Jump to content


Photo

Basic PHP System: View/Edit/Delete/Add Records


  • Please log in to reply
188 replies to this topic

#91 GIRISH

GIRISH

    New member

  • New Members
  • 2 posts

Posted 29 February 2012 - 01:44 AM

Hi Rupom Can u please tell me what u did?? Actually I am looking for the same solution.
  • 0

#92 teke

teke

    New member

  • New Members
  • 7 posts

Posted 03 March 2012 - 06:11 AM

hello, i try to add a new column, but i fail

i add in a SQL file this

CREATE TABLE `players` (
 `id` int(11) NOT NULL auto_increment,
 `leader` varchar(32) NOT NULL,
 `firstname` varchar(32) NOT NULL,
 `lastname` varchar(32) NOT NULL,
 PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=5 ;

in view.php like this

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
        <title>View Records</title>
</head>
<body>

<?php
/* 
        VIEW.PHP
        Displays all data from 'players' table
*/

        // connect to the database
        include('connect-db.php');

        // get results from database
        $result = mysql_query("SELECT * FROM players") 
                or die(mysql_error());  
                
        // display data in table
        //echo "<p><b>View All</b> | <a href='view-paginated.php?page=1'>View Paginated</a></p>";
        
        echo "<table border='1' cellpadding='10'>";
        echo "<tr> <th>ID</th> <th>Leader</th> <th>First Name</th> <th>Last Name</th> <th></th> <th></th></tr>";

        // loop through results of database query, displaying them in the table
        while($row = mysql_fetch_array( $result )) {
                
                // echo out the contents of each row into a table
                echo "<tr>";
                echo '<td>' . $row['id'] . '</td>';
                echo '<td>' . $row['leader'] . '</td>';
                echo '<td>' . $row['firstname'] . '</td>';
                echo '<td>' . $row['lastname'] . '</td>';
                echo '<td><a href="edit.php?id=' . $row['id'] . '">Edit</a></td>';
                echo '<td><a href="delete.php?id=' . $row['id'] . '">Delete</a></td>';
                echo "</tr>"; 
        } 

        // close table>
        echo "</table>";
?>
<p><a href="new.php">Add a new record</a></p>

</body>
</html>

i remove view-paginated.php

in new.php

<?php
/* 
 NEW.PHP
 Allows user to create a new entry in the database
*/
 
 // creates the new record form
 // since this form is used multiple times in this file, I have made it a function that is easily reusable
 function renderForm($leader, $first, $last, $error)
 {
 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
 <html>
 <head>
 <title>New Record</title>
 </head>
 <body>
 <?php 
 // if there are any errors, display them
 if ($error != '')
 {
 echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
 }
 ?> 
 
 <form action="" method="post">
 <div>
 <strong>Leader: *</strong> <input type="text" name="leader" value="<?php echo $leader; ?>" /><br/>
 <strong>First Name: *</strong> <input type="text" name="firstname" value="<?php echo $first; ?>" /><br/>
 <strong>Last Name: *</strong> <input type="text" name="lastname" value="<?php echo $last; ?>" /><br/>
 <p>* required</p>
 <input type="submit" name="submit" value="Submit">
 </div>
 </form> 
 </body>
 </html>
 <?php 
 }
 
 
 

 // connect to the database
 include('connect-db.php');
 
 // check if the form has been submitted. If it has, start to process the form and save it to the database
 if (isset($_POST['submit']))
 { 
 // get form data, making sure it is valid
 $leader = mysql_real_escape_string(htmlspecialchars($_POST['leader']));
 $firstname = mysql_real_escape_string(htmlspecialchars($_POST['firstname']));
 $lastname = mysql_real_escape_string(htmlspecialchars($_POST['lastname']));
 
 // check to make sure both fields are entered
 if ($leader == '' || $firstname == '' || $lastname == '')
 {
 // generate error message
 $error = 'ERROR: Please fill in all required fields!';
 
 // if either field is blank, display the form again
 renderForm($leader, $firstname, $lastname, $error);
 }
 else
 {
 // save the data to the database
 mysql_query("INSERT players SET leader='$leader' firstname='$firstname', lastname='$lastname'")
 or die(mysql_error()); 
 
 // once saved, redirect back to the view page
 header("Location: view.php"); 
 }
 }
 else
 // if the form hasn't been submitted, display the form
 {
 renderForm('','','');
 }
?>


what is wrong ? please help me, Thanks ! sorry for my english ,i'm from Romania
  • 0

#93 Ben

Ben

    Administrator

  • Administrators
  • 5,553 posts
  • LocationChico, CA

Posted 03 March 2012 - 11:29 AM

What errors are you getting?
  • 0
Benjamin Falk
Falken Creative : Twitter

#94 teke

teke

    New member

  • New Members
  • 7 posts

Posted 04 March 2012 - 10:41 AM

not appear in the table/column
  • 0

#95 Ben

Ben

    Administrator

  • Administrators
  • 5,553 posts
  • LocationChico, CA

Posted 04 March 2012 - 10:49 AM

Two things in new.php:

This line

mysql_query("INSERT players SET leader='$leader' firstname='$firstname', lastname='$lastname'")
is missing a comma after "$leader":

mysql_query("INSERT players SET leader='$leader', firstname='$firstname', lastname='$lastname'")
Secondly, right at the end of the file, this line

renderForm('','','');
probably needs to be this:

renderForm('','','','');

  • 1
Benjamin Falk
Falken Creative : Twitter

#96 teke

teke

    New member

  • New Members
  • 7 posts

Posted 04 March 2012 - 10:59 AM

thanks !!! it's working !
  • 0

#97 skunkfu

skunkfu

    New member

  • New Members
  • 3 posts

Posted 19 March 2012 - 01:27 PM

First of all, thank you very much Ben for this PHP script. It has helped me immensely for a college project, and has also up'd my interest in web development again!

Now, I wish to expand on your code further to give the ability to add columns to the database. Currently, columns such as FirstName and LastName are pre-defined within the code.

The most basic way to do this would be to create a form with a textbox and submit button, and have PHP use the alter command to create the column. The problem here would be the code to view, edit and add records, since they are still hard-coded with the FirstName and LastName variables.

Is there any particular method you could point me towards to figure this out? I may be a little over my head with this since it may require rewriting the whole PHP code.

Hope I explained this well enough.

Thank you!
  • 0

#98 Ben

Ben

    Administrator

  • Administrators
  • 5,553 posts
  • LocationChico, CA

Posted 19 March 2012 - 01:55 PM

Maybe you can explain why you would need to programatically modify the database? Most systems that I know and work with don't work that way -- you usually have a set database structure, and you are simply adding/removing/editing records from it.
  • 0
Benjamin Falk
Falken Creative : Twitter

#99 skunkfu

skunkfu

    New member

  • New Members
  • 3 posts

Posted 19 March 2012 - 02:11 PM

Ah yes you have an extremely good point. I'm probably making it more complicated than it needs to be.

Its scalability really. For the project, I'm building a database interface for contacts. Later on I may realise I need another attribute of data for my contacts list, such as a secondary telephone number.

Do you believe it is a better idea to take into account all attributes that would be required for a contacts database first, then design the database structure?

Extra credits for my class is on the mind, going that extra mile. :rolleyes:

Thanks!
  • 0

#100 Ben

Ben

    Administrator

  • Administrators
  • 5,553 posts
  • LocationChico, CA

Posted 19 March 2012 - 02:21 PM

If you want to focus on scalability, I'd suggest looking at object oriented programming and MVC -- those will help make your code modular, separating out the responsibilities of your application into individual objects and making things easier to maintain and improve in the future.

Yes, you do want to consider how the application might be expanded... but you can't fully anticipate what sort of changes you will want to make and code for all of them.
  • 0
Benjamin Falk
Falken Creative : Twitter

#101 skunkfu

skunkfu

    New member

  • New Members
  • 3 posts

Posted 19 March 2012 - 02:29 PM

Understood Ben. OOP and MVC would be extreme overkill for the little project I'm dealing with.

I will keep it simple for now then. Later on if I require such scalable features (being taken on for a client perhaps), then I will look into it further.

Thanks for your time!! ^_^
  • 0

#102 teke

teke

    New member

  • New Members
  • 7 posts

Posted 26 March 2012 - 03:35 PM

how can add in table a timeleft column and when the time is up ,automatically delete row

if you can...
  • 0

#103 Ben

Ben

    Administrator

  • Administrators
  • 5,553 posts
  • LocationChico, CA

Posted 26 March 2012 - 05:13 PM

how can add in table a timeleft column and when the time is up ,automatically delete row

if you can...

I don't think that is something that is done with plain PHP -- I believe you would need to use a CRON job that repeats a certain number of times a day to call a PHP script to do the cleanup. If you are dealing with small amounts of time (minutes rather than hours, for example) you might use AJAX that loops every x seconds to call a PHP script to do the cleanup.
  • 0
Benjamin Falk
Falken Creative : Twitter

#104 teke

teke

    New member

  • New Members
  • 7 posts

Posted 27 March 2012 - 04:54 AM

the time in days i need, anyway thanks !
  • 0

#105 teke

teke

    New member

  • New Members
  • 7 posts

Posted 28 March 2012 - 02:53 PM

i returned... do you know something about countdown timer in table? any
  • 0

#106 Blackburn

Blackburn

    New member

  • New Members
  • 1 posts

Posted 03 April 2012 - 10:53 AM

I have some problem with this tutorial. I made a bit change to suit my forum script I building. Heres what my changed files.
EDIT.PHP
<?php
//create_cat.php
 include 'connect.php';
 include 'header.php';
 include 'modules/bbcode.php';

