Help
Hi Rupom Can u please tell me what u did?? Actually I am looking for the same solution.
Basic PHP System: View/Edit/Delete/Add Records
#92
- Group: New Members
- Posts: 7
- Joined: 02-March 12
Posted 03 March 2012 - 06:11 AM
hello, i try to add a new column, but i fail
i add in a SQL file this
in view.php like this
i remove view-paginated.php
in new.php
what is wrong ? please help me, Thanks ! sorry for my english ,i'm from Romania
i add in a SQL file this
CREATE TABLE `players` ( `id` int(11) NOT NULL auto_increment, `leader` varchar(32) NOT NULL, `firstname` varchar(32) NOT NULL, `lastname` varchar(32) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=5 ;
in view.php like this
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>View Records</title>
</head>
<body>
<?php
/*
VIEW.PHP
Displays all data from 'players' table
*/
// connect to the database
include('connect-db.php');
// get results from database
$result = mysql_query("SELECT * FROM players")
or die(mysql_error());
// display data in table
//echo "<p><b>View All</b> | <a href='view-paginated.php?page=1'>View Paginated</a></p>";
echo "<table border='1' cellpadding='10'>";
echo "<tr> <th>ID</th> <th>Leader</th> <th>First Name</th> <th>Last Name</th> <th></th> <th></th></tr>";
// loop through results of database query, displaying them in the table
while($row = mysql_fetch_array( $result )) {
// echo out the contents of each row into a table
echo "<tr>";
echo '<td>' . $row['id'] . '</td>';
echo '<td>' . $row['leader'] . '</td>';
echo '<td>' . $row['firstname'] . '</td>';
echo '<td>' . $row['lastname'] . '</td>';
echo '<td><a href="edit.php?id=' . $row['id'] . '">Edit</a></td>';
echo '<td><a href="delete.php?id=' . $row['id'] . '">Delete</a></td>';
echo "</tr>";
}
// close table>
echo "</table>";
?>
<p><a href="new.php">Add a new record</a></p>
</body>
</html> i remove view-paginated.php
in new.php
<?php
/*
NEW.PHP
Allows user to create a new entry in the database
*/
// creates the new record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($leader, $first, $last, $error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>New Record</title>
</head>
<body>
<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<form action="" method="post">
<div>
<strong>Leader: *</strong> <input type="text" name="leader" value="<?php echo $leader; ?>" /><br/>
<strong>First Name: *</strong> <input type="text" name="firstname" value="<?php echo $first; ?>" /><br/>
<strong>Last Name: *</strong> <input type="text" name="lastname" value="<?php echo $last; ?>" /><br/>
<p>* required</p>
<input type="submit" name="submit" value="Submit">
</div>
</form>
</body>
</html>
<?php
}
// connect to the database
include('connect-db.php');
// check if the form has been submitted. If it has, start to process the form and save it to the database
if (isset($_POST['submit']))
{
// get form data, making sure it is valid
$leader = mysql_real_escape_string(htmlspecialchars($_POST['leader']));
$firstname = mysql_real_escape_string(htmlspecialchars($_POST['firstname']));
$lastname = mysql_real_escape_string(htmlspecialchars($_POST['lastname']));
// check to make sure both fields are entered
if ($leader == '' || $firstname == '' || $lastname == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';
// if either field is blank, display the form again
renderForm($leader, $firstname, $lastname, $error);
}
else
{
// save the data to the database
mysql_query("INSERT players SET leader='$leader' firstname='$firstname', lastname='$lastname'")
or die(mysql_error());
// once saved, redirect back to the view page
header("Location: view.php");
}
}
else
// if the form hasn't been submitted, display the form
{
renderForm('','','');
}
?> what is wrong ? please help me, Thanks ! sorry for my english ,i'm from Romania
#93
- Group: Administrators
- Posts: 5,412
- Joined: 19-December 08
- LocationChico, CA
Posted 03 March 2012 - 11:29 AM
What errors are you getting?
Benjamin Falk | Falken Creative : Twitter : KillerSites Screencast Blog
Skills: Photoshop, Illustrator, HTML, CSS, jQuery, PHP and CodeIgniter
Skills: Photoshop, Illustrator, HTML, CSS, jQuery, PHP and CodeIgniter
#94
- Group: New Members
- Posts: 7
- Joined: 02-March 12
Posted 04 March 2012 - 10:41 AM
not appear in the table/column
#95
- Group: Administrators
- Posts: 5,412
- Joined: 19-December 08
- LocationChico, CA
Posted 04 March 2012 - 10:49 AM
Two things in new.php:
This line
is missing a comma after "$leader":
Secondly, right at the end of the file, this line
probably needs to be this:
This line
mysql_query("INSERT players SET leader='$leader' firstname='$firstname', lastname='$lastname'")is missing a comma after "$leader":
mysql_query("INSERT players SET leader='$leader', firstname='$firstname', lastname='$lastname'")Secondly, right at the end of the file, this line
renderForm('','','');probably needs to be this:
renderForm('','','','');
Benjamin Falk | Falken Creative : Twitter : KillerSites Screencast Blog
Skills: Photoshop, Illustrator, HTML, CSS, jQuery, PHP and CodeIgniter
Skills: Photoshop, Illustrator, HTML, CSS, jQuery, PHP and CodeIgniter
#96
- Group: New Members
- Posts: 7
- Joined: 02-March 12
Posted 04 March 2012 - 10:59 AM
thanks !!! it's working !
