A: 

You're going to have a few things to do:

  • Pick a data store. MySQL is a popular choice when working with PHP. It doesn't sound like this'll be high-volume, so most any persistent store would work.
  • When accepting input, you'll need to sanitize it for insertion into the DB (again, if using MySQL, check the docs), and then you'll execute an INSERT statement to put it into the database.
  • When displaying the page, you'll connect to the DB (check the docs), query data from the data store, loop over it, and echo each line after sanitizing it of any potentially malicious data.

A short example might be something like:

<?
// Assuming a database named "my_database" with a table called "chat_lines", which has "username", "line", and "timestamp" fields.
$db = mysql_connect("localhost", "username", "password");
mysql_select_db("my_database", $db);

// If data was posted to the script, scrub it and store it in the database.
if($_POST["username"] && $_POST["line"]) {
  mysql_query(sprintf("INSERT INTO chat_lines (username, line, timestamp) VALUES (\"%s\", \"%s\", NOW())",
    mysql_real_escape_string($_POST["username"]),
    mysql_real_escape_string($_POST["line"])
  ));
}

// Fetch all lines from the database in reverse chronological order
$result = mysql_query("SELECT * FROM chat_lines ORDER BY timestamp DESC");
while($row = mysql_fetch_assoc($result)) {
  echo sprintf("<div>%s said %s</div>", strip_tags($result["username"]), strip_tags($result["line"]));
}
?>

<form method="post">
  <div>Username: <input type="text" name="username" /></div>
  <div>Line: <input type="text" name="line" /></div>
  <input type="submit" />
</form>

That example makes assumptions about users being allowed to enter whatever username they want (that is, it doesn't assume to implement the authentication system), the data store and the existence of the table and all that, but should get you started. The PHP documentation is pretty extensive, and can be very useful. In particular, read Getting Started and the Language Reference.

Chris Heald  2010-08-28 10:31:53
I'm tempted to just hand out the answer right on the spot due to the flexibility of what you've given, although I think a database really is overkill here. I might combine elements of yours with Col Shrapnel.However, I really would like the naming to be automatic. Not so much so people can't impersonate one another; that isn't an issue. More to just keep it as simple as necessary from a use standpoint.
JBirch  2010-08-28 10:49:53
@JBirch though the whole idea of DB sanitization is wrong. There is not a thing "input sanitization". that's totally a misconcept.
Col. Shrapnel  2010-08-28 11:25:51
A: 

Well, yes, in PHP it's quite short.
Assuming Apache based authorization is used

<?
$file = "messages.txt";
if ($_SERVER["REQUEST_METHOD"]=="POST") {
  $_POST['mess'] = str_replace(array("\r","\n"),"",$_POST['mess']; 
  file_put_contents($file, $_POST['mess']." ".$_SERVER["REMOTE_USER"]);
  header("Location:".$_SERVER["PHP_SELF"]);
  exit;
}
echo nl2br(htmlspecialchars(file_get_contents($file)));
?>
<form method="POST">
<input type="text" name="mess">
<input type="submit">
</form>
Col. Shrapnel  2010-08-28 10:32:29
Very concise, and I see exactly what's happening, but from what I can see this isn't applying any sanitation to the input?
JBirch  2010-08-28 10:47:23
@JBirch You did not stated any danger to protect from. But ok, make it `echo nl2br(htmlspecialchars(file_get_contents($file)));` and `$_POST['mess'] = str_replace(array("\r","\n"),"",$_POST['mess'];`
Col. Shrapnel  2010-08-28 10:55:14
Is there a simple way to update the page when the submit button is pressed?
JBirch  2010-08-28 11:48:44
JBirch why do you think it is not?
Col. Shrapnel  2010-08-28 11:59:54
The page simply goes white. I'm willing to bet this is an issue with my domain, though. At the moment it's just a shell pointing to an IP address. I should really get around to fixing that...
JBirch  2010-08-28 12:54:58
Well, it does do what I'd like. For some reason, the header function seems to return an error, but removing that line makes everything work. I'll look into `header()` and my environment a bit more in the coming days and see if I can get it working. Thanks for your answer.
JBirch  2010-08-28 14:10:40

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases