Noupe Editorial Team June 17th, 2009

How To Create Your Own Stats Program (JavaScript, AJAX, PHP)

Kein Beitragsbild

Noupe Editorial Team

The jungle is alive: Be it a collaboration between two or more...


When creating a website, one main goal is to attract visitors. Traffic generation is a necessity for monetary purposes, showing off your work, or just expressing your thoughts. There are many ways to create traffic for your website. Search engines, social bookmarking, and word of mouth are just a few examples. But how do you know whether this traffic is genuine? How do you know if your visitors are coming back for a second time?

Web Statistics

These questions have raised the concept of web statistics. Often times, webmasters use certain programs, such as Google Analytics or Awstats, to complete this job for them. These programs obtain a wide variety of information about visitors to a site. They find page views, visits, unique visitors, browsers, IP addresses, and much more. But how exactly is this accomplished? Follow along as we present a tutorial on how to create your own web statistics program using PHP, JavaScript, AJAX, and SQLite.

View Demo of your Own Stats Program

To begin, let’s start with some simple HTML markup that will act as the page we are tracking:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" ""> 
<html xmlns="" dir="ltr" lang="en-US"> 
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> 
<title>Web Statistics</title>

<h2 id="complete"></h2>


The h2#complete element will be filled dynamically with JavaScript once the page view has successfully been tracked by our web statistics. To initiate this tracking, we can use jQuery and an AJAX request:

<script type="text/javascript" src=""></script>
<script type='text/javascript'> 
$(function() {
	// Set the data text
	var dataText = 'page=<?php echo $_SERVER['REQUEST_URI']; ?>&referrer=<?php echo $_SERVER['HTTP_REFERER']; ?>';

	// Create the AJAX request
		type: "POST",                    // Using the POST method
		url: "/process.php",             // The file to call
		data: dataText,                  // Our data to pass
		success: function() {            // What to do on success
			$('#complete').html( 'Your page view has been added to the statistics!' );

Consider the above code step by step:

  • When the DOM is ready, we first set our dataText. This text is in query string format and will be sent as data to process.php, which will track this page view.
  • We then create an AJAX request that uses the POST method to send form data.
  • Our form data (dataText) is then sent to process.php in the root of our server.
  • Once this request is completed, the h2#complete element is filled with a successful notice

Our next job is to write process.php. Its main goal is to obtain information about the web statistics and store it in a database. Since our database has not yet been made, we must create a simple file, install.php, which will do this for us:

SQLite Database

	# Open the database
	$handle = sqlite_open( $_SERVER['DOCUMENT_ROOT'].'stats.db', 0666, $sqliteError ) or die(  $sqliteError  );

	# Set the command to create a table
	$sqlCreateTable = "CREATE TABLE stats(page text UNIQUE, ip text, views UNSIGNED int DEFAULT 0, referrer text DEFAULT '')";

	# Execute it
	sqlite_exec( $handle, $sqlCreateTable );
	# Print that we are done
	echo 'Finished!';

This code is mostly straightforward. It opens up a database (stats.db) in the root of the server and creates a database for it. The string inside $sqlCreateTable is a SQLite command that makes our statistics table. This table contains four colums: Page, IP Address, Views, and Referrer:

  • Page is a String that contains the page being viewed as a relative link (i.e. /index.php).
  • IP Address is also a String that contains a list of IP Addresses that visited this page. It is in the format of numVisits1(IP Address1) numVisits2(IP Address2) numVisits3(IP Address3) etc. For example, if we obtained 10 visits from and 5 visits from (hypothetical ip addresses), this String would be "10( 5(".
  • Views is an integer containing the number of times the page has been viewed.
  • Referrer is a String in the same format as IP Address. It contains all referrers to this page and how many referrals have been made.

And now onto process.php:

# Connect to the database
$handle = sqlite_open( $_SERVER['DOCUMENT_ROOT'].'/stats.db', 0666, $sqliteError ) or die( $sqliteError );

# Use the same-origin policy to prevent cross-site scripting (XSS) attacks
# Remember to replace with your actual domain
if( strpos( $_SERVER['HTTP_REFERER'], '' ) !== 0 ) {
     die( "Do not call this script manually or from an external source." );

# Obtain the necessary information, strip HTML tags, and escape the string for backup proetection
$page = sqlite_escape_string( strip_tags( $_POST['page'] ) );
$referrer = sqlite_escape_string( strip_tags( $_POST['referrer'] ) );
$ip = sqlite_escape_string( strip_tags( $_SERVER['REMOTE_ADDR'] ) );

# Query the database so we can update old information
$sqlGet = 'SELECT * FROM stats WHERE page = \''.$page.'\'';
$result = sqlite_query( $handle, $sqlGet );

This first snippet connects to our stats database and gets the information we need for the current visit. It also queries the database and obtains any information previously stored. We use this information to create an updated table.

The next job is to find old information:

Old Statistics

# Set up a few variables to hold old information
$views = 0;
$ips = '';
$referrers = '';
# Check if old information exists
if( $result && ( $info = sqlite_fetch_array( $result ) ) ) { 
	# Get this information
	$views = $info['views'];
	$ips = $info['ip'].' ';
	if( $info['referrer'] )
		$referrers = $info['referrer'].' ';

	# Set a flag to state that old information was found
	$flag = true;

The above code finds all previous information in our table. This is vital, as we need to update the number of views (increase it by one), IP addresses, and referrers.

# Create arrays for all referrers and ip addresses
$ref_num = array();
$ip_num = array();

# Find each referrer
$values = split( ' ', $referrers );

# Set a regular expression string to parse the referrer
$regex = '%(\d+)\((.*?)\)%';

# Loop through each referrer
foreach( $values as $value ) {
	# Find the number of referrals and the URL of the referrer
	preg_match( $regex, $value, $matches );
	# If the two exist
	if( $matches[1] && $matches[2] )
		# Set the corresponding value in the array ( referrer link -> number of referrals )
		$ref_num[$matches[2]] = intval( $matches[1] );
# If there is a referrer on this visit
if( $referrer )
	# Add it to the array
# Get the IPs
$values = split( ' ', $ips );

# Repeat the same process as above
foreach( $values as $value ) {
	# Find the information
	preg_match( $regex, $value, $matches );
	# Make sure it exists
	if( $matches[1] && $matches[2] )
		# Add it to the array
		$ip_num[$matches[2]] = intval( $matches[1] );

# Update the array with the current IP.

The above two loops are very similar. They take in the information from the database and parse it with regular expressions. Once this information is parsed, it is stored in an array. Each array is then updated with the information from the current visit. This information can then be used to create the final String:

# Reset the $ips string
$ips = '';

# Loop through all the information
foreach( $ip_num as $key => $val ) {
	# Append it to the string (separated by a space)
	$ips .= $val.'('.$key.') ';

# Trim the String
$ips = trim( $ips );

# Reset the $referrers string
$referrers = '';

# Loop through all the information
foreach( $ref_num as $key => $val ) {
	# Append it
	$referrers .= $val.'('.$key.') ';

# Trim the string
$referrers = trim( $referrers );

The final strings are now created. IPs and Referrers are in the form: “numVisits1(IP/Referrer1) numVisits2(IP/Referrer2) etc.” For example, the following could be the referrer String:

5( 10(

It means that 5 referrals came from and 10 came from This format saves space and is easy to parse as web statistics.

Now for the final few lines:

# Update the number of views
# If we did obtain information from the database
# (the database already contains some information about this page)
if( $flag )
	# Update it
	$sqlCmd = 'UPDATE stats SET ip=\''.$ips.'\', views=\''.$views.'\', referrer=\''.$referrers.'\' WHERE page=\''.$page.'\'';

# Otherwise
	# Insert a new value into it
	$sqlCmd = 'INSERT INTO stats(page, ip, views, referrer) VALUES (\''.$page.'\', \''.$ips.'\',\''.$views.'\',\''.$referrers.'\')';
# Execute the commands
sqlite_exec( $handle, $sqlCmd );

That’s all there is to it for process.php. As a review, it finds the IP Address and Referrer of the visitor, uses the values to create two Strings, increases the number of views of the page by one, and places all of these values into the database.