#97
- Group: New Members
- Posts: 3
- Joined: 19-March 12
Posted 19 March 2012 - 01:27 PM
First of all, thank you very much Ben for this PHP script. It has helped me immensely for a college project, and has also up'd my interest in web development again!
Now, I wish to expand on your code further to give the ability to add columns to the database. Currently, columns such as FirstName and LastName are pre-defined within the code.
The most basic way to do this would be to create a form with a textbox and submit button, and have PHP use the alter command to create the column. The problem here would be the code to view, edit and add records, since they are still hard-coded with the FirstName and LastName variables.
Is there any particular method you could point me towards to figure this out? I may be a little over my head with this since it may require rewriting the whole PHP code.
Hope I explained this well enough.
Thank you!
Now, I wish to expand on your code further to give the ability to add columns to the database. Currently, columns such as FirstName and LastName are pre-defined within the code.
The most basic way to do this would be to create a form with a textbox and submit button, and have PHP use the alter command to create the column. The problem here would be the code to view, edit and add records, since they are still hard-coded with the FirstName and LastName variables.
Is there any particular method you could point me towards to figure this out? I may be a little over my head with this since it may require rewriting the whole PHP code.
Hope I explained this well enough.
Thank you!
#98
- Group: Administrators
- Posts: 5,412
- Joined: 19-December 08
- LocationChico, CA
Posted 19 March 2012 - 01:55 PM
Maybe you can explain why you would need to programatically modify the database? Most systems that I know and work with don't work that way -- you usually have a set database structure, and you are simply adding/removing/editing records from it.
Benjamin Falk | Falken Creative : Twitter : KillerSites Screencast Blog
Skills: Photoshop, Illustrator, HTML, CSS, jQuery, PHP and CodeIgniter
Skills: Photoshop, Illustrator, HTML, CSS, jQuery, PHP and CodeIgniter
#99
- Group: New Members
- Posts: 3
- Joined: 19-March 12
Posted 19 March 2012 - 02:11 PM
Ah yes you have an extremely good point. I'm probably making it more complicated than it needs to be.
Its scalability really. For the project, I'm building a database interface for contacts. Later on I may realise I need another attribute of data for my contacts list, such as a secondary telephone number.
Do you believe it is a better idea to take into account all attributes that would be required for a contacts database first, then design the database structure?
Extra credits for my class is on the mind, going that extra mile.
Thanks!
Its scalability really. For the project, I'm building a database interface for contacts. Later on I may realise I need another attribute of data for my contacts list, such as a secondary telephone number.
Do you believe it is a better idea to take into account all attributes that would be required for a contacts database first, then design the database structure?
Extra credits for my class is on the mind, going that extra mile.
Thanks!
#100
- Group: Administrators
- Posts: 5,412
- Joined: 19-December 08
- LocationChico, CA
Posted 19 March 2012 - 02:21 PM
If you want to focus on scalability, I'd suggest looking at object oriented programming and MVC -- those will help make your code modular, separating out the responsibilities of your application into individual objects and making things easier to maintain and improve in the future.
Yes, you do want to consider how the application might be expanded... but you can't fully anticipate what sort of changes you will want to make and code for all of them.
Yes, you do want to consider how the application might be expanded... but you can't fully anticipate what sort of changes you will want to make and code for all of them.
Benjamin Falk | Falken Creative : Twitter : KillerSites Screencast Blog
Skills: Photoshop, Illustrator, HTML, CSS, jQuery, PHP and CodeIgniter
Skills: Photoshop, Illustrator, HTML, CSS, jQuery, PHP and CodeIgniter
#101
- Group: New Members
- Posts: 3
- Joined: 19-March 12
Posted 19 March 2012 - 02:29 PM
Understood Ben. OOP and MVC would be extreme overkill for the little project I'm dealing with.
I will keep it simple for now then. Later on if I require such scalable features (being taken on for a client perhaps), then I will look into it further.
Thanks for your time!!
I will keep it simple for now then. Later on if I require such scalable features (being taken on for a client perhaps), then I will look into it further.
Thanks for your time!!
#102
- Group: New Members
- Posts: 7
- Joined: 02-March 12
Posted 26 March 2012 - 03:35 PM
how can add in table a timeleft column and when the time is up ,automatically delete row
if you can...
if you can...
#103
- Group: Administrators
- Posts: 5,412
- Joined: 19-December 08
- LocationChico, CA
Posted 26 March 2012 - 05:13 PM
teke, on 26 March 2012 - 01:35 PM, said:
how can add in table a timeleft column and when the time is up ,automatically delete row
if you can...
if you can...
