follows :

CREATE TABLE USER
(
username VARCHAR(70),
password VARCHAR(70)
);
-----
INSERT INTO USER
VALUES('admin',md5('admin'));

I encrypt the password using md5 hashing method. It is always advisable to encrypt a stored password.

#2. Since we need to connect to the same database more than from one page hence it is more convenience to create a dbinfo.inc file which include all necessary variables for connecting to the database. I created mine as follows

<?php
$host = ""; // Here you should enter your host name
$db_user = ""; // Enter your database username
$db_password = ""; //Enter your database password
$db = ""; //Enter the database name
?>

This file can be included from any php file with the include function.

#3. To login to the system we need a simple login.php file. Here a session variable is created to uniquely identify the user.

<?php 
 if(isset($_SESSION['authenticated'])) //This check if the user has already login or not.
 header("location:feedback.php"); //If the users is authenticated then redirect to the feedback.php file to see feedback from database.
 ?>
<html>
<head>
<title>Check Feedback of Clients</title>
</head>
<body>
<p>Please Login to Monitor</p>
<form action="authenticate.php" method="post">
<label>Username:</label><input type="text" name="username" /><br />
<label>Password:</label><input type="password" name="password" /><br />
<input type="submit" value="Login" name="submit" />
</from>
</body>
</html>

NOTE: the form action attribute is authenticate.php this means that all input from this form will be handled by the authenticate.php file.

#4. Another file to authenticate the user. Depending on the user input, check the database and validate the username. I created a file called authenticate.php for this purpose. The code is as follows:

<?php
session_start();
ob_start();
include('dbinfo.inc'); //Include the file that contain database connection information
$tbl_name="user"; // Name of the table you want to query.
 
// Connect to server and select databse.
mysql_connect("$host", "$db_user", "$db_password")or die("cannot connect");
mysql_select_db("$db")or die("cannot select DB");
 
// username and password sent from form
$myusername=$_POST['username'];
$mypassword=$_POST['password'];
 
// stripslashes() function To protect MySQL injection is required
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
 
//since the password stored in the database is md5 encrypted hence the password entered by the user is also required to be encrypted
$en_mypassword = md5($mypassword); 
 
$query="SELECT * FROM ".$tbl_name." WHERE username='".$myusername."' and password='".$en_mypassword."'";
$result=mysql_query($query);
 
// mysql_num_rows() function to count no of rows.
// If result matched $myusername and $mypassword, table row must be 1 row
$count=mysql_num_rows($result);
 
if($count==1){
// IF the count is 1 then set the user as authenticate and redirect the user to feedback.php
$_SESSION['authenticated']=true;
header("location:feedback.php");
}
else{
  echo 'wrong username or password';
 echo "<meta http-equiv=\"refresh\" content=\"0;URL=login.php\">"; //Redirect to login.php page
}
?>

Here the input from the login.php file are compared with the data present in the database, and then set a session variable to authenticate the user.

#5. After successfully authenticating the user, now we need to create another file that can look up the feedback database and display the results in rows and column, then use a check box to delete the database if necessary. I created a file called feedback.php and added the following code.

<?php
session_start(); 
if(!isset($_SESSION['authenticated'])) //This part check if the user is authenticated or not.
   header("location:login.php"); //If authenticated Session variable is not present then redirect to login.php page.
?>
<html>
<head>
<title>Feedback From Visitor</title>
<!--The Stylesheet here is for making the rows of the table to appear in two shades.-->
<style type="text/css">
table{
 width:100%;
 border:0;
}
td{padding:5px; border:#000 1px solid;
margin:0;}
tr.head{
 margin:0; color:#fff; background:#222;font-weight:bold;
}
tr.odd{ 
}
tr.even{
 background:#ccc;
}
</style>
</head>
<body>
<?php
include('dbinfo.inc.php');
$tbl_name="feedback";// Name of the feedback table
 
// Connect to server and select databse.
mysql_connect("$host", "$db_user", "$db_password")or die("cannot connect");
mysql_select_db("$db")or die("cannot select DB");
$delete = $_POST['delete']; //This code check if the user clicked the delete button
if($delete)
{
 //CODE TO DELETE ENTRIES...
 $checkbox = $_POST['checkbox'];
 $cc = $_POST['count'];
 for($i=0;$i<$cc;$i++){
 $del_id = $checkbox[$i];
 $sql = 'DELETE FROM '.$tbl_name.' WHERE id="'.$del_id.'"';
 $result = mysql_query($sql);
 
 if($result){
 echo "<meta http-equiv=\"refresh\" content=\"0;URL=feedback.php\">";
 }
 }
}
else
{
 $sql="SELECT * FROM ".$tbl_name." ORDER by daycreated";
 $result = mysql_query($sql);
 
 if(!$result)
 {
 echo '<p style="color:#C00;">Could not feedback entries.<br /><br /><a href="logout.php">Logout</a></p>';
 }
 else
 {
 echo '<form action="" method="post"><table><tr class="head"><td>Check to Delete<td>ID</td><td>Name</td><td>Email</td><td>Message</td><td>Date</td>';
 
//This section will browse through the database and display the feedback from visitors
 $count=mysql_num_rows($result);
 
//This variable is to check the rows if it is odd or even
$rn = 0;
 while($row = mysql_fetch_array($result))
 {
 if(($rn%2)==0)
 {
 echo '<tr class="even">';
//This is required to select the information you want to delete
 echo '<td><input name="checkbox[]" type="checkbox" value="'.$row['id'].'"></td>';
 echo '<td>'.$row['id'].'</td>';
 echo '<td>'.$row['name'].'</td>';
 echo '<td>'.$row['email'].'</td>';
 echo '<td>'.$row['message'].'</td>';
 echo '<td>'.$row['daycreated'].'</td>'; 
 echo '</tr>';
 }
 else
 {
 echo '<tr class="odd">';
 echo '<td><input name="checkbox[]" type="checkbox" value="'.$row['id'].'"></td>';
 echo '<td>'.$row['id'].'</td>';
 echo '<td>'.$row['name'].'</td>';
 echo '<td>'.$row['email'].'</td>';
 echo '<td>'.$row['message'].'</td>';
 echo '<td>'.$row['daycreated'].'</td>';
 echo '</tr>';
 }
 $rn++;
 }
 echo '</table>';
 echo '<input type="hidden" value="'.$count.'" name="count" />';
 echo '<input type="submit" value="Delete Selected" name="delete" /> </form>';
 }
}
?> 
<div><a href="logout.php">Logout</a></div>
</body>
</html>

#6. Finally when you’ve successfully look out your feedback from clients, now you need to logout of the system. Hence another file I called logout.php is required to be coded. Basically what you need to do is destroy the session variable created and redirect the page to the login.php page, here is the code.

<?php
session_start();
session_destroy(); //This function will destroy all information in the Session Variable. 
?>
<html>
<head>
<title>Logout Successfull</title>
</head>
<body>
Your are log out of the system...<br />
wait....
<?php 
echo "<meta http-equiv=\"refresh\" content=\"2;URL=login.php\">";
?>
</body>
</html>

Finally with all the above codes and files you can easily have a feedback page for you visitor to say something. You can extend this functionality to have a public page display the feedback/comment in the form of a guestbook. I know there are lots of freely available guestbook script, but if you want to customize, you’ll need to learn what the coder has coded, I find starting from scratch is the best way to learn new knowledge and be a guru of your own.

I’ve included a zip file for you to download the files which you can modify at your own will and like, here is the link feedback.zip