There is now only one task left. We have to display the web statistics. Let’s call the following file display.php:

Display The Statistics

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" ""> 
<html xmlns="" dir="ltr" lang="en-US"> 
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Web Statistics Display</title>

	# Open up the database
	$handle = sqlite_open( $_SERVER['DOCUMENT_ROOT'].'/stats.db', 0666, $sqliteError ) or die( $sqliteError );
	# Get all the statistics
	$sqlGet = 'SELECT * FROM stats';
	$result = sqlite_query( $handle, $sqlGet );
	# Create an unordered list
	echo "<ul>\n";
	# If there are results
	if( $result ) {
		$page_views = 0;
		$unique_visitors = 0;
		# Fetch them
		while( ($info = sqlite_fetch_array( $result ) ) ) {
			# Get the page, views, IPs, and referrers
			$page = $info['page'];
			$views = $info['views'];
			$ips = $info['ip'];
			$referrers = $info['referrer'];
			# Print out a list element with the $page/$views information
			if( $views == 1 )
				echo "\t<li>\n\t\t<p>$page was viewed $views time:</p>\n";
				echo "\t<li>\n\t\t<p>$page was viewed $views times:</p>\n";
			# Update the number of page views
			$page_views += $views;
			# Parse the data of IPs and Referrers using process.php's code 
			preg_match_all( '%(\d+)\((.*?)\)%', $ips, $matches );
			# Find the size of the data
			$size = count( $matches[1] );
			# Create a sub list
			echo "\t\t<ul>\n";
			# Loop through all the IPs
			for( $i = 0; $i < $size; $i++ ) {
				# Find the number of visits
				$num = $matches[1][$i];

				# Find the IP address
				$ip = $matches[2][$i];
				# Print the info in a list element
				if( $num == 1 )
					echo "\t\t\t<li>$num time by $ip</li>\n";
					echo "\t\t\t<li>$num times by $ip</li>\n";
				# Update the number of unique visitors
			# Repeat the whole process for referrers
			preg_match_all( '%(\d+)\((.*?)\)%', $referrers, $matches );
			$size = count( $matches[1] );
			# Loop through each one
			for( $i = 0; $i < $size; $i++ ) {
				$num = $matches[1][$i];
				$referrer = $matches[2][$i];
				# Print out the info
				if( $num == 1 )
					echo "\t\t\t<li>$num referral by $referrer</li>\n";
					echo "\t\t\t<li>$num referrals by $referrer</li>\n";
			# End the sub-list
			echo "\t\t</ul>\n";
			# End the list element
			echo "\t</li>\n";
		echo "\t<li>Total unique visitors: $unique_visitors</li>\n";
		echo "\t<li>Total page views: $page_views</li>\n";
	# End the unordered list
	echo "</ul>\n";
	# Close the database


It may seem daunting, but it is very similar to process.php. It parses the page, views, ip addresses, and referrers from the database. It then continues to output these in an unordered list format.

The final output is as follows:

Final Web Statistics

View Demo of your Own Stats Program

Thank you for reading and good luck!

Author: Karthik Viswanathan

Karthik Viswanathan is a high-school student who loves to program and create websites. You can view Karthik’s work on his two blogs, Resource Mania and Lateral Code. He has also developed a PHP library for traversing HTML documents, which can be found here.

Write for Us! We are looking for exciting and creative articles, if you want to contribute, just send us an email.

Noupe Editorial Team

The jungle is alive: Be it a collaboration between two or more authors or an article by an author not contributing regularly. In these cases you find the Noupe Editorial Team as the ones who made it. Guest authors get their own little bio boxes below the article, so watch out for these.


  1. Wow, what a tutorial. It’s nice to see some people take time to write such articles. There is alot of work into this! I will personnaly keep on using Google Analytics because their system works very well and the data visualization is quite good as well but this tut is excellent for knowing how web analytics are working. Thx

  2. This code is vulnerable to a persistent XSS attack, the most dangerous type of XSS attack, in both the referrer and page fields. You should fix this ASAP on your test server and in the code on this page as anyone who uses it will also have a persistent XSS vulnerability. The simplest method would be to use something like htmlspecialchars to escape html elements in the page and referrer variables.