I don't think that is something that is done with plain PHP -- I believe you would need to use a CRON job that repeats a certain number of times a day to call a PHP script to do the cleanup. If you are dealing with small amounts of time (minutes rather than hours, for example) you might use AJAX that loops every x seconds to call a PHP script to do the cleanup.
Benjamin Falk | Falken Creative : Twitter : KillerSites Screencast Blog
Skills: Photoshop, Illustrator, HTML, CSS, jQuery, PHP and CodeIgniter
Skills: Photoshop, Illustrator, HTML, CSS, jQuery, PHP and CodeIgniter
#104
- Group: New Members
- Posts: 7
- Joined: 02-March 12
Posted 27 March 2012 - 04:54 AM
the time in days i need, anyway thanks !
#105
- Group: New Members
- Posts: 7
- Joined: 02-March 12
Posted 28 March 2012 - 02:53 PM
i returned... do you know something about countdown timer in table? any
#106
- Group: New Members
- Posts: 1
- Joined: 03-April 12
Posted 03 April 2012 - 10:53 AM
I have some problem with this tutorial. I made a bit change to suit my forum script I building. Heres what my changed files.
EDIT.PHP
and NEW.PHP
In both Im getting error "ERROR: Please fill in all required fields" if I want to change something or add. The delete option is working.
EDIT.PHP
<?php
//create_cat.php
include 'connect.php';
include 'header.php';
include 'modules/bbcode.php';
/*
EDIT.PHP
Allows user to edit specific entry in database
*/
// creates the edit record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($id, $firstname, $error)
{
?>
<html>
<head>
<title>Edit Record</title>
</head>
<body>
<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<form action="" method="post">
<input type="hidden" name="id" value="<?php echo $id; ?>"/>
<div>
<p><strong>ID:</strong> <?php echo $id; ?></p>
<strong>Content*</strong> <input type="text" name="firstname" value="<?php echo $firstname; ?>"/><br/>
<p>* Required</p>
<input type="submit" name="submit" value="Submit">
</div>
<a href="/settings.php">Back</a>
</form>
</body>
</html>
<?php
}
// connect to the database
// check if the form has been submitted. If it has, process the form and save it to the database
if (isset($_POST['submit']))
{
// confirm that the 'id' value is a valid integer before getting the form data
if (is_numeric($_POST['id']))
{
// get form data, making sure it is valid
$id = $_POST['post_id'];
$firstname = mysql_real_escape_string(htmlspecialchars($_POST['post_content']));
// check that firstname/lastname fields are both filled in
if ($firstname == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';
//error, display form
renderForm($id, $firstname, $error);
}
else
{
// save the data to the database
mysql_query("UPDATE
posts
SET
post_content='$firstname'
WHERE post_id='$id'")
or die(mysql_error());
// once saved, redirect back to the view page
header("Location: settings.php");
}
}
else
{
// if the 'id' isn't valid, display an error
echo 'Error!';
}
}
else
// if the form hasn't been submitted, get the data from the db and display the form
{
// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0)
{
// query db
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM posts WHERE post_id=$id")
or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if($row)
{
// get data from db
$firstname = $row['post_content'];
// show form
renderForm($id, $firstname, '');
}
else
// if no match, display result
{
echo "No results!";
}
}
else
// if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error
{
echo 'Error!';
}
}
include 'footer.php';
?>and NEW.PHP
<?php
//create_cat.php
include 'connect.php';
include 'header.php';
/*
NEW.PHP
Allows user to create a new entry in the database
*/
// creates the new record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($first, $last, $error)
{
?>
<html>
<head>
<title>New Record</title>
</head>
<body>
<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<form action="" method="post">
<div>
<strong>Content: *</strong> <input type="textarea" name="firstname" value="<?php echo $first; ?>" /><br/>
<p>* required</p>
<input type="submit" name="submit" value="Submit">
</div>
</form>
</body>
</html>
<?php
}
// check if the form has been submitted. If it has, start to process the form and save it to the database
if (isset($_POST['submit']))
{
// get form data, making sure it is valid
$firstname = mysql_real_escape_string(htmlspecialchars($_POST['post_content']));
// check to make sure both fields are entered
if ($firstname == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';
// if either field is blank, display the form again
renderForm($first, $last, $error);
}
else
{
// save the data to the database
mysql_query("INSERT posts SET post_content='$firstname'")
or die(mysql_error());
// once saved, redirect back to the view page
header("Location: settings.php");
}
}
else
// if the form hasn't been submitted, display the form
{
renderForm('','','');
}
include 'footer.php';
?>
In both Im getting error "ERROR: Please fill in all required fields" if I want to change something or add. The delete option is working.
#107
- Group: New Members
- Posts: 9
- Joined: 10-April 12
Posted 10 April 2012 - 07:19 PM
First post, please be kind!
Ok, so I don't really know much about anything regarding PHP/MySQL - I can do HTML and Flash (providing that is stays away from DBs)...
So I downloaded and installed XAMPP, basically copied and pasted, made all the necessary files - and now I have your basic PHP program running on my computer *ALMOST* exactly as you have it on yours (BEN).
