Jump to content
Killersites Community
falkencreative

Basic Php System: View/edit/delete/add Records

Recommended Posts

hello, i try to add a new column, but i fail

 

i add in a SQL file this

 

CREATE TABLE `players` (
`id` int(11) NOT NULL auto_increment,
`leader` varchar(32) NOT NULL,
`firstname` varchar(32) NOT NULL,
`lastname` varchar(32) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=5 ;

 

in view.php like this

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
       <title>View Records</title>
</head>
<body>

<?php
/* 
       VIEW.PHP
       Displays all data from 'players' table
*/

       // connect to the database
       include('connect-db.php');

       // get results from database
       $result = mysql_query("SELECT * FROM players") 
               or die(mysql_error());  

       // display data in table
       //echo "<p><b>View All</b> | <a href='view-paginated.php?page=1'>View Paginated</a></p>";

       echo "<table border='1' cellpadding='10'>";
       echo "<tr> <th>ID</th> <th>Leader</th> <th>First Name</th> <th>Last Name</th> <th></th> <th></th></tr>";

       // loop through results of database query, displaying them in the table
       while($row = mysql_fetch_array( $result )) {

               // echo out the contents of each row into a table
               echo "<tr>";
               echo '<td>' . $row['id'] . '</td>';
               echo '<td>' . $row['leader'] . '</td>';
               echo '<td>' . $row['firstname'] . '</td>';
               echo '<td>' . $row['lastname'] . '</td>';
               echo '<td><a href="edit.php?id=' . $row['id'] . '">Edit</a></td>';
               echo '<td><a href="delete.php?id=' . $row['id'] . '">Delete</a></td>';
               echo "</tr>"; 
       } 

       // close table>
       echo "</table>";
?>
<p><a href="new.php">Add a new record</a></p>

</body>
</html> 

 

i remove view-paginated.php

 

in new.php

 

<?php
/* 
NEW.PHP
Allows user to create a new entry in the database
*/

// creates the new record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($leader, $first, $last, $error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>New Record</title>
</head>
<body>
<?php 
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?> 

<form action="" method="post">
<div>
<strong>Leader: *</strong> <input type="text" name="leader" value="<?php echo $leader; ?>" /><br/>
<strong>First Name: *</strong> <input type="text" name="firstname" value="<?php echo $first; ?>" /><br/>
<strong>Last Name: *</strong> <input type="text" name="lastname" value="<?php echo $last; ?>" /><br/>
<p>* required</p>
<input type="submit" name="submit" value="Submit">
</div>
</form> 
</body>
</html>
<?php 
}




// connect to the database
include('connect-db.php');

// check if the form has been submitted. If it has, start to process the form and save it to the database
if (isset($_POST['submit']))
{ 
// get form data, making sure it is valid
$leader = mysql_real_escape_string(htmlspecialchars($_POST['leader']));
$firstname = mysql_real_escape_string(htmlspecialchars($_POST['firstname']));
$lastname = mysql_real_escape_string(htmlspecialchars($_POST['lastname']));

// check to make sure both fields are entered
if ($leader == '' || $firstname == '' || $lastname == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';

// if either field is blank, display the form again
renderForm($leader, $firstname, $lastname, $error);
}
else
{
// save the data to the database
mysql_query("INSERT players SET leader='$leader' firstname='$firstname', lastname='$lastname'")
or die(mysql_error()); 

// once saved, redirect back to the view page
header("Location: view.php"); 
}
}
else
// if the form hasn't been submitted, display the form
{
renderForm('','','');
}
?> 

 

 

what is wrong ? please help me, Thanks ! sorry for my english ,i'm from Romania

Share this post


Link to post
Share on other sites

Two things in new.php:

 

This line

 

mysql_query("INSERT players SET leader='$leader' firstname='$firstname', lastname='$lastname'")

is missing a comma after "$leader":

 

mysql_query("INSERT players SET leader='$leader', firstname='$firstname', lastname='$lastname'")

Secondly, right at the end of the file, this line

 

renderForm('','','');

probably needs to be this:

 

renderForm('','','','');

  • Upvote 1

Share this post


Link to post
Share on other sites

First of all, thank you very much Ben for this PHP script. It has helped me immensely for a college project, and has also up'd my interest in web development again!

