spacepoet

Hello: I would like to create a little CMS that will allow me to create a new Category (a State - one text field), then a Subcategory (A Town - one text field) that can be assigned to a State, and then a Menu Item (With a few text fields, a textarea, and a photo upload) that can be assigned to a Town. I have made these before with old ASP code but want to start develpoing this in PHP. I believe I found a demo of a Product Catalog online and worked from there. Can someone put me in the right direction? Or show me where I can fine a sample of this. I want to make it so it can be modified or deleted, if needed, but not to delete something if it's assigned to something (like not being able to delete a SubCategory if there are 3 Menu Items assigned to it). I would appreciate any help or direction. Thanks!

Hey. Thanks I will check it out. I have heard of that. My hosting company just emailed and said the photo gallery I posted was missing a "config.php" file. I don't know what that is but they said they made one and it should work now. I will see ... Thanks again!

Hello: I am trying to find a free PHP photo gallery that I can use for a site, Since PHP is very new to me, I wanted to see if anyone knows of a good one that will allow a person to login via an admin panel, and upload photos. Or, create multiple galleries. Something that's simple and easy to install or configure. I have been trying to use this one: http://phpsandbox.org/2010/07/28/phpgallery/ but I keep getting errors trying to install it. Can anyone help me out? Thanks!

Hello to all: Thanks very much for posting the code examples and showing me this. I will work on this and see how I make out. I know I have a mySQL database set-up - it works fine for a basic CMS I did with help off of here, so I assume I just need to make a new table for the form data. I am new to using mySQL as well (I use to use Access), so I am trying to understand all the controls. I assume it is along the lines of defining data types that I did with ASP and Access. Just don't know if there are any "loopholes" I need to watch out for. Regardless, thanks much and I will let you know. Thanks!

Hi: OK, thanks much for the tip and info. I truly don't know what any of that means. Is that something controled on the server/mySQL DB? I am making the jump from ASP to PHP, and need to get up to speed on things like this. Your code, is that a function to be called in via a code libraby like I mentioned, or added to the SQL UPDATE statement? My code (which I got A LOT of help on from here!) is like this: <?php include('include/myConn.php'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $myTitle = mysql_real_escape_string($_POST['myTitle']); $myDesc = mysql_real_escape_string($_POST['myDesc']); $myHeader = mysql_real_escape_string($_POST['myHeader']); $mySubHeader = mysql_real_escape_string($_POST['mySubHeader']); $myPageData = mysql_real_escape_string($_POST['myPageData']); $sql = " UPDATE myAbout SET myTitle = '$myTitle', myDesc = '$myDesc', myHeader = '$myHeader', mySubHeader = '$mySubHeader', myPageData = '$myPageData' "; mysql_query($sql) && mysql_affected_rows() ?> <script language="JavaScript"> alert("This page was updated!"); location.href = "a_About.php"; </script> <?php $query=mysql_query("SELECT * FROM myAbout") or die("Could not get data from db: ".mysql_error()); while($result=mysql_fetch_array($query)) { $myTitle=$result['myTitle']; $myDesc=$result['myDesc']; $myHeader=$result['myHeader']; $mySubHeader=$result['mySubHeader']; $myPageData=$result['myPageData']; ?> ...... <form method="post" action="<?php echo $PHP_SELF;?>"> <input type="hidden" name="POSTBACK" value="EDIT"> <div style="float: left; width: 550px;"> <textarea cols="80" rows="1" name="myTitle"><?php echo $myTitle; ?></textarea> </div> ETC ... <br /> <input type="submit" value="Submit" /> </form> This forum is really making this easier! Thanks for the help.

Hi. Can someone show me the proper way to do a feedback form (like a "Contact US" form). I have read about SQL injections and would like to know I am protecting against it. And the proper way to store the submitted data in a database for a client's records. I have a basic form I use, but I am unable to store the data properly. Any help or a code idea would be appreciated. Thanks much.

Hey. Thank you! OK, I got it: <?php function showLinks() { $showLinks = " <script type=\"text/javascript\" src=\"include/spNewWindow.js\"></script>\n <script type=\"text/javascript\" src=\"include/openSesame.js\"></script>\n <link rel=\"stylesheet\" type=\"text/css\" href=\"include/StyleSheet.css\" />"; return $showLinks; } function showtopMenu() { $showtopMenu = " <a href=\"#\">Link 1</a><br />\n <a href=\"#\">Link 2</a><br />\n <a href=\"#\">Link 3</a><br />"; return $showtopMenu; } ?> Thanks for pointing this out. Leads to another question: I have a basic form that updates a record via a few text fields and a textarea field. I have noticed that when I add an " ' " (apostrophe) it, it adds a "/" (slash) to the data. And, I noticed you use a "/" (slash) in your fuction example. Does one need to somehow "escape" all apostrophes and quotes with PHP? If so, is there a way to pull in a code library to handle it? I use to use one in ASP programming. Like: <?php include('include/myCodeLib.php'); ?> myCodeLib.php: <?php function replaceDashes() { SOME KIND OF CODE HERE ?> } Possible? Thank you!