The problem I am having, and i can't figure it out for the life of me is why I get this unexplainable text at the top of the page saying "VALUES(4, 'Sam', 'Smith');" which is the last line of code that I imported into the "RECORDS" DB... (screen shot included). This text will follow me to every part of the program (new.php, edit.php...)
Any ideas of what I missed?
PS - The reason I am learning this is to help someone else with a school project. The more I look into PHP the more I want to know, so this might be the start of a long relationship.
Cheers,
Face
Ok, so I don't really know much about anything regarding PHP/MySQL - I can do HTML and Flash (providing that is stays away from DBs)...
So I downloaded and installed XAMPP, basically copied and pasted, made all the necessary files - and now I have your basic PHP program running on my computer *ALMOST* exactly as you have it on yours (BEN).
The problem I am having, and i can't figure it out for the life of me is why I get this unexplainable text at the top of the page saying "VALUES(4, 'Sam', 'Smith');" which is the last line of code that I imported into the "RECORDS" DB... (screen shot included). This text will follow me to every part of the program (new.php, edit.php...)
Any ideas of what I missed?
PS - The reason I am learning this is to help someone else with a school project. The more I look into PHP the more I want to know, so this might be the start of a long relationship.
Cheers,
Face
#108
- Group: Administrators
- Posts: 5,412
- Joined: 19-December 08
- LocationChico, CA
Posted 10 April 2012 - 07:29 PM
@Face: I would suggest looking at your connect-db.php file. I'm betting that you didn't do the copy/paste exactly right, and you may have that text at the beginning of the file, probably before the opening <?php tag.
Benjamin Falk | Falken Creative : Twitter : KillerSites Screencast Blog
Skills: Photoshop, Illustrator, HTML, CSS, jQuery, PHP and CodeIgniter
Skills: Photoshop, Illustrator, HTML, CSS, jQuery, PHP and CodeIgniter
#109
- Group: New Members
- Posts: 9
- Joined: 10-April 12
Posted 10 April 2012 - 07:35 PM
And of course that is exactly what it was. Thanks for your very quick response to a very stupid problem... I had checked all the files except for that one.
Thanks again. from this point I expect to make my own modifications and actually start learning stuff - so you should be hearing from me soon (very).
Cheers,
Face
Thanks again. from this point I expect to make my own modifications and actually start learning stuff - so you should be hearing from me soon (very).
Cheers,
Face
#110
- Group: New Members
- Posts: 9
- Joined: 10-April 12
Posted 10 April 2012 - 07:48 PM
Actually, to help myself out I'm going to let you all in on what the project is.
Basically its supposed to be a simple PHP/MySQL database that keeps track of books coming in/out of a collection. So basically what I am going to try to do is add a Title, Publisher, and Date Aqcuired column... perhaps a "Aqcuired from where." while always keeping the ability to delete/edit/add...
and then I will move onto a program for myself that can help me inventory shop tools / materials.
Always happy to recieve advice!
Cheers,
Face
Basically its supposed to be a simple PHP/MySQL database that keeps track of books coming in/out of a collection. So basically what I am going to try to do is add a Title, Publisher, and Date Aqcuired column... perhaps a "Aqcuired from where." while always keeping the ability to delete/edit/add...
and then I will move onto a program for myself that can help me inventory shop tools / materials.
Always happy to recieve advice!
Cheers,
Face
#111
- Group: New Members
- Posts: 1
- Joined: 10-April 12
Posted 11 April 2012 - 12:12 AM
How do you type an if statement using $_POST for checkboxes as in IT classes taken or needed, ie IT101b, IT205b, IT210b, IT310b in php? I am a Super Noob and am quite lost because the if statements in Java seem to be easier to figure out than so far in PHP.
Thanks for any assistance with my issue.
Thanks for any assistance with my issue.
#112
- Group: Administrators
- Posts: 5,412
- Joined: 19-December 08
- LocationChico, CA
Posted 11 April 2012 - 09:26 AM
Jeffro78, on 10 April 2012 - 10:12 PM, said:
How do you type an if statement using $_POST for checkboxes as in IT classes taken or needed, ie IT101b, IT205b, IT210b, IT310b in php? I am a Super Noob and am quite lost because the if statements in Java seem to be easier to figure out than so far in PHP.
Thanks for any assistance with my issue.
Thanks for any assistance with my issue.
Checkboxes are a little trickier than the standard input elements. Take a look here: http://www.homeandle...hp/php4p11.html -- this will explain how to check if a checkbox is set or not.
Benjamin Falk | Falken Creative : Twitter : KillerSites Screencast Blog
Skills: Photoshop, Illustrator, HTML, CSS, jQuery, PHP and CodeIgniter
Skills: Photoshop, Illustrator, HTML, CSS, jQuery, PHP and CodeIgniter
#113
- Group: New Members
- Posts: 9
- Joined: 10-April 12
Posted 12 April 2012 - 11:26 PM
Me again! Things are moving along. Added a search box where you can search "players" by name or id. Added a few more columns to the table. and some other buttons and changed the look of it a bit - now i'm wondering....