 

Now, I wish to expand on your code further to give the ability to add columns to the database. Currently, columns such as FirstName and LastName are pre-defined within the code.

 

The most basic way to do this would be to create a form with a textbox and submit button, and have PHP use the alter command to create the column. The problem here would be the code to view, edit and add records, since they are still hard-coded with the FirstName and LastName variables.

 

Is there any particular method you could point me towards to figure this out? I may be a little over my head with this since it may require rewriting the whole PHP code.

 

Hope I explained this well enough.

 

Thank you!

Share this post


Link to post
Share on other sites

Maybe you can explain why you would need to programatically modify the database? Most systems that I know and work with don't work that way -- you usually have a set database structure, and you are simply adding/removing/editing records from it.

Share this post


Link to post
Share on other sites

Ah yes you have an extremely good point. I'm probably making it more complicated than it needs to be.

 

Its scalability really. For the project, I'm building a database interface for contacts. Later on I may realise I need another attribute of data for my contacts list, such as a secondary telephone number.

 

Do you believe it is a better idea to take into account all attributes that would be required for a contacts database first, then design the database structure?

 

Extra credits for my class is on the mind, going that extra mile. :rolleyes:

 

Thanks!

Share this post


Link to post
Share on other sites

If you want to focus on scalability, I'd suggest looking at object oriented programming and MVC -- those will help make your code modular, separating out the responsibilities of your application into individual objects and making things easier to maintain and improve in the future.

 

Yes, you do want to consider how the application might be expanded... but you can't fully anticipate what sort of changes you will want to make and code for all of them.

Share this post


Link to post
Share on other sites

Understood Ben. OOP and MVC would be extreme overkill for the little project I'm dealing with.

 

I will keep it simple for now then. Later on if I require such scalable features (being taken on for a client perhaps), then I will look into it further.

 

Thanks for your time!! ^_^

Share this post


Link to post
Share on other sites

how can add in table a timeleft column and when the time is up ,automatically delete row

 

if you can...

I don't think that is something that is done with plain PHP -- I believe you would need to use a CRON job that repeats a certain number of times a day to call a PHP script to do the cleanup. If you are dealing with small amounts of time (minutes rather than hours, for example) you might use AJAX that loops every x seconds to call a PHP script to do the cleanup.

Share this post


Link to post
Share on other sites

I have some problem with this tutorial. I made a bit change to suit my forum script I building. Heres what my changed files.

EDIT.PHP

<?php
//create_cat.php
include 'connect.php';
include 'header.php';
include 'modules/bbcode.php';

/* 
EDIT.PHP
Allows user to edit specific entry in database
*/

// creates the edit record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($id, $firstname, $error)
{
?>
<html>
<head>
<title>Edit Record</title>
</head>
<body>
<?php 
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?> 

<form action="" method="post">
<input type="hidden" name="id" value="<?php echo $id; ?>"/>
<div>
<p><strong>ID:</strong> <?php echo $id; ?></p>
<strong>Content*</strong> <input type="text" name="firstname" value="<?php echo $firstname; ?>"/><br/>
<p>* Required</p>
<input type="submit" name="submit" value="Submit">
</div>
<a href="/settings.php">Back</a>
</form> 
</body>
</html> 
<?php
}



// connect to the database


// check if the form has been submitted. If it has, process the form and save it to the database
if (isset($_POST['submit']))
{ 
// confirm that the 'id' value is a valid integer before getting the form data
if (is_numeric($_POST['id']))
{
// get form data, making sure it is valid
$id = $_POST['post_id'];
$firstname = mysql_real_escape_string(htmlspecialchars($_POST['post_content']));