Hello: I have a question. I use to - when I was doing Classic ASP - make a single navigation file to include all aspects of site navigation. I'm trying to do that now in PHP, but keep getting errors. Can some set me straight (I am assuming what I want to do can be done in PHP). I have my myNav.php file (in an "include" subfolder): <?php function showLinks() <script type="text/javascript" src="include/spNewWindow.js"></script> <script type="text/javascript" src="include/openSesame.js"></script> <link rel="stylesheet" type="text/css" href="include/StyleSheet.css" /> ?> <?php function showTopMenu() <a href="#">Link 1</a><br /> <a href="#">Link 2</a><br /> <a href="#">Link 3</a><br /> ?> This is the myPage.php I am trying to pull it in to: <?php include('include/myNav.php'); ?> <html> <head> <title></title> <?php echo $showLinks; ?> </head> <body> <div id="myMenu"> <?php echo $showTopMenu; ?> </div> ... REST OF SITE, ETC ... </body> </html> However, this is not working at all. I have figured out how to make files for each individual aspect - Menu, Footer, META tags, etc - but I would like to do this with one file as shown above. Is this possible? Thanks!

Hey: Thanks very much for clearing this up. I set up my first mySQL DB yesterday, so I know I have questions about that. But, my little CMS is working. Really surprised how fast it is compared to ASP/Access. Thanks again!

Hey: Do I need to close a DB connection, like in ASP. Something like: myConn.php <?php $con = mysql_connect("localhost", "USERNAME", "PASSWORD") or die(mysql_error()); mysql_select_db("DATABASENAME") or die(mysql_error()); ?> Page: <?php include('include/myConn.php'); //contains your mysql connection and table selection <html> ... PHP PAGE DATA HERE ... <?php mysql_close($con); ?> </html> Thanks again!

OK! Got it! if ($_SERVER['REQUEST_METHOD'] == 'POST') { $myTitle = mysql_real_escape_string($_POST['myTitle']); $myDesc = mysql_real_escape_string($_POST['myDesc']); $myHeader = mysql_real_escape_string($_POST['myHeader']); $mySubHeader = mysql_real_escape_string($_POST['mySubHeader']); $myPageData = mysql_real_escape_string($_POST['myPageData']); $sql = " UPDATE myAbout SET myTitle = '$myTitle', myDesc = '$myDesc', myHeader = '$myHeader', mySubHeader = '$mySubHeader', myPageData = '$myPageData' "; mysql_query($sql) && mysql_affected_rows() ?> So this: mysql_query($sql) && mysql_affected_rows() is what executes SQL in PHP? Much like "Conn.Execute" would do in ASP? Thanks very much for the help!

Hi: Thanks much for the tip. I see there errors in my ways there. Getting closer - data displays, form submits, JS prompt works, but the data is not updating. What did I miss? <?php include('include/myConn.php'); //contains your mysql connection and table selection //if statement deals with posted form: will be ignored if form has not been posted. //mysql_real_escape_string sanitizes in case of injection //ideally I would use a line like //$myTitle=mysql_real_escape_string($_REQUEST['mytitle']; outside of the query //and in the query have //myTitle=$myTitle, if($_REQUEST['POSTBACK'] == "EDIT") { $myTitle = mysql_real_escape_string($_POST['myTitle']); $myDesc = mysql_real_escape_string($_POST['myDesc']); $myHeader = mysql_real_escape_string($_POST['myHeader']); $mySubHeader = mysql_real_escape_string($_POST['mySubHeader']); $myPageData = mysql_real_escape_string($_POST['myPageData']); $sql = " UPDATE myAbout SET myTitle = '$myTitle', myDesc = '$myDesc', myHeader = '$myHeader', mySubHeader = '$mySubHeader', myPageData = '$myPageData' "; ?> <script language="JavaScript"> alert("This page was updated!"); location.href = "z.php"; </script> <?php }//end if statement //now we want to pull all data from the table myAbout to populate form $query=mysql_query("SELECT * FROM myAbout") or die("Could not get data from db: ".mysql_error()); while($result=mysql_fetch_array($query)) { $myTitle=$result['myTitle']; $myDesc=$result['myDesc']; $myHeader=$result['myHeader']; $mySubHeader=$result['mySubHeader']; $myPageData=$result['myPageData']; }//end while ?> PS - I removed the ID portions, because this is always going to be the same form. I know it's a good practice to assign a table a primary ID (at least in ASP), but couldn't figure it out in the mySQL panel.