.... What would be the best way to have a "confirm delete" option? Can it be done in PHP? or would it have to be javascript? Or just a generic button?
Cheers,
Face
.... What would be the best way to have a "confirm delete" option? Can it be done in PHP? or would it have to be javascript? Or just a generic button?
Cheers,
Face
#114
- Group: Administrators
- Posts: 5,412
- Joined: 19-December 08
- LocationChico, CA
Posted 13 April 2012 - 10:26 AM
The easiest way would be do use javascript -- pop up a confirm box asking the user to click "yes", and then redirecting to the delete page only if the user clicks yes.
However, I have heard that it is a best practice to avoid this, and try to avoid using a url that automatically deletes a record only based on $_GET data since there is a chance that it could be abused -- for example, what if the admin user was emailed a link (or something innocent that didn't look like a link) and they clicked on it and it deleted the record?. In addition, only using a Javascript based confirm would mean that for anyone who used the system with Javascript off, it would automatically bypass the confirmation (then again, the number of users who browse with Javascript off is pretty low).
The "best practice" way of going about this would probably have the confirm delete function built into the delete page, so the user visits "delete.php?id=x" and instead of immediately deleting the record, they are asked to confirm within a form, and the item is only deleted based on a "yes" response in the $_POST data.
Alternately, you could build this form into the main page that shows all the records, confirm delete using a Javascript confirm() function, and then only delete the item(s) based on the $_POST data.
However, I have heard that it is a best practice to avoid this, and try to avoid using a url that automatically deletes a record only based on $_GET data since there is a chance that it could be abused -- for example, what if the admin user was emailed a link (or something innocent that didn't look like a link) and they clicked on it and it deleted the record?. In addition, only using a Javascript based confirm would mean that for anyone who used the system with Javascript off, it would automatically bypass the confirmation (then again, the number of users who browse with Javascript off is pretty low).
The "best practice" way of going about this would probably have the confirm delete function built into the delete page, so the user visits "delete.php?id=x" and instead of immediately deleting the record, they are asked to confirm within a form, and the item is only deleted based on a "yes" response in the $_POST data.
Alternately, you could build this form into the main page that shows all the records, confirm delete using a Javascript confirm() function, and then only delete the item(s) based on the $_POST data.
Benjamin Falk | Falken Creative : Twitter : KillerSites Screencast Blog
Skills: Photoshop, Illustrator, HTML, CSS, jQuery, PHP and CodeIgniter
Skills: Photoshop, Illustrator, HTML, CSS, jQuery, PHP and CodeIgniter
#115
- Group: New Members
- Posts: 9
- Joined: 10-April 12
Posted 13 April 2012 - 02:59 PM
Thanks, I will see what I can manage. The chances are I will go with Javascript, the reason being that this is a school project for someone and will be run using XAMPP or some sort of similar program - so i'm not so much worried about security issues. Hopefully the person evaluating the project isn't worried either.
I will continue to investigate anyhow.
Cheers,
Face
I will continue to investigate anyhow.
Cheers,
Face
#116
- Group: New Members
- Posts: 5
- Joined: 20-April 12
Posted 20 April 2012 - 12:20 PM
Hey ben, really like the code and modded it to fit my benefits but im having a small problem with editing where what it shows when im viewing a post i had made it doesn't show up in the box when i click edit (view attachment if you dont understand)
ADMIN.PHP
EDIT.PHP
ADMIN.PHP
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php
include("../include/session.php");
include("db.php");
?>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>AzureDivinity's Website</title>
<link href="../../css/style1.css" rel="stylesheet" type="text/css">
<link href="../../css/style2.css" rel="stylesheet" type="text/css">
<link href="../../css/style3.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" href="../../slider/themes/default/default.css" type="text/css" media="screen" />
<link rel="stylesheet" href="../../slider/nivo-slider.css" type="text/css" media="screen" />
</head>
<body>
<div id="everything">
<div id="header">
<ul id="menu">
<li><a class="main" href="http://azuredivinity.com/"></a></li>
<li><a class="profile" href="http://azuredivinity.com/profile.php"></a></li>
<li><a class="cms" href="http://azuredivinity.com/forum/content.php"></a></li>
<li><a class="forum" href="http://azuredivinity.com/forum/forum.php"></a></li>
<li><a class="blog" href="http://azuredivinity.com/forum/blog.php"></a></li>
<li><a class="contact" href="http://azuredivinity.com/index.php?page=contact"></a></li>
<li><a class="login" href="http://azuredivinity.com/login/main.php"></a></li>
<li><a class="rotate" href="http://azuredivinity.com/#"></a></li>
<li><a class="coaching" href="http://azuredivinity.com/coaching/index.html"></a></li>
<li><a class="clanex" href="http://www.combatex.com/forum/index.php"></a></li>