// check that firstname/lastname fields are both filled in
if ($firstname == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';

//error, display form
renderForm($id, $firstname, $error);
}
else
{
// save the data to the database
mysql_query("UPDATE 
				posts
			SET 
				post_content='$firstname' 
			WHERE post_id='$id'")

or die(mysql_error()); 

// once saved, redirect back to the view page
header("Location: settings.php"); 
}
}
else
{
// if the 'id' isn't valid, display an error
echo 'Error!';
}
}
else
// if the form hasn't been submitted, get the data from the db and display the form
{

// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0)
{
// query db
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM posts WHERE post_id=$id")
or die(mysql_error()); 
$row = mysql_fetch_array($result);

// check that the 'id' matches up with a row in the databse
if($row)
{

// get data from db
$firstname = $row['post_content'];

// show form
renderForm($id, $firstname, '');
}
else
// if no match, display result
{
echo "No results!";
}
}
else
// if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error
{
echo 'Error!';
}
}
include 'footer.php';
?>

 

and NEW.PHP

 

<?php
//create_cat.php
include 'connect.php';
include 'header.php';

/* 
NEW.PHP
Allows user to create a new entry in the database
*/

// creates the new record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($first, $last, $error)
{
?>
<html>
<head>
<title>New Record</title>
</head>
<body>
<?php 
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?> 

<form action="" method="post">
<div>
<strong>Content: *</strong> <input type="textarea" name="firstname" value="<?php echo $first; ?>" /><br/>
<p>* required</p>
<input type="submit" name="submit" value="Submit">
</div>
</form> 
</body>
</html>
<?php 
}




// check if the form has been submitted. If it has, start to process the form and save it to the database
if (isset($_POST['submit']))
{ 
// get form data, making sure it is valid
$firstname = mysql_real_escape_string(htmlspecialchars($_POST['post_content']));


// check to make sure both fields are entered
if ($firstname == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';

// if either field is blank, display the form again
renderForm($first, $last, $error);
}
else
{
// save the data to the database
mysql_query("INSERT posts SET post_content='$firstname'")
or die(mysql_error()); 

// once saved, redirect back to the view page
header("Location: settings.php"); 
}
}
else
// if the form hasn't been submitted, display the form
{
renderForm('','','');
}

include 'footer.php';
?> 

 

In both Im getting error "ERROR: Please fill in all required fields" if I want to change something or add. The delete option is working.

Share this post


Link to post
Share on other sites

First post, please be kind!

 

Ok, so I don't really know much about anything regarding PHP/MySQL - I can do HTML and Flash (providing that is stays away from DBs)...

 

So I downloaded and installed XAMPP, basically copied and pasted, made all the necessary files - and now I have your basic PHP program running on my computer *ALMOST* exactly as you have it on yours (BEN).

 

The problem I am having, and i can't figure it out for the life of me is why I get this unexplainable text at the top of the page saying "VALUES(4, 'Sam', 'Smith');" which is the last line of code that I imported into the "RECORDS" DB... (screen shot included). This text will follow me to every part of the program (new.php, edit.php...)

 

post-42928-077231800 1334103411_thumb.png

 

Any ideas of what I missed?

 

PS - The reason I am learning this is to help someone else with a school project. The more I look into PHP the more I want to know, so this might be the start of a long relationship.

 

Cheers,

Face

Share this post


Link to post
Share on other sites

@Face: I would suggest looking at your connect-db.php file. I'm betting that you didn't do the copy/paste exactly right, and you may have that text at the beginning of the file, probably before the opening <?php tag.

Share this post


Link to post
Share on other sites

And of course that is exactly what it was. Thanks for your very quick response to a very stupid problem... I had checked all the files except for that one.

 

Thanks again. from this point I expect to make my own modifications and actually start learning stuff - so you should be hearing from me soon (very).

 

Cheers,

Face

Share this post


Link to post
Share on other sites

Actually, to help myself out I'm going to let you all in on what the project is.