/* 
 EDIT.PHP
 Allows user to edit specific entry in database
*/

 // creates the edit record form
 // since this form is used multiple times in this file, I have made it a function that is easily reusable
 function renderForm($id, $firstname, $error)
 {
 ?>
 <html>
 <head>
 <title>Edit Record</title>
 </head>
 <body>
 <?php 
 // if there are any errors, display them
 if ($error != '')
 {
 echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
 }
 ?> 
 
 <form action="" method="post">
 <input type="hidden" name="id" value="<?php echo $id; ?>"/>
 <div>
 <p><strong>ID:</strong> <?php echo $id; ?></p>
 <strong>Content*</strong> <input type="text" name="firstname" value="<?php echo $firstname; ?>"/><br/>
 <p>* Required</p>
 <input type="submit" name="submit" value="Submit">
 </div>
 <a href="/settings.php">Back</a>
 </form> 
 </body>
 </html> 
 <?php
 }



 // connect to the database

 
 // check if the form has been submitted. If it has, process the form and save it to the database
 if (isset($_POST['submit']))
 { 
 // confirm that the 'id' value is a valid integer before getting the form data
 if (is_numeric($_POST['id']))
 {
 // get form data, making sure it is valid
 $id = $_POST['post_id'];
 $firstname = mysql_real_escape_string(htmlspecialchars($_POST['post_content']));
 
 // check that firstname/lastname fields are both filled in
 if ($firstname == '')
 {
 // generate error message
 $error = 'ERROR: Please fill in all required fields!';
 
 //error, display form
 renderForm($id, $firstname, $error);
 }
 else
 {
 // save the data to the database
 mysql_query("UPDATE 
					posts
				SET 
					post_content='$firstname' 
				WHERE post_id='$id'")
				
 or die(mysql_error()); 
 
 // once saved, redirect back to the view page
 header("Location: settings.php"); 
 }
 }
 else
 {
 // if the 'id' isn't valid, display an error
 echo 'Error!';
 }
 }
 else
 // if the form hasn't been submitted, get the data from the db and display the form
 {
 
 // get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
 if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0)
 {
 // query db
 $id = $_GET['id'];
 $result = mysql_query("SELECT * FROM posts WHERE post_id=$id")
 or die(mysql_error()); 
 $row = mysql_fetch_array($result);
 
 // check that the 'id' matches up with a row in the databse
 if($row)
 {
 
 // get data from db
 $firstname = $row['post_content'];
 
 // show form
 renderForm($id, $firstname, '');
 }
 else
 // if no match, display result
 {
 echo "No results!";
 }
 }
 else
 // if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error
 {
 echo 'Error!';
 }
 }
 include 'footer.php';
?>

and NEW.PHP

<?php
//create_cat.php
include 'connect.php';
include 'header.php';

/* 
 NEW.PHP
 Allows user to create a new entry in the database
*/
 
 // creates the new record form
 // since this form is used multiple times in this file, I have made it a function that is easily reusable
 function renderForm($first, $last, $error)
 {
 ?>
 <html>
 <head>
 <title>New Record</title>
 </head>
 <body>
 <?php 
 // if there are any errors, display them
 if ($error != '')
 {
 echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
 }
 ?> 
 
 <form action="" method="post">
 <div>
 <strong>Content: *</strong> <input type="textarea" name="firstname" value="<?php echo $first; ?>" /><br/>
 <p>* required</p>
 <input type="submit" name="submit" value="Submit">
 </div>
 </form> 
 </body>
 </html>
 <?php 
 }
 
 


 // check if the form has been submitted. If it has, start to process the form and save it to the database
 if (isset($_POST['submit']))
 { 
 // get form data, making sure it is valid
 $firstname = mysql_real_escape_string(htmlspecialchars($_POST['post_content']));

 
 // check to make sure both fields are entered
 if ($firstname == '')
 {
 // generate error message
 $error = 'ERROR: Please fill in all required fields!';
 
 // if either field is blank, display the form again
 renderForm($first, $last, $error);
 }
 else
 {
 // save the data to the database
 mysql_query("INSERT posts SET post_content='$firstname'")
 or die(mysql_error()); 
 
 // once saved, redirect back to the view page
 header("Location: settings.php"); 
 }
 }
 else
 // if the form hasn't been submitted, display the form
 {
 renderForm('','','');
 }
 
 include 'footer.php';
?> 

In both Im getting error "ERROR: Please fill in all required fields" if I want to change something or add. The delete option is working.
  • 0

#107 Face

Face

    New member

  • New Members
  • 9 posts

Posted 10 April 2012 - 07:19 PM

First post, please be kind!