</ul>
</div>
<div id="middle">
<div class="slider-wrapper theme-default">
<div class="ribbon">
</div>
<div id="slider" class="nivoSlider">
<img src="../../css/images/slider_images/img15.png" alt="" />
<img src="../../css/images/slider_images/img1.png" alt="" />
<img src="../../css/images/slider_images/img3.png" alt="" />
<img src="../../css/images/slider_images/img6.png" alt="" />
<img src="../../css/images/slider_images/img7.png" alt="" />
<img src="../../css/images/slider_images/img8.png" alt="" />
<img src="../../css/images/slider_images/img9.png" alt="" />
<img src="../../css/images/slider_images/img10.png" alt="" />
<img src="../../css/images/slider_images/img11.png" alt="" />
<img src="../../css/images/slider_images/img12.png" alt="" />
<img src="../../css/images/slider_images/img13.png" alt="" />
<img src="../../css/images/slider_images/img14.png" alt="" />
</div>
</div>
</div>
<script type="text/javascript" src="../../slider/scripts/jquery-1.6.1.min.js"></script>
<script type="text/javascript" src="../../slider/jquery.nivo.slider.pack.js"></script>
<script type="text/javascript">
$(window).load(function() {
$('#slider').nivoSlider();
});
</script>
<br />
<br />
<br />
<div id="left_column">
<div class="left_break">
</div>
<div class="left">
<div class="left_nav_header">
</div>
<div class="post_body_nav">
<div id="navigation">
<a class="tbt" href="http://blacktowerclan.com/"></a>
<a class="scu" href="http://starcraftuniverse.org"></a>
<a class="combat" href="http://www.twitch.tv/combatex"></a>
<a class="clanwater" href="http://www.twitch.tv/clanwater"></a>
<a class="azure" href="http://www.justin.tv/azuredivinity"></a>
<a class="teammnm" href="http://www.twitch.tv/mnmsc2?"></a>
<a class="combatsite" href="http://www.combatex.com/" target="_blank"></a>
<a class="vile" href="http://www.twitch.tv/illusioncss" target="_blank"></a>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="TG4YRKN4S3NDY">
<input type="image" src="../css/images/buttons/donate2.png" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
</div>
</div>
<div class="footer">
</div>
</div>
<div class="left">
<div class="left_break">
</div>
<div class="left_header">
</div>
<div class="post_body_nav">
<br><p><img src="../../css/images/achievements/achieve_1.png" alt="About Me" align="center"/></p></br>
<br><p><img src="../../css/images/achievements/achieve_2.png" alt="About Me" align="center"/></p></br>
<br><p><img src="../../css/images/achievements/achieve_3.png" alt="About Me" align="center"/></p></br>
<br><p><img src="../../css/images/achievements/achieve_4.png" alt="About Me" align="center"/></p></br>
<br><p><img src="../../css/images/achievements/achieve_5.png" alt="About Me" align="center"/></p></br>
</div>
<div class="footer">
</div>
</div>
</div>
<div id="middle_column" class="two_column">
<div class="post">
<div class="header">
</div>
<div class="post_body">
<?
/**
* User not an administrator, redirect to main page
* automatically.
*/
if(!$session->isAdmin()){
printf("<script>location.href='main.php'</script>");
}
else{
/**
* Administrator is viewing page, so display all
* forms.
*/
?>
<h1>Admin Center</h1>
<font size="5" color="#ff0000">
<b>::::::::::::::::::::::::::::::::::::::::::::</b></font>
<font size="4">Logged in as <b><? echo $session->username; ?></b></font><br><br>
Back to [<a href="main.php">Main Page</a>]<br><br>
Add A [<a href="http://www.azuredivinity.com/index.php?p=add">New Entry</a>]<br><br>
<?
if($form->num_errors > 0){
echo "<font size=\"4\" color=\"#ff0000\">"
."!*** Error with request, please fix</font><br><br>";
}
?>
<?php
// number of results to show per page
$per_page = 6;
// figure out the total pages in the database
$result = mysql_query("SELECT * FROM tt_blog");
$total_results = mysql_num_rows($result);
$total_pages = ceil($total_results / $per_page);
// check if the 'page' variable is set in the URL (ex: view-paginated.php?page=1)
if (isset($_GET['page']) && is_numeric($_GET['page']))
{
$show_page = $_GET['page'];
// make sure the $show_page value is valid
if ($show_page > 0 && $show_page <= $total_pages)
{
$start = ($show_page -1) * $per_page;
$end = $start + $per_page;
}
else
{
// error - show first set of results
$start = 0;
$end = $per_page;
}
}
else
{
// if page isn't set, show first set of results
$start = 0;
$end = $per_page;
}
// display pagination
for ($i = 1; $i <= $total_pages; $i++)
{
echo "<a href='admin.php?page=$i'>$i</a> ";
}
echo "</p>";
// display data in table
echo "<table border='1' cellpadding='10'>";
echo "<tr> <th>ID</th> <th>Post Date</th> <th>Post Title</th> <th>Post Text</th> <th></th> <th></th></tr>";
// loop through results of database query, displaying them in the table
for ($i = $start; $i < $end; $i++)
{
// make sure that PHP doesn't try to show results that don't exist
if ($i == $total_results) { break; }
// echo out the contents of each row into a table
echo "<tr>";
echo '<td>' . mysql_result($result, $i, 'id') . '</td>';
echo '<td>' . mysql_result($result, $i, 'datetime') . '</td>';
echo '<td>' . mysql_result($result, $i, 'title') . '</td>';
echo '<td>' . mysql_result($result, $i, 'content') . '</td>';
echo '<td><a href="edit.php?id=' . mysql_result($result, $i, 'id') . '">Edit</a></td>';
echo '<td><a href="delete.php?id=' . mysql_result($result, $i, 'id') . '">Delete</a></td>';
echo "</tr>";
}
// close table>
echo "</table>";
// pagination
?>
<?