 

Basically its supposed to be a simple PHP/MySQL database that keeps track of books coming in/out of a collection. So basically what I am going to try to do is add a Title, Publisher, and Date Aqcuired column... perhaps a "Aqcuired from where." while always keeping the ability to delete/edit/add...

 

and then I will move onto a program for myself that can help me inventory shop tools / materials.

 

Always happy to recieve advice!

 

Cheers,

Face

Share this post


Link to post
Share on other sites

How do you type an if statement using $_POST for checkboxes as in IT classes taken or needed, ie IT101b, IT205b, IT210b, IT310b in php? I am a Super Noob and am quite lost because the if statements in Java seem to be easier to figure out than so far in PHP.

 

Thanks for any assistance with my issue.

Share this post


Link to post
Share on other sites

How do you type an if statement using $_POST for checkboxes as in IT classes taken or needed, ie IT101b, IT205b, IT210b, IT310b in php? I am a Super Noob and am quite lost because the if statements in Java seem to be easier to figure out than so far in PHP.

 

Thanks for any assistance with my issue.

Checkboxes are a little trickier than the standard input elements. Take a look here: http://www.homeandlearn.co.uk/php/php4p11.html -- this will explain how to check if a checkbox is set or not.

Share this post


Link to post
Share on other sites

Me again! Things are moving along. Added a search box where you can search "players" by name or id. Added a few more columns to the table. and some other buttons and changed the look of it a bit - now i'm wondering....

 

.... What would be the best way to have a "confirm delete" option? Can it be done in PHP? or would it have to be javascript? Or just a generic button?

 

Cheers,

Face

Share this post


Link to post
Share on other sites

The easiest way would be do use javascript -- pop up a confirm box asking the user to click "yes", and then redirecting to the delete page only if the user clicks yes.

 

However, I have heard that it is a best practice to avoid this, and try to avoid using a url that automatically deletes a record only based on $_GET data since there is a chance that it could be abused -- for example, what if the admin user was emailed a link (or something innocent that didn't look like a link) and they clicked on it and it deleted the record?. In addition, only using a Javascript based confirm would mean that for anyone who used the system with Javascript off, it would automatically bypass the confirmation (then again, the number of users who browse with Javascript off is pretty low).

 

The "best practice" way of going about this would probably have the confirm delete function built into the delete page, so the user visits "delete.php?id=x" and instead of immediately deleting the record, they are asked to confirm within a form, and the item is only deleted based on a "yes" response in the $_POST data.

 

Alternately, you could build this form into the main page that shows all the records, confirm delete using a Javascript confirm() function, and then only delete the item(s) based on the $_POST data.

Share this post


Link to post
Share on other sites

Thanks, I will see what I can manage. The chances are I will go with Javascript, the reason being that this is a school project for someone and will be run using XAMPP or some sort of similar program - so i'm not so much worried about security issues. Hopefully the person evaluating the project isn't worried either.

 

I will continue to investigate anyhow.

 

Cheers,

Face

Share this post


Link to post
Share on other sites

Hey ben, really like the code and modded it to fit my benefits but im having a small problem with editing where what it shows when im viewing a post i had made it doesn't show up in the box when i click edit (view attachment if you dont understand)

post-43095-014480600 1334942404_thumb.jpg

 

 

ADMIN.PHP

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<?php
include("../include/session.php");
include("db.php");
?>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>AzureDivinity's Website</title>
<link href="../../css/style1.css" rel="stylesheet" type="text/css">
<link href="../../css/style2.css" rel="stylesheet" type="text/css">
<link href="../../css/style3.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" href="../../slider/themes/default/default.css" type="text/css" media="screen" />
<link rel="stylesheet" href="../../slider/nivo-slider.css" type="text/css" media="screen" /> 