  3. Wow, this is nice review indeed. I want to learn things like this too and seems like this is the great place to start:)

    Have a nice day!


  4. Gooooood job!

    To decrease the database size, you can create the PAGE table [MySQL example :: (id UNSIGNED MEDIUMINT, page VARCHAR(1024), local BIT)) and create two foreign keys on STATS table (PAGE_ID and REFERRER_ID) to consume less bytes. The system pages must be inserted with “LOCAL BIT” equal to 1 (system pages).

    It’s only a tip ;D

  5. Might want to look into that code – there is a XSS attack vector in there, infact some one seems to have exploited it already, when I viewed the stats page on the demo, I had an alert pop up telling me “This is remote text via xss.js located at”

      1. how can i applay this on my website? thank you very much

        i have tried with google analitics do not work at all

  6. looks like a nice and easy way to get stats in your site ;)

    i would personally not use the #-style comments but use the regular // and /* */ commenting style

  7. Wow! Nice to see design blogs taking tutorials to the next level! Web stats is definitely something I would like to understand. Thanks!

  8. Good article Karthik.

    It was impressive how fast you responded and fixed the XSS bug.

    I will persaonlly be using Google Analytics for my site as it has been on there for years but it is good to get a greater understanding of how these systems work and it could come in handy on other projects.

  9. While this might work great for smaller websites; for anything larger I would suggest parsing the apache logs and storing summaries.

  10. Using jQuery is in this case absolutely unnecessary! If Javascript is disabled, the vistior wouldn’t be noticed.
    You can simply include your porcess.php instead of the javascript and replace the two values which are passed by ajax with the php varibles.

    Although it’s a nice tutorial for beginners.

  11. As others have mentioned, there are a ton of security vulnerabilities in the code you have provided. SQL injection, XSS, etc. In addition, while i LOVE SQLite, and use it on several projects, if your site gets more than a few thousand hits a day, I wonder if SQlite, in the way you are using it, is going to be able to handle a large site.

    Also, by using this method, you’ll miss recording all of the mobile devices that dont/cant use javascript. This is our number one gripe currently with Google Analytics.

      1. Karthik, I just updated the code in the article.
        Thanks for taking the time to write this amazing tutorial to take us to the next level :)

  12. Would be very vulnerable to SQL injection I think… Would definitely have to patch that if you wanted to use this properly. And as Gilzow above says, SQLite probably would find it hard to cope with reasonably popular sites. MySQL on the other hand, is brilliant.

    Also consider that for this method, you need to load the whole jQuery script file [yes I know it’s minified] on every page, whereas you can quite easily accomplish the same thing in a couple of lines of simple JS. Something like this should be as unobtrusive as possible.

    1. Hi I’m new to php coding and I’m trying to add this to my new website and was wondering what would be a more simple way of just using javascript and not jOuery as you said it would be possible and easier

  13. come on people.this is a tutorial. at least it gives u a general idea on how the stats working. appreciate to those who points out on some of security issues. afterall we are here to learn new things. but do not just complaint about how poorly the scripts are or how good the google analytics is. the author recieved a lot of good feedback than just a few negative comments from the ‘pros’.

  14. This is a fantastic piece of trick, I will definitely be using it on my site and blog to keep track of the traffic and number of hits.

    Thanks alot for generously posting it here :)

  15. Why don’t you just parse the access log?

    You are gaining nothing extra by the method you are using, except for higher server load.

  16. It’s a nice code, but I think I found some glitches in it, because when I copy and paste the exact code it won’t work correctly, but maybe I am doing something wrong. So here it is:

    – In the install.php file:

    1.On the 3rd line I think there is missing forward slash before ‘stats.db’ so it should be ‘/stats.db’. 2.There is missing statement to create the database. The first statement is to open the database, not create, but we don’t have the database created yet.

    – When I create the database manually (I just create a new file “stats.db”) I am receiving this error message:

    Warning: sqlite_exec() [function.sqlite-exec]: attempt to write a readonly database in /mydomain/install.php on line 9

    I tried to put the file in a folder so it’s not located under root, but still the same error.

