It's a hard question to answer without more information. There are a number of things you should consider when looking at implementing commenting on an existing website.
How will you address the issue of spam? It doesn't matter how remote your website is, spammers WILL find it and they'll filled it up in no time. You may want to look into something like reCAPTCHA (http://recaptcha.net/).
The structure of the website may also influence how you implement your comments. Are the comments for the overall site, a particular product or page, or even another comment? You'll need to know the relationship between the content and the comment so you can properly define the relationship in the database. To put it another way, you know you want an email address, the comment, and whether it is approved or not, but now we need a way to identify what, if anything, the comment is linked to.
If your site is already established and built on a PHP framework (CakePHP for instance) you'll need to address how to integrate your code properly with what is already in place.
Lastly, there are a number of resources and tutorials on the web for PHP. If you do a quick google search for something along the lines of "PHP blog tutorial" I'm sure you'll find hundreds and the majority will show you step by step how to implement comments.
Normalization is your best friend in comment/rank/vote system. Learn it. A lot of sites are now moving to PDO ... learn that as well.
there are no right , right-er, or wrong (well there is) ways of doing it, you need to know the basic concepts and take them from there. IF you don't feel like learning, then perhaps invest in a framework like cakephp or zend framework, or a ready made system like wordpress or joomla.
I'd also recommend the book wicked cool php scripts as it has a comment system example in it.
This is my way i do comments (I think its secure):
<h1>Comment's:</h1>
<?php
$i = addslashes($_POST['a']);
$ip = addslashes($_POST['b']);
$a = addslashes($_POST['c']);
$b = addslashes($_POST['d']);
if(isset($i) & isset($ip) & isset($a) & isset($b))
{
$r = mysql_query("SELECT COUNT(*) FROM $db.ban WHERE ip=$ip"); //Check if banned
$r = mysql_fetch_array($r);
if(!$r[0]) //Phew, not banned
{
if(mysql_query("INSERT INTO $db.com VALUES ($a, $b, $ip, $i)"))
{
?>
<script type="text/javascript">
window.location="/index.php?id=".<?php echo $i; ?>;
</script>
<?php
}
else echo "Error, in mysql query";
}
else echo "Error, You are banned.";
}
$x = mysql_query("SELECT * FROM $db.com WHERE i=$i");
while($r = mysql_fetch_object($x) echo '<div class="c">'.$r->a.'<p>'.$row->b.'</p> </div>';
?>
<h1>Leave a comment, pl0x:</h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<input type="hidden" name="a" value="<?php $echo $_GET['id']; ?>" />
<input type="hidden" name="b" value="<?php $echo $_SERVER['REMOTE_ADDR']; ?>" />
<input type="text" name="c" value="Name"/></br>
<textarea name="d">
</textarea>
<input type="submit" />
</form>
This does it all in one page (This is only the comments section, some configuration is needed)
Create a new table called comments
They should have a column containing the id of the post they are assigned to.
Make a form which adds a new comment to that table.
An example (not tested so may contain lil' syntax errors): I call a page with comments a post
Post.php
<!-- Post content here -->
<!-- Then cmments below -->
<h1>Comments</h1>
<?php
$result = mysql_query("SELECT * FROM comments WHERE postid=0");
//0 should be the current post's id
while($row = mysql_fetch_object($result))
{
?>
<div class="comment">
By: <?php echo $row->author; //Or similar in your table ?>
<p>
<?php echo;$row->body; ?>
</p>
</div>
<?php
}
?>
<h1>Leave a comment:</h1>
<form action="insertcomment.php" method="post">
<!-- Here the shit they must fill out -->
<input type="hidden" name="postid" value="<?php //your posts id ?>" />
<input type="submit" />
</form>
insertcomment.php
<?php
//First check if everything is filled in
if(/*some statements*/)
{
//Do a mysql_real_escape_string() to all fields
//Then insert comment
mysql_query("INSERT INTO comments VALUES ($author,$postid,$body,$etc)");
}
else
{
die("Fill out everything please. Mkay.");
}
?>
You must change the code a bit to make it work. I'n not doing your homework. Only a part of it ;)
You can create a 'comment' table, with an id as primary key, then you add a text field to capture the text inserted by the user and you need another field to link the comment table to the article table (foreign key). Plus you need a field to store the user that has entered a comment, this field can be the user's email. Then you capture via GET or POST the user's email and comment and you insert everything in the DB:
"INSERT INTO comment (comment, email, approved) VALUES ('$comment', '$email', '$approved')"
This is a first hint. Of course adding a comment feature it takes a little bit. Then you should think about a form to let the admin to approve the comments and how to publish the comments in the end of articles.
I'm working on this right now as well. You should also add a datetime of the comment. You'll need this later when you want to sort by most recent.
Here are some of the db fields i'm using.
id (auto incremented)
name
email
text
datetime
approved
Source: Stackoverflow.com