</head>

<body>

<div id="everything">

	<div id="header">

		<ul id="menu">
			<li><a class="main" href="http://azuredivinity.com/"></a></li>
			<li><a class="profile" href="http://azuredivinity.com/profile.php"></a></li>						
               <li><a class="cms" href="http://azuredivinity.com/forum/content.php"></a></li>
			<li><a class="forum" href="http://azuredivinity.com/forum/forum.php"></a></li>
			<li><a class="blog" href="http://azuredivinity.com/forum/blog.php"></a></li>
               <li><a class="contact" href="http://azuredivinity.com/index.php?page=contact"></a></li>
               <li><a class="login" href="http://azuredivinity.com/login/main.php"></a></li>
			<li><a class="rotate" href="http://azuredivinity.com/#"></a></li>
               <li><a class="coaching" href="http://azuredivinity.com/coaching/index.html"></a></li>
               <li><a class="clanex" href="http://www.combatex.com/forum/index.php"></a></li>
		</ul>  

	</div>

	<div id="middle">


		<div class="slider-wrapper theme-default">

		<div class="ribbon">
		</div>

			<div id="slider" class="nivoSlider">
               	<img src="../../css/images/slider_images/img15.png" alt="" />
				<img src="../../css/images/slider_images/img1.png" alt="" />
				<img src="../../css/images/slider_images/img3.png" alt="" />
				<img src="../../css/images/slider_images/img6.png" alt="" />
				<img src="../../css/images/slider_images/img7.png" alt="" />
				<img src="../../css/images/slider_images/img8.png" alt="" />
				<img src="../../css/images/slider_images/img9.png" alt="" />
				<img src="../../css/images/slider_images/img10.png" alt="" />
				<img src="../../css/images/slider_images/img11.png" alt="" />
    				<img src="../../css/images/slider_images/img12.png" alt="" />
				<img src="../../css/images/slider_images/img13.png" alt="" />
				<img src="../../css/images/slider_images/img14.png" alt="" />
			</div>

		</div>

	</div>

<script type="text/javascript" src="../../slider/scripts/jquery-1.6.1.min.js"></script>
   <script type="text/javascript" src="../../slider/jquery.nivo.slider.pack.js"></script>
   <script type="text/javascript">
	$(window).load(function() {
		$('#slider').nivoSlider();
	});
   </script>

<br />
   <br />
   <br />

			<div id="left_column">

				<div class="left_break">
				</div>

				<div class="left">


				<div class="left_nav_header">
				</div>

				<div class="post_body_nav">

				<div id="navigation">
					<a class="tbt" href="http://blacktowerclan.com/"></a>
                       <a class="scu" href="http://starcraftuniverse.org"></a>
					<a class="combat" href="http://www.twitch.tv/combatex"></a>
					<a class="clanwater" href="http://www.twitch.tv/clanwater"></a>
					<a class="azure" href="http://www.justin.tv/azuredivinity"></a>
					<a class="teammnm" href="http://www.twitch.tv/mnmsc2?"></a>
					<a class="combatsite" href="http://www.combatex.com/" target="_blank"></a>
					<a class="vile" href="http://www.twitch.tv/illusioncss" target="_blank"></a>                    						
                   <form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="TG4YRKN4S3NDY">
<input type="image" src="../css/images/buttons/donate2.png" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
                   </div>

                   </div>

				<div class="footer">
				</div>

				</div>

                   <div class="left">

                   <div class="left_break">
				</div>

                   <div class="left_header">
				</div>

				<div class="post_body_nav">
					<br><p><img src="../../css/images/achievements/achieve_1.png" alt="About Me" align="center"/></p></br>
					<br><p><img src="../../css/images/achievements/achieve_2.png" alt="About Me" align="center"/></p></br>
					<br><p><img src="../../css/images/achievements/achieve_3.png" alt="About Me" align="center"/></p></br>
					<br><p><img src="../../css/images/achievements/achieve_4.png" alt="About Me" align="center"/></p></br>
					<br><p><img src="../../css/images/achievements/achieve_5.png" alt="About Me" align="center"/></p></br>
				</div>

				<div class="footer">
				</div>

				</div>

			</div>


   			<div id="middle_column" class="two_column">

			<div class="post">

				<div class="header">
				</div>

				<div class="post_body">

					<?