Ok, so I don't really know much about anything regarding PHP/MySQL - I can do HTML and Flash (providing that is stays away from DBs)...

So I downloaded and installed XAMPP, basically copied and pasted, made all the necessary files - and now I have your basic PHP program running on my computer *ALMOST* exactly as you have it on yours (BEN).

The problem I am having, and i can't figure it out for the life of me is why I get this unexplainable text at the top of the page saying "VALUES(4, 'Sam', 'Smith');" which is the last line of code that I imported into the "RECORDS" DB... (screen shot included). This text will follow me to every part of the program (new.php, edit.php...)

viewphp.png

Any ideas of what I missed?

PS - The reason I am learning this is to help someone else with a school project. The more I look into PHP the more I want to know, so this might be the start of a long relationship.

Cheers,
Face
  • 0

#108 Ben

Ben

    Administrator

  • Administrators
  • 5,553 posts
  • LocationChico, CA

Posted 10 April 2012 - 07:29 PM

@Face: I would suggest looking at your connect-db.php file. I'm betting that you didn't do the copy/paste exactly right, and you may have that text at the beginning of the file, probably before the opening <?php tag.
  • 0
Benjamin Falk
Falken Creative : Twitter

#109 Face

Face

    New member

  • New Members
  • 9 posts

Posted 10 April 2012 - 07:35 PM

And of course that is exactly what it was. Thanks for your very quick response to a very stupid problem... I had checked all the files except for that one.

Thanks again. from this point I expect to make my own modifications and actually start learning stuff - so you should be hearing from me soon (very).

Cheers,
Face
  • 0

#110 Face

Face

    New member

  • New Members
  • 9 posts

Posted 10 April 2012 - 07:48 PM

Actually, to help myself out I'm going to let you all in on what the project is.

Basically its supposed to be a simple PHP/MySQL database that keeps track of books coming in/out of a collection. So basically what I am going to try to do is add a Title, Publisher, and Date Aqcuired column... perhaps a "Aqcuired from where." while always keeping the ability to delete/edit/add...

and then I will move onto a program for myself that can help me inventory shop tools / materials.

Always happy to recieve advice!

Cheers,
Face
  • 0

#111 Jeffro78

Jeffro78

    New member

  • New Members
  • 1 posts

Posted 11 April 2012 - 12:12 AM

How do you type an if statement using $_POST for checkboxes as in IT classes taken or needed, ie IT101b, IT205b, IT210b, IT310b in php? I am a Super Noob and am quite lost because the if statements in Java seem to be easier to figure out than so far in PHP.

Thanks for any assistance with my issue.
  • 0

#112 Ben

Ben

    Administrator

  • Administrators
  • 5,553 posts
  • LocationChico, CA

Posted 11 April 2012 - 09:26 AM

How do you type an if statement using $_POST for checkboxes as in IT classes taken or needed, ie IT101b, IT205b, IT210b, IT310b in php? I am a Super Noob and am quite lost because the if statements in Java seem to be easier to figure out than so far in PHP.

Thanks for any assistance with my issue.

Checkboxes are a little trickier than the standard input elements. Take a look here: http://www.homeandle...hp/php4p11.html -- this will explain how to check if a checkbox is set or not.
  • 0
Benjamin Falk
Falken Creative : Twitter

#113 Face

Face

    New member

  • New Members
  • 9 posts

Posted 12 April 2012 - 11:26 PM

Me again! Things are moving along. Added a search box where you can search "players" by name or id. Added a few more columns to the table. and some other buttons and changed the look of it a bit - now i'm wondering....

.... What would be the best way to have a "confirm delete" option? Can it be done in PHP? or would it have to be javascript? Or just a generic button?

Cheers,
Face
  • 0

#114 Ben

Ben

    Administrator

  • Administrators
  • 5,553 posts
  • LocationChico, CA

Posted 13 April 2012 - 10:26 AM

The easiest way would be do use javascript -- pop up a confirm box asking the user to click "yes", and then redirecting to the delete page only if the user clicks yes.

However, I have heard that it is a best practice to avoid this, and try to avoid using a url that automatically deletes a record only based on $_GET data since there is a chance that it could be abused -- for example, what if the admin user was emailed a link (or something innocent that didn't look like a link) and they clicked on it and it deleted the record?. In addition, only using a Javascript based confirm would mean that for anyone who used the system with Javascript off, it would automatically bypass the confirmation (then again, the number of users who browse with Javascript off is pretty low).

The "best practice" way of going about this would probably have the confirm delete function built into the delete page, so the user visits "delete.php?id=x" and instead of immediately deleting the record, they are asked to confirm within a form, and the item is only deleted based on a "yes" response in the $_POST data.

