Instant PHP/MySQL Guestbook

This is a message board program written in PHP over MySQL database.



Live Demo Guestbook

Control Panel Screenshots (Launched in a new window)

Main Features

  • UTF-8 messages (and only UTF-8 messages). For example, the count of UTF-8 characters is used as the message length, not the number of bytes of the message string.
  • Template based pages. All pages are constructed from templates. The program itself does not hardcode any HTML markups.
  • Comprehensive field validation. All fields including the message itself are thoroughly checked. The lengths are validated and the contents are properly escaped to prevent JavaScript/SQL injection.
  • Pending/Censored/Private messages. You can moderate the guestbook by holding messages for review or blocking out message content from public viewing. This guestbook also works like a contact form by allowing your guests to send private messages.
  • Owner comment. You can add a comment to a message. This is especially useful when you decide to censor a message -- you might want to give a brief explanation.
  • Exporting messages in HTML You can archive your old messages by exporting them as static HTML pages. These pages are also based on customizable templates. (Note: Your site must allow PHP to execute a little longer as exporting a large number of messages can be slow.)

Other Features

  • Visual confirmation (Captcha). This guestbook has a built-in 6-character code generator. While waiting for confirmation, the code is saved in the database, not in a browser cookie. Also, the code expires if your guest does not enter the code in 5 minutes.
  • 5 custom fields. You can store up to 5 custom fields with a message.
  • 30 emoticons. You can display up to 30 emoticons in a message. (The reason of limiting the number of emoticons is that this program does not save the actual image URLs with a message. The emoticon codes are replaced with images only when a message is displayed. Having more emoticons means more time spent on processing a message for display.)
  • 10 predefined HTML tags. You can enable/disable any of the 10 predefined HTML tags. (This is a design decision. Allowing the administrator to allow arbitrary HTML tags in a message may increase the possibility of JavaScript injection.)
  • Email notification. As the owner of the guestbook, you can receive email notification whenever a guest signs your guestbook. The template of the email notification is also customizable.
  • Time zone support. You can set up the time zone for where you are, not where your server is.
  • Built-In counter. A built-in counter comes with this guestbook. You can decide after how long the program should count the same IP address again. You can also reset the counter at any time.
  • Quick search. Your guests can search the names, messages or comments. The minimum length of the keywords can be restricted, so that your database server is not wasted on meaningless searches such as searching for letter 'a'.
  • Word filter. For those who insist on proper word choices, a message can be checked against word patterns. Wild-card characters '+' and '*' are supported. If a message is found to be "improper," you can choose to reject the message, or accept the message but hold it for your review.
  • IP address filter. If your site is popular and prone to attacks, this feature might be useful. You can block certain IP addresses from signing your guestbook.
  • Message volume control (or flood control). You can specify up to how many messages from the same IP address can sign your guestbook in a period of time. This can be useful if a malicious visitor attempts to spam your guestbook with a lot of messages in a short period of time.


This page was last updated on .