					/**
					* User not an administrator, redirect to main page
					* automatically.
					*/

					if(!$session->isAdmin()){
						printf("<script>location.href='main.php'</script>");
					}
					else{


					/**
					* Administrator is viewing page, so display all
					* forms.
					*/

					?>

				<h1>Admin Center</h1>
				<font size="5" color="#ff0000">
				<b>::::::::::::::::::::::::::::::::::::::::::::</b></font>
				<font size="4">Logged in as <b><? echo $session->username; ?></b></font><br><br>
				Back to [<a href="main.php">Main Page</a>]<br><br>
				Add A  [<a href="http://www.azuredivinity.com/index.php?p=add">New Entry</a>]<br><br>

				<?
				if($form->num_errors > 0){
					echo "<font size=\"4\" color=\"#ff0000\">"
						."!*** Error with request, please fix</font><br><br>";
				}
				?>

	<?php
       // number of results to show per page
       $per_page = 6;

       // figure out the total pages in the database
       $result = mysql_query("SELECT * FROM tt_blog");
       $total_results = mysql_num_rows($result);
       $total_pages = ceil($total_results / $per_page);


       // check if the 'page' variable is set in the URL (ex: view-paginated.php?page=1)
       if (isset($_GET['page']) && is_numeric($_GET['page']))
       {
               $show_page = $_GET['page'];

               // make sure the $show_page value is valid
               if ($show_page > 0 && $show_page <= $total_pages)
               {
                       $start = ($show_page -1) * $per_page;
                       $end = $start + $per_page; 
               }
               else
               {
                       // error - show first set of results
                       $start = 0;
                       $end = $per_page; 
               }               
       }
       else
       {
               // if page isn't set, show first set of results
               $start = 0;
               $end = $per_page; 
       }

       // display pagination
       for ($i = 1; $i <= $total_pages; $i++)
       {
               echo "<a href='admin.php?page=$i'>$i</a> ";
       }
       echo "</p>";

       // display data in table
       echo "<table border='1' cellpadding='10'>";
       echo "<tr> <th>ID</th> <th>Post Date</th> <th>Post Title</th> <th>Post Text</th> <th></th> <th></th></tr>";

       // loop through results of database query, displaying them in the table 
       for ($i = $start; $i < $end; $i++)
       {
               // make sure that PHP doesn't try to show results that don't exist
               if ($i == $total_results) { break; }

               // echo out the contents of each row into a table
               echo "<tr>";
               echo '<td>' . mysql_result($result, $i, 'id') . '</td>';
               echo '<td>' . mysql_result($result, $i, 'datetime') . '</td>';
               echo '<td>' . mysql_result($result, $i, 'title') . '</td>';
               echo '<td>' . mysql_result($result, $i, 'content') . '</td>';
               echo '<td><a href="edit.php?id=' . mysql_result($result, $i, 'id') . '">Edit</a></td>';
               echo '<td><a href="delete.php?id=' . mysql_result($result, $i, 'id') . '">Delete</a></td>';
               echo "</tr>"; 
       }
       // close table>
       echo "</table>"; 

       // pagination


?>

				<?
				}
				?>

				</div>

				<div class="postedby">
				</div>

			</div>

		</div>

	<div id="footer">
	</div>

		</div>

</body>
</html>

 

 

EDIT.PHP

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<?php
include("../include/sessions.php");
?>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>AzureDivinity's Website</title>
<link href="../../css/style1.css" rel="stylesheet" type="text/css">
<link href="../../css/style2.css" rel="stylesheet" type="text/css">
<link href="../../css/style3.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" href="../../slider/themes/default/default.css" type="text/css" media="screen" />
<link rel="stylesheet" href="../../slider/nivo-slider.css" type="text/css" media="screen" /> 