Alternately, you could build this form into the main page that shows all the records, confirm delete using a Javascript confirm() function, and then only delete the item(s) based on the $_POST data.
  • 0
Benjamin Falk
Falken Creative : Twitter

#115 Face

Face

    New member

  • New Members
  • 9 posts

Posted 13 April 2012 - 02:59 PM

Thanks, I will see what I can manage. The chances are I will go with Javascript, the reason being that this is a school project for someone and will be run using XAMPP or some sort of similar program - so i'm not so much worried about security issues. Hopefully the person evaluating the project isn't worried either.

I will continue to investigate anyhow.

Cheers,
Face
  • 0

#116 LiquidFire

LiquidFire

    New member

  • New Members
  • 5 posts

Posted 20 April 2012 - 12:20 PM

Hey ben, really like the code and modded it to fit my benefits but im having a small problem with editing where what it shows when im viewing a post i had made it doesn't show up in the box when i click edit (view attachment if you dont understand)
Untitled-2.jpg


ADMIN.PHP
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<?php
include("../include/session.php");
include("db.php");
?>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>AzureDivinity's Website</title>
<link href="../../css/style1.css" rel="stylesheet" type="text/css">
<link href="../../css/style2.css" rel="stylesheet" type="text/css">
<link href="../../css/style3.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" href="../../slider/themes/default/default.css" type="text/css" media="screen" />
<link rel="stylesheet" href="../../slider/nivo-slider.css" type="text/css" media="screen" /> 

</head>

<body>

	<div id="everything">

		<div id="header">
			
			<ul id="menu">
				<li><a class="main" href="http://azuredivinity.com/"></a></li>
				<li><a class="profile" href="http://azuredivinity.com/profile.php"></a></li>						
                <li><a class="cms" href="http://azuredivinity.com/forum/content.php"></a></li>
				<li><a class="forum" href="http://azuredivinity.com/forum/forum.php"></a></li>
				<li><a class="blog" href="http://azuredivinity.com/forum/blog.php"></a></li>
                <li><a class="contact" href="http://azuredivinity.com/index.php?page=contact"></a></li>
                <li><a class="login" href="http://azuredivinity.com/login/main.php"></a></li>
				<li><a class="rotate" href="http://azuredivinity.com/#"></a></li>
                <li><a class="coaching" href="http://azuredivinity.com/coaching/index.html"></a></li>
                <li><a class="clanex" href="http://www.combatex.com/forum/index.php"></a></li>
			</ul>  
		
		</div>
	
		<div id="middle">
	
        
			<div class="slider-wrapper theme-default">
			
			<div class="ribbon">
			</div>
			
				<div id="slider" class="nivoSlider">
                	<img src="../../css/images/slider_images/img15.png" alt="" />
					<img src="../../css/images/slider_images/img1.png" alt="" />
					<img src="../../css/images/slider_images/img3.png" alt="" />
					<img src="../../css/images/slider_images/img6.png" alt="" />
					<img src="../../css/images/slider_images/img7.png" alt="" />
					<img src="../../css/images/slider_images/img8.png" alt="" />
					<img src="../../css/images/slider_images/img9.png" alt="" />
					<img src="../../css/images/slider_images/img10.png" alt="" />
					<img src="../../css/images/slider_images/img11.png" alt="" />
     				<img src="../../css/images/slider_images/img12.png" alt="" />
					<img src="../../css/images/slider_images/img13.png" alt="" />
					<img src="../../css/images/slider_images/img14.png" alt="" />
				</div>
				
			</div>

		</div>
	
	<script type="text/javascript" src="../../slider/scripts/jquery-1.6.1.min.js"></script>
    <script type="text/javascript" src="../../slider/jquery.nivo.slider.pack.js"></script>
    <script type="text/javascript">
		$(window).load(function() {
			$('#slider').nivoSlider();
		});
    </script>
    
	<br />
    <br />
    <br />
	  
				<div id="left_column">
		  
					<div class="left_break">
					</div>
          
					<div class="left">
			
		   
					<div class="left_nav_header">
					</div>
			
					<div class="post_body_nav">
                    
					<div id="navigation">
						<a class="tbt" href="http://blacktowerclan.com/"></a>
                        <a class="scu" href="http://starcraftuniverse.org"></a>
						<a class="combat" href="http://www.twitch.tv/combatex"></a>
						<a class="clanwater" href="http://www.twitch.tv/clanwater"></a>
						<a class="azure" href="http://www.justin.tv/azuredivinity"></a>
						<a class="teammnm" href="http://www.twitch.tv/mnmsc2?"></a>
						<a class="combatsite" href="http://www.combatex.com/" target="_blank"></a>
						<a class="vile" href="http://www.twitch.tv/illusioncss" target="_blank"></a>                    						
                    <form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="TG4YRKN4S3NDY">
<input type="image" src="../css/images/buttons/donate2.png" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
                    </div>
					