}
?>
</div>
<div class="postedby">
</div>
</div>
</div>
<div id="footer">
</div>
</div>
</body>
</html>EDIT.PHP
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?php
include("../include/sessions.php");
?>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>AzureDivinity's Website</title>
<link href="../../css/style1.css" rel="stylesheet" type="text/css">
<link href="../../css/style2.css" rel="stylesheet" type="text/css">
<link href="../../css/style3.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" href="../../slider/themes/default/default.css" type="text/css" media="screen" />
<link rel="stylesheet" href="../../slider/nivo-slider.css" type="text/css" media="screen" />
</head>
<body>
<div id="everything">
<div id="header">
<ul id="menu">
<li><a class="main" href="http://azuredivinity.com/"></a></li>
<li><a class="profile" href="http://azuredivinity.com/profile.php"></a></li>
<li><a class="cms" href="http://azuredivinity.com/forum/content.php"></a></li>
<li><a class="forum" href="http://azuredivinity.com/forum/forum.php"></a></li>
<li><a class="blog" href="http://azuredivinity.com/forum/blog.php"></a></li>
<li><a class="contact" href="http://azuredivinity.com/index.php?page=contact"></a></li>
<li><a class="login" href="http://azuredivinity.com/login/main.php"></a></li>
<li><a class="rotate" href="http://azuredivinity.com/#"></a></li>
<li><a class="coaching" href="http://azuredivinity.com/coaching/index.html"></a></li>
<li><a class="clanex" href="http://www.combatex.com/forum/index.php"></a></li>
</ul>
</div>
<div id="middle">
<div class="slider-wrapper theme-default">
<div class="ribbon">
</div>
<div id="slider" class="nivoSlider">
<img src="../../css/images/slider_images/img15.png" alt="" />
<img src="../../css/images/slider_images/img1.png" alt="" />
<img src="../../css/images/slider_images/img3.png" alt="" />
<img src="../../css/images/slider_images/img6.png" alt="" />
<img src="../../css/images/slider_images/img7.png" alt="" />
<img src="../../css/images/slider_images/img8.png" alt="" />
<img src="../../css/images/slider_images/img9.png" alt="" />
<img src="../../css/images/slider_images/img10.png" alt="" />
<img src="../../css/images/slider_images/img11.png" alt="" />
<img src="../../css/images/slider_images/img12.png" alt="" />
<img src="../../css/images/slider_images/img13.png" alt="" />
<img src="../../css/images/slider_images/img14.png" alt="" />
</div>
</div>
</div>
<script type="text/javascript" src="../../slider/scripts/jquery-1.6.1.min.js"></script>
<script type="text/javascript" src="../../slider/jquery.nivo.slider.pack.js"></script>
<script type="text/javascript">
$(window).load(function() {
$('#slider').nivoSlider();
});
</script>
<br />
<br />
<br />
<div id="left_column">
<div class="left_break">
</div>
<div class="left">
<div class="left_nav_header">
</div>
<div class="post_body_nav">
<div id="navigation">
<a class="tbt" href="http://blacktowerclan.com/"></a>
<a class="scu" href="http://starcraftuniverse.org"></a>
<a class="combat" href="http://www.twitch.tv/combatex"></a>
<a class="clanwater" href="http://www.twitch.tv/clanwater"></a>
<a class="azure" href="http://www.justin.tv/azuredivinity"></a>
<a class="teammnm" href="http://www.twitch.tv/mnmsc2?"></a>
<a class="combatsite" href="http://www.combatex.com/" target="_blank"></a>
<a class="vile" href="http://www.twitch.tv/illusioncss" target="_blank"></a>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="TG4YRKN4S3NDY">
<input type="image" src="../../css/images/buttons/donate2.png" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
</div>
</div>
<div class="footer">
</div>
</div>
<div class="left">
<div class="left_break">
</div>
<div class="left_header">
</div>
<div class="post_body_nav">
<br><p><img src="../../css/images/achievements/achieve_1.png" alt="About Me" align="center"/></p></br>
<br><p><img src="../../css/images/achievements/achieve_2.png" alt="About Me" align="center"/></p></br>
<br><p><img src="../../css/images/achievements/achieve_3.png" alt="About Me" align="center"/></p></br>
<br><p><img src="../../css/images/achievements/achieve_4.png" alt="About Me" align="center"/></p></br>
<br><p><img src="../../css/images/achievements/achieve_5.png" alt="About Me" align="center"/></p></br>
</div>
<div class="footer">
</div>
</div>
</div>
<div id="middle_column" class="two_column">
<div class="post">
<div class="header">
</div>
<div class="post_body">
<?php
/*
EDIT.PHP
Allows user to edit specific entry in database
*/
// creates the edit record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($id, $datetime, $title, $content, $error)
{
?>
<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<form action="" method="post">
<input type="hidden" name="id" value="<?php echo $id; ?>"/>