</head>

<body>

<div id="everything">

	<div id="header">

		<ul id="menu">
			<li><a class="main" href="http://azuredivinity.com/"></a></li>
			<li><a class="profile" href="http://azuredivinity.com/profile.php"></a></li>						
               <li><a class="cms" href="http://azuredivinity.com/forum/content.php"></a></li>
			<li><a class="forum" href="http://azuredivinity.com/forum/forum.php"></a></li>
			<li><a class="blog" href="http://azuredivinity.com/forum/blog.php"></a></li>
               <li><a class="contact" href="http://azuredivinity.com/index.php?page=contact"></a></li>
               <li><a class="login" href="http://azuredivinity.com/login/main.php"></a></li>
			<li><a class="rotate" href="http://azuredivinity.com/#"></a></li>
               <li><a class="coaching" href="http://azuredivinity.com/coaching/index.html"></a></li>
               <li><a class="clanex" href="http://www.combatex.com/forum/index.php"></a></li>
		</ul>  

	</div>

	<div id="middle">


		<div class="slider-wrapper theme-default">

		<div class="ribbon">
		</div>

			<div id="slider" class="nivoSlider">
               	<img src="../../css/images/slider_images/img15.png" alt="" />
				<img src="../../css/images/slider_images/img1.png" alt="" />
				<img src="../../css/images/slider_images/img3.png" alt="" />
				<img src="../../css/images/slider_images/img6.png" alt="" />
				<img src="../../css/images/slider_images/img7.png" alt="" />
				<img src="../../css/images/slider_images/img8.png" alt="" />
				<img src="../../css/images/slider_images/img9.png" alt="" />
				<img src="../../css/images/slider_images/img10.png" alt="" />
				<img src="../../css/images/slider_images/img11.png" alt="" />
    				<img src="../../css/images/slider_images/img12.png" alt="" />
				<img src="../../css/images/slider_images/img13.png" alt="" />
				<img src="../../css/images/slider_images/img14.png" alt="" />
			</div>

		</div>

	</div>

<script type="text/javascript" src="../../slider/scripts/jquery-1.6.1.min.js"></script>
   <script type="text/javascript" src="../../slider/jquery.nivo.slider.pack.js"></script>
   <script type="text/javascript">
	$(window).load(function() {
		$('#slider').nivoSlider();
	});
   </script>

<br />
   <br />
   <br />

			<div id="left_column">

				<div class="left_break">
				</div>

				<div class="left">


				<div class="left_nav_header">
				</div>

				<div class="post_body_nav">

				<div id="navigation">
					<a class="tbt" href="http://blacktowerclan.com/"></a>
                       <a class="scu" href="http://starcraftuniverse.org"></a>
					<a class="combat" href="http://www.twitch.tv/combatex"></a>
					<a class="clanwater" href="http://www.twitch.tv/clanwater"></a>
					<a class="azure" href="http://www.justin.tv/azuredivinity"></a>
					<a class="teammnm" href="http://www.twitch.tv/mnmsc2?"></a>
					<a class="combatsite" href="http://www.combatex.com/" target="_blank"></a>
					<a class="vile" href="http://www.twitch.tv/illusioncss" target="_blank"></a>                    						
                   <form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="TG4YRKN4S3NDY">
<input type="image" src="../../css/images/buttons/donate2.png" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!">
<img alt="" border="0" src="https://www.paypalobjects.com/en_US/i/scr/pixel.gif" width="1" height="1">
</form>
                   </div>

                   </div>

				<div class="footer">
				</div>

				</div>

                   <div class="left">

                   <div class="left_break">
				</div>

                   <div class="left_header">
				</div>

				<div class="post_body_nav">
					<br><p><img src="../../css/images/achievements/achieve_1.png" alt="About Me" align="center"/></p></br>
					<br><p><img src="../../css/images/achievements/achieve_2.png" alt="About Me" align="center"/></p></br>
					<br><p><img src="../../css/images/achievements/achieve_3.png" alt="About Me" align="center"/></p></br>
					<br><p><img src="../../css/images/achievements/achieve_4.png" alt="About Me" align="center"/></p></br>
					<br><p><img src="../../css/images/achievements/achieve_5.png" alt="About Me" align="center"/></p></br>
				</div>