                    </div>
                    			
					<div class="footer">
					</div>
                    
					</div>
                    
                    <div class="left">
                    
                    <div class="left_break">
					</div>
                    
                    <div class="left_header">
					</div>
                    
					<div class="post_body_nav">
						<br><p><img src="../../css/images/achievements/achieve_1.png" alt="About Me" align="center"/></p></br>
						<br><p><img src="../../css/images/achievements/achieve_2.png" alt="About Me" align="center"/></p></br>
						<br><p><img src="../../css/images/achievements/achieve_3.png" alt="About Me" align="center"/></p></br>
						<br><p><img src="../../css/images/achievements/achieve_4.png" alt="About Me" align="center"/></p></br>
						<br><p><img src="../../css/images/achievements/achieve_5.png" alt="About Me" align="center"/></p></br>
					</div>
			
					<div class="footer">
					</div>

					</div>
		
				</div>
		  

    			<div id="middle_column" class="two_column">

				<div class="post">

					<div class="header">
					</div>

					<div class="post_body">

						<?

   
						/**
						* User not an administrator, redirect to main page
						* automatically.
						*/
						
						if(!$session->isAdmin()){
							printf("<script>location.href='main.php'</script>");
						}
						else{
						
						
						/**
						* Administrator is viewing page, so display all
						* forms.
						*/
						
						?>
										
					<h1>Admin Center</h1>
					<font size="5" color="#ff0000">
					<b>::::::::::::::::::::::::::::::::::::::::::::</b></font>
					<font size="4">Logged in as <b><? echo $session->username; ?></b></font><br><br>
					Back to [<a href="main.php">Main Page</a>]<br><br>
					Add A  [<a href="http://www.azuredivinity.com/index.php?p=add">New Entry</a>]<br><br>

					<?
					if($form->num_errors > 0){
						echo "<font size=\"4\" color=\"#ff0000\">"
							."!*** Error with request, please fix</font><br><br>";
					}
					?>

		<?php
        // number of results to show per page
        $per_page = 6;
        
        // figure out the total pages in the database
        $result = mysql_query("SELECT * FROM tt_blog");
        $total_results = mysql_num_rows($result);
        $total_pages = ceil($total_results / $per_page);


        // check if the 'page' variable is set in the URL (ex: view-paginated.php?page=1)
        if (isset($_GET['page']) && is_numeric($_GET['page']))
        {
                $show_page = $_GET['page'];
                
                // make sure the $show_page value is valid
                if ($show_page > 0 && $show_page <= $total_pages)
                {
                        $start = ($show_page -1) * $per_page;
                        $end = $start + $per_page; 
                }
                else
                {
                        // error - show first set of results
                        $start = 0;
                        $end = $per_page; 
                }               
        }
        else
        {
                // if page isn't set, show first set of results
                $start = 0;
                $end = $per_page; 
        }
        
        // display pagination
        for ($i = 1; $i <= $total_pages; $i++)
        {
                echo "<a href='admin.php?page=$i'>$i</a> ";
        }
        echo "</p>";
                
        // display data in table
        echo "<table border='1' cellpadding='10'>";
        echo "<tr> <th>ID</th> <th>Post Date</th> <th>Post Title</th> <th>Post Text</th> <th></th> <th></th></tr>";

        // loop through results of database query, displaying them in the table 
        for ($i = $start; $i < $end; $i++)
        {
                // make sure that PHP doesn't try to show results that don't exist
                if ($i == $total_results) { break; }
        
                // echo out the contents of each row into a table
                echo "<tr>";
                echo '<td>' . mysql_result($result, $i, 'id') . '</td>';
                echo '<td>' . mysql_result($result, $i, 'datetime') . '</td>';
                echo '<td>' . mysql_result($result, $i, 'title') . '</td>';
                echo '<td>' . mysql_result($result, $i, 'content') . '</td>';
                echo '<td><a href="edit.php?id=' . mysql_result($result, $i, 'id') . '">Edit</a></td>';
                echo '<td><a href="delete.php?id=' . mysql_result($result, $i, 'id') . '">Delete</a></td>';
                echo "</tr>"; 
        }
        // close table>
        echo "</table>"; 
        
        // pagination
        

?>

					<?
					}
					?>
			
					</div>

					<div class="postedby">
					</div>
          
				</div>
			
			</div>
	
		<div id="footer">
		</div>
			
			</div>
			
</body>
</html>


EDIT.PHP
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<?php
include("../include/sessions.php");
?>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>AzureDivinity's Website</title>
<link href="../../css/style1.css" rel="stylesheet" type="text/css">
<link href="../../css/style2.css" rel="stylesheet" type="text/css">
<link href="../../css/style3.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" href="../../slider/themes/default/default.css" type="text/css" media="screen" />
<link rel="stylesheet" href="../../slider/nivo-slider.css" type="text/css" media="screen" /> 