<div>
<p><strong>ID:</strong> <?php echo $id; ?></p>
<strong>Post Date: *</strong> <input type="text" name="datetime" value="<?php echo $datetime; ?>"/><br/>
<strong>Post Title: *</strong> <input type="text" name="title" value="<?php echo $title; ?>"/><br/>
<strong>Post Text: *</strong> <textarea type="text" name="content" value="<?php echo $content; ?>"></textarea><br/>
<p>* Required</p>
<input type="submit" name="submit" value="Submit">
</div>
</form>
</body>
</html>
<?php
}
// connect to the database
include('db.php');
// check if the form has been submitted. If it has, process the form and save it to the database
if (isset($_POST['submit']))
{
// confirm that the 'id' value is a valid integer before getting the form data
if (is_numeric($_POST['id']))
{
// get form data, making sure it is valid
$id = $_POST['id'];
$datetime = mysql_real_escape_string(htmlspecialchars($_POST['datetime']));
$title = mysql_real_escape_string(htmlspecialchars($_POST['title']));
$content = mysql_real_escape_string(htmlspecialchars($_POST['content']));
// check that datetime/title fields are both filled in
if ($datetime == '' || $title == '' || $content == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';
//error, display form
renderForm($id, $datetime, $title, $content, $error);
}
else
{
// save the data to the database
mysql_query("UPDATE tt_blog SET datetime='$datetime', title='$title', 'content=$content' WHERE id='$id'")
or die(mysql_error());
// once saved, redirect back to the view page
header("Location: admin.php");
}
}
else
{
// if the 'id' isn't valid, display an error
echo 'Error!';
}
}
else
// if the form hasn't been submitted, get the data from the db and display the form
{
// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0)
{
// query db
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM tt_blog WHERE id=$id")
or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if($row)
{
// get data from db
$datetime = $row['datetime'];
$title = $row['title'];
$content = $row['content'];
// show form
renderForm($id, $datetime, $title, $content, '');
}
else
// if no match, display result
{
echo "No results!";
}
}
else
// if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error
{
echo 'Error!';
}
}
?>
</div>
<div class="postedby">
</div>
</div>
</div>
<div id="footer">
</div>
</div>
</body>
</html>
#117
- Group: Administrators
- Posts: 5,412
- Joined: 19-December 08
- LocationChico, CA
Posted 20 April 2012 - 12:46 PM
I think the issue is this line within your edit file:
A textarea doesn't have a value attribute, as far as I understand it. I believe it needs to be:
I would do a quick web search on textareas and check the exact syntax.
<textarea type="text" name="content" value="<?php echo $content; ?>"></textarea>
A textarea doesn't have a value attribute, as far as I understand it. I believe it needs to be:
<textarea name="content"><?php echo $content; ?></textarea>
I would do a quick web search on textareas and check the exact syntax.
Benjamin Falk | Falken Creative : Twitter : KillerSites Screencast Blog
Skills: Photoshop, Illustrator, HTML, CSS, jQuery, PHP and CodeIgniter
Skills: Photoshop, Illustrator, HTML, CSS, jQuery, PHP and CodeIgniter
#118
- Group: New Members
- Posts: 5
- Joined: 20-April 12
Posted 20 April 2012 - 04:08 PM
Wow cant believe i forgot about that. lamo, tyvm ben
#119
- Group: New Members
- Posts: 5
- Joined: 20-April 12
Posted 20 April 2012 - 05:07 PM
Ive got another problem now though, when i edit something it gets messed up if it has coding in the post. such as if it has <p align="center"> it will change the align="center" to align=\"center\" will do the same thing to random text like don't will be don\'t
also is there a way to change it to where when im viewing the post to edit or delete them, to show the code if i embeded a video or if theres code in there at all, show that instead of showing what it would look like
also is there a way to change it to where when im viewing the post to edit or delete them, to show the code if i embeded a video or if theres code in there at all, show that instead of showing what it would look like
#120
- Group: Administrators
- Posts: 5,412
- Joined: 19-December 08
- LocationChico, CA
Posted 20 April 2012 - 05:32 PM
1) You probably need to run stripslashes() on your content before you save it to the database.
2) I think using htmlspecialchars() on the content should disable the HTML and fix your second issue.
2) I think using htmlspecialchars() on the content should disable the HTML and fix your second issue.
Benjamin Falk | Falken Creative : Twitter : KillerSites Screencast Blog
Skills: Photoshop, Illustrator, HTML, CSS, jQuery, PHP and CodeIgniter
Skills: Photoshop, Illustrator, HTML, CSS, jQuery, PHP and CodeIgniter