				<div class="footer">
				</div>

				</div>

			</div>

		<div id="middle_column" class="two_column">

			<div class="post">

				<div class="header">
				</div>

				<div class="post_body">

<?php
/* 
EDIT.PHP
Allows user to edit specific entry in database
*/

// creates the edit record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($id, $datetime, $title, $content, $error)
{
?>

<?php 
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?> 

<form action="" method="post">
<input type="hidden" name="id" value="<?php echo $id; ?>"/>
<div>
<p><strong>ID:</strong> <?php echo $id; ?></p>
<strong>Post Date: *</strong> <input type="text" name="datetime" value="<?php echo $datetime; ?>"/><br/>
<strong>Post Title: *</strong> <input type="text" name="title" value="<?php echo $title; ?>"/><br/>
<strong>Post Text: *</strong> <textarea type="text" name="content" value="<?php echo $content; ?>"></textarea><br/>
<p>* Required</p>
<input type="submit" name="submit" value="Submit">
</div>
</form> 
</body>
</html> 
<?php
}



// connect to the database
include('db.php');

// check if the form has been submitted. If it has, process the form and save it to the database
if (isset($_POST['submit']))
{ 
// confirm that the 'id' value is a valid integer before getting the form data
if (is_numeric($_POST['id']))
{
// get form data, making sure it is valid
$id = $_POST['id'];
$datetime = mysql_real_escape_string(htmlspecialchars($_POST['datetime']));
$title = mysql_real_escape_string(htmlspecialchars($_POST['title']));
$content = mysql_real_escape_string(htmlspecialchars($_POST['content']));

// check that datetime/title fields are both filled in
if ($datetime == '' || $title == '' || $content == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';

//error, display form
renderForm($id, $datetime, $title, $content, $error);
}
else
{
// save the data to the database
mysql_query("UPDATE tt_blog SET datetime='$datetime', title='$title', 'content=$content' WHERE id='$id'")
or die(mysql_error()); 

// once saved, redirect back to the view page
header("Location: admin.php"); 
}
}
else
{
// if the 'id' isn't valid, display an error
echo 'Error!';
}
}
else
// if the form hasn't been submitted, get the data from the db and display the form
{

// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0)
{
// query db
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM tt_blog WHERE id=$id")
or die(mysql_error()); 
$row = mysql_fetch_array($result);

// check that the 'id' matches up with a row in the databse
if($row)
{

// get data from db
$datetime = $row['datetime'];
$title = $row['title'];
$content = $row['content'];

// show form
renderForm($id, $datetime, $title, $content, '');
}
else
// if no match, display result
{
echo "No results!";
}
}
else
// if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error
{
echo 'Error!';
}
}
?>


				</div>

				<div class="postedby">
				</div>

			</div>

		</div>

				<div id="footer">
	</div>

		</div>

</body>
</html>

Share this post


Link to post
Share on other sites

I think the issue is this line within your edit file:

 

<textarea type="text" name="content" value="<?php echo $content; ?>"></textarea>

A textarea doesn't have a value attribute, as far as I understand it. I believe it needs to be:

 

<textarea name="content"><?php echo $content; ?></textarea>

I would do a quick web search on textareas and check the exact syntax.

Share this post


Link to post
Share on other sites

Ive got another problem now though, when i edit something it gets messed up if it has coding in the post. such as if it has <p align="center"> it will change the align="center" to align=\"center\" will do the same thing to random text like don't will be don\'t

 

also is there a way to change it to where when im viewing the post to edit or delete them, to show the code if i embeded a video or if theres code in there at all, show that instead of showing what it would look like

Share this post


Link to post
Share on other sites

1) You probably need to run stripslashes() on your content before you save it to the database.

 

2) I think using htmlspecialchars() on the content should disable the HTML and fix your second issue.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×