</head>

<body>

	<div id="everything">

		<div id="header">
			
			<ul id="menu">
				<li><a class="main" href="http://azuredivinity.com/"></a></li>
				<li><a class="profile" href="http://azuredivinity.com/profile.php"></a></li>						
                <li><a class="cms" href="http://azuredivinity.com/forum/content.php"></a></li>
				<li><a class="forum" href="http://azuredivinity.com/forum/forum.php"></a></li>
				<li><a class="blog" href="http://azuredivinity.com/forum/blog.php"></a></li>
                <li><a class="contact" href="http://azuredivinity.com/index.php?page=contact"></a></li>
                <li><a class="login" href="http://azuredivinity.com/login/main.php"></a></li>
				<li><a class="rotate" href="http://azuredivinity.com/#"></a></li>
                <li><a class="coaching" href="http://azuredivinity.com/coaching/index.html"></a></li>
                <li><a class="clanex" href="http://www.combatex.com/forum/index.php"></a></li>
			</ul>  
		
		</div>
	
		<div id="middle">
	
        
			<div class="slider-wrapper theme-default">
			
			<div class="ribbon">
			</div>
			
				<div id="slider" class="nivoSlider">
                	<img src="../../css/images/slider_images/img15.png" alt="" />
					<img src="../../css/images/slider_images/img1.png" alt="" />
					<img src="../../css/images/slider_images/img3.png" alt="" />
					<img src="../../css/images/slider_images/img6.png" alt="" />
					<img src="../../css/images/slider_images/img7.png" alt="" />
					<img src="../../css/images/slider_images/img8.png" alt="" />
					<img src="../../css/images/slider_images/img9.png" alt="" />
					<img src="../../css/images/slider_images/img10.png" alt="" />
					<img src="../../css/images/slider_images/img11.png" alt="" />
     				<img src="../../css/images/slider_images/img12.png" alt="" />
					<img src="../../css/images/slider_images/img13.png" alt="" />
					<img src="../../css/images/slider_images/img14.png" alt="" />
				</div>
				
			</div>

		</div>
	
	<script type="text/javascript" src="../../slider/scripts/jquery-1.6.1.min.js"></script>
    <script type="text/javascript" src="../../slider/jquery.nivo.slider.pack.js"></script>
    <script type="text/javascript">
		$(window).load(function() {
			$('#slider').nivoSlider();
		});
    </script>
    
	<br />
    <br />
    <br />
	  
				<div id="left_column">
		  
					<div class="left_break">
					</div>
          
					<div class="left">
			
		   
					<div class="left_nav_header">
					</div>
			
					<div class="post_body_nav">
                    
					<div id="navigation">
						<a class="tbt" href="http://blacktowerclan.com/"></a>
                        <a class="scu" href="http://starcraftuniverse.org"></a>
						<a class="combat" href="http://www.twitch.tv/combatex"></a>
						<a class="clanwater" href="http://www.twitch.tv/clanwater"></a>
						<a class="azure" href="http://www.justin.tv/azuredivinity"></a>
						<a class="teammnm" href="http://www.twitch.tv/mnmsc2?"></a>
						<a class="combatsite" href="http://www.combatex.com/" target="_blank"></a>
						<a class="vile" href="http://www.twitch.tv/illusioncss" target="_blank"></a>                    						
                    <form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="TG4YRKN4S3NDY">
<input type="image" src="../../css/images/buttons/donate2.png" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
                    </div>
					
                    </div>
                    			
					<div class="footer">
					</div>
                    
					</div>
                    
                    <div class="left">
                    
                    <div class="left_break">
					</div>
                    
                    <div class="left_header">
					</div>
                    
					<div class="post_body_nav">
						<br><p><img src="../../css/images/achievements/achieve_1.png" alt="About Me" align="center"/></p></br>
						<br><p><img src="../../css/images/achievements/achieve_2.png" alt="About Me" align="center"/></p></br>
						<br><p><img src="../../css/images/achievements/achieve_3.png" alt="About Me" align="center"/></p></br>
						<br><p><img src="../../css/images/achievements/achieve_4.png" alt="About Me" align="center"/></p></br>
						<br><p><img src="../../css/images/achievements/achieve_5.png" alt="About Me" align="center"/></p></br>
					</div>
			
					<div class="footer">
					</div>

					</div>
		
				</div>

			<div id="middle_column" class="two_column">

				<div class="post">

					<div class="header">
					</div>

					<div class="post_body">

<?php
/* 
 EDIT.PHP
 Allows user to edit specific entry in database
*/

 // creates the edit record form
 // since this form is used multiple times in this file, I have made it a function that is easily reusable
 function renderForm($id, $datetime, $title, $content, $error)
 {
 ?>
 