    Any help would be appreciated.

  17. I found out that the sqlite_open command also suppose to create database if it does not exist, but if I don’t create the database by myself I am getting this error message:

    Warning: sqlite_open() [function.sqlite-open]: unable to open database: mydomain/stats.db in mydomain/install.php on line 3
    unable to open database: mydomain/stats.db


  18. The above-mentioned issue was caused by remote server permissions.

    I would like to ask something else:

    This is the line in the page I want to track:

    var dataText = ‘page=&referrer=’;

    Am I suppose to replace the with something else?

    Thank you!

  19. The text didn’t show completely, so again. What I am suppose to replace in the code of the page I want to track in order to track the referrer correctly?

    I looked the source code for this demo and the referrer is replaced with referrer=’;

    If I don’t replace it with a URL then the tracking does not work at all.

    Thank you!

    1. The line posted in the article should work fine:

      var dataText = 'page=<?php echo $_SERVER['REQUEST_URI']; ?>&referrer=<?php echo $_SERVER['HTTP_REFERER']; ?>';

      It obtains the info from PHP. Remember that if there is no referrer (direct traffic), it will show up as blank.

      1. Hm, but if I don’t change the line I don’t get any tracking of the page, which I want to track. If I replace the line with

        var dataText = ‘page=/web_trackable.html/

        it tracks the webpage. And if I don’t change the referrer to for example


        (or any other webpage) the tracking does not work.
        When I run the install.php it works and it creates a database under a “test” folder, because when it is located in the root of the remote server there is a permission issue. So the database is under /test/stats.db and I changed the path accordingly in all files install.php, process.php and display.php.

        Any ideas?

      2. That’s odd. I don’t know the exact modifications you have made to the script, but is there any way you can add permissions to the root? If so, you can test the file as is and see if the same problem is occurring.

      3. I added permissions to the root and I ended up with 501 Permission Denied for our website so it didn’t do any good.

        I see that you made some changes to the code in the process.php file. Nevertheless, I am having the same issue:

        If I run the install.php file I get an error message:

        Warning: sqlite_open() [function.sqlite-open]: unable to open database: mydomain/stats.db in mydomain/install.php on line 3
        unable to open database: mydomain/stats.db

        Again, when I create a folder and set permissions for the folder to 777 and point the path to the database in that folder (for ex. ‘/test/stats.db’) on remote server then it is successful and I get “Finished” result. So obviously this is telling me that the database cannot be created directly under root because of permissions. That’s why it works under a folder. But when I visit our website or the webpage that I created to track (webpagetrackable.html) and then browse the display.php in browser the output is always:
        * Total unique visitors: 0
        * Total page views: 0

        I also changed permissions on all the files that I created (webpagetrackable.html, install.php, process.php display.php, to 777 just in case, but no difference.

        It’s odd. If you have any other idea what can be wrong I would appreciate it. If necessary I can send you all the files that I created.

  20. Really cool guideline, but still trust Google Analytics. However, I think write my own stats program esp for some special task is a great thought.

  21. This is an excellent tut. And to the rest: This is a tut. Not a copy and paste “script”. Where you shut off your brain :)

  22. Google Analytics definitely offers more data such as browsers and OS, and everything is nicely organized but this is definitely a good tutorial. The problem with GAnalytics is that it sometimes slows down pages, even when it’s at the bottom of your page.

  23. looks like a nice and easy way to get stats in your site ;)

    i would personally not use the #-style comments but use the regular // and /* */ commenting style

  24. wow, nice, I personally uses webalizer and have always wondered how they parse through my log file so fast, but somehow this tutorial made me understand how it works, thanks alot.
    and the stats from my site can be seen at :)

  25. Very nice! It takes time to post an article like this, and you did a great job! More than anything, it inspires anyone to really tackle the issue.

    Such an important issue… All of the web analytics out there throw so much information at the user’s face, hopefully something will be developed that will concisely let the user naturally bring her stats up.

    Thanks again Karthik!

  26. Thanks for giving some ideas on how I would make a statistics program. I have a question though, would it better to make a flat file based analystics and then have different flat files for different times such as each day.

Sorry, Comments are closed...