 <?php 
 // if there are any errors, display them
 if ($error != '')
 {
 echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
 }
 ?> 
 
 <form action="" method="post">
 <input type="hidden" name="id" value="<?php echo $id; ?>"/>
 <div>
 <p><strong>ID:</strong> <?php echo $id; ?></p>
 <strong>Post Date: *</strong> <input type="text" name="datetime" value="<?php echo $datetime; ?>"/><br/>
 <strong>Post Title: *</strong> <input type="text" name="title" value="<?php echo $title; ?>"/><br/>
 <strong>Post Text: *</strong> <textarea type="text" name="content" value="<?php echo $content; ?>"></textarea><br/>
 <p>* Required</p>
 <input type="submit" name="submit" value="Submit">
 </div>
 </form> 
 </body>
 </html> 
 <?php
 }



 // connect to the database
 include('db.php');
 
 // check if the form has been submitted. If it has, process the form and save it to the database
 if (isset($_POST['submit']))
 { 
 // confirm that the 'id' value is a valid integer before getting the form data
 if (is_numeric($_POST['id']))
 {
 // get form data, making sure it is valid
 $id = $_POST['id'];
 $datetime = mysql_real_escape_string(htmlspecialchars($_POST['datetime']));
 $title = mysql_real_escape_string(htmlspecialchars($_POST['title']));
 $content = mysql_real_escape_string(htmlspecialchars($_POST['content']));
 
 // check that datetime/title fields are both filled in
 if ($datetime == '' || $title == '' || $content == '')
 {
 // generate error message
 $error = 'ERROR: Please fill in all required fields!';
 
 //error, display form
 renderForm($id, $datetime, $title, $content, $error);
 }
 else
 {
 // save the data to the database
 mysql_query("UPDATE tt_blog SET datetime='$datetime', title='$title', 'content=$content' WHERE id='$id'")
 or die(mysql_error()); 
 
 // once saved, redirect back to the view page
 header("Location: admin.php"); 
 }
 }
 else
 {
 // if the 'id' isn't valid, display an error
 echo 'Error!';
 }
 }
 else
 // if the form hasn't been submitted, get the data from the db and display the form
 {
 
 // get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
 if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0)
 {
 // query db
 $id = $_GET['id'];
 $result = mysql_query("SELECT * FROM tt_blog WHERE id=$id")
 or die(mysql_error()); 
 $row = mysql_fetch_array($result);
 
 // check that the 'id' matches up with a row in the databse
 if($row)
 {
 
 // get data from db
 $datetime = $row['datetime'];
 $title = $row['title'];
 $content = $row['content'];
 
 // show form
 renderForm($id, $datetime, $title, $content, '');
 }
 else
 // if no match, display result
 {
 echo "No results!";
 }
 }
 else
 // if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error
 {
 echo 'Error!';
 }
 }
?>


					</div>

					<div class="postedby">
					</div>
          
				</div>
			
			</div>
			
					<div id="footer">
		</div>
			
			</div>
			
</body>
</html>

  • 0

#117 Ben

Ben

    Administrator

  • Administrators
  • 5,553 posts
  • LocationChico, CA

Posted 20 April 2012 - 12:46 PM

I think the issue is this line within your edit file:

<textarea type="text" name="content" value="<?php echo $content; ?>"></textarea>
A textarea doesn't have a value attribute, as far as I understand it. I believe it needs to be:

<textarea name="content"><?php echo $content; ?></textarea>
I would do a quick web search on textareas and check the exact syntax.
  • 0
Benjamin Falk
Falken Creative : Twitter

#118 LiquidFire

LiquidFire

    New member

  • New Members
  • 5 posts

Posted 20 April 2012 - 04:08 PM

Wow cant believe i forgot about that. lamo, tyvm ben
  • 0

#119 LiquidFire

LiquidFire

    New member

  • New Members
  • 5 posts

Posted 20 April 2012 - 05:07 PM

Ive got another problem now though, when i edit something it gets messed up if it has coding in the post. such as if it has <p align="center"> it will change the align="center" to align=\"center\" will do the same thing to random text like don't will be don\'t

also is there a way to change it to where when im viewing the post to edit or delete them, to show the code if i embeded a video or if theres code in there at all, show that instead of showing what it would look like
  • 0

#120 Ben

Ben

    Administrator

  • Administrators
  • 5,553 posts
  • LocationChico, CA

Posted 20 April 2012 - 05:32 PM

1) You probably need to run stripslashes() on your content before you save it to the database.

2) I think using htmlspecialchars() on the content should disable the HTML and fix your second issue.
  • 0
Benjamin Falk
Falken Creative : Twitter




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users