Hey: I am trying to work with this code: <?php include('include/myConn.php'); //contains your mysql connection and table selection //if statement deals with posted form: will be ignored if form has not been posted. //mysql_real_escape_string sanitizes in case of injection //ideally I would use a line like //$myTitle=mysql_real_escape_string($_REQUEST['mytitle']; outside of the query //and in the query have //myTitle=$myTitle, if($_REQUEST['POSTBACK'] == "EDIT") { mysql_query("UPDATE myAbout SET myTitle=mysql_real_escape_string($_REQUEST['myTitle']), myDesc=mysql_real_escape_string($_REQUEST['myDesc']), myHeader=mysql_real_escape_string($_REQUEST['myHeader']), mySubHeader=mysql_real_escape_string($_REQUEST['mySubHeader']), myPageData=mysql_real_escape_string($_REQUEST['myPageData'])") or die("Problem updating db: ".mysql_error()); ?> <script language="JavaScript"> alert("This page was updated!"); location.href = "<%=test.php"; </script> <?php }//end if statement //now we want to pull all data from the table myAbout to populate form $query=mysql_query("SELECT * FROM myAbout") or die("Could not get data from db: ".mysql_error()); while($result=mysql_fetch_array($query)) { $myTitle=$result['myTitle']; $myDesc=$result['myDesc']; $myHeader=$result['myHeader']; $mySubHeader=$result['mySubHeader']; $myPageData=$result['myPageData']; }//end while ?> <form method="post" action="<?php echo $PHP_SELF;?>"> <input type="hidden" name="POSTBACK" value="EDIT"> <div style="float: left; width: 120px; margin-right: 30px;"> Page Title: </div> <div style="float: left; width: 550px;"> <textarea cols="80" rows="1" name="myTitle"><?php echo $myTitle; ?></textarea> </div> <div style="clear: both;"><br /></div> <div style="float: left; width: 120px; margin-right: 30px;"> Page Description: </div> <div style="float: left; width: 550px;"> <textarea cols="80" rows="1" name="myDesc"><?php echo $myDesc; ?></textarea> </div> <div style="clear: both;"><br /></div> <div style="float: left; width: 120px; margin-right: 30px;"> Page Header: </div> <div style="float: left; width: 550px;"> <textarea cols="80" rows="1" name="myHeader"><?php echo $myHeader; ?></textarea> </div> <div style="clear: both;"><br /></div> <div style="float: left; width: 120px; margin-right: 30px;"> Page SubHeader: </div> <div style="float: left; width: 550px;"> <textarea cols="80" rows="1" name="mySubHeader"><?php echo $mySubHeader; ?></textarea> </div> <div style="clear: both;"><br /></div> Page Content:<br /> <textarea cols="80" id="myPageData" name="myPageData"><?php echo $myPageData; ?></textarea> <script type="text/javascript"> CKEDITOR.replace( 'myPageData' ); CKFinder.setupCKEditor( editor, '/ckfinder' ); </script> <br /> <input type="submit" value="Submit" /> </form> With the full code above, I get this error: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /var/www/domains/SUBDOMAIN.WEBSITE.com/docs/z.php on line 15 Now, if I remove the code in between the "if($_REQUEST['POSTBACK'] == "EDIT")" and the JS prompt, it works fine (the form displays and it populates the data, so I know it is not a DB connection issue). So, what am I doing wring to get the data to INSERT properly? Help? Thanks!

Hello: Did my first post last week and am new to PHP. Making the jump from Classic ASP into PHP. I got some good advice last time. I have a feedback form I have been using, and it works fine for sending results to the website owner. How can I add to it so it will first add all the data to mySQL database, and then email the results to the site owner? Also, I hear about SQL injection attacks a lot - is my current code safe from that? This is what I have: contact.php ... <form method="post" name="myform" action="sendmail.php"> Full Name: <input type="text" name="FullName" /> Address: <input type="text" name="Address" /> City: <input type="text" name="City" /> State: <input type="text" name="State" /> Zip: <input type="text" name="Zip" /> Phone: <input type="text" name="Phone" /> Email: <input type="text" name="Email" /> Website: <input type="text" name="Website" /> Comments: <textarea cols="43" rows="6" name="Comments"></textarea> <input type="submit" /><br /> </form> ... sendmail.php <?php $FullName = $_REQUEST['FullName'] ; $Address = $_REQUEST['Address'] ; $City = $_REQUEST['City'] ; $State = $_REQUEST['State'] ; $Zip = $_REQUEST['Zip'] ; $Phone = $_REQUEST['Phone'] ; $Email = $_REQUEST['Email'] ; $Website = $_REQUEST['Website'] ; $Comments = $_REQUEST['Comments'] ; mail( "info@website.com", "Contact Request", "Full Name: $FullName\nAddress: $Address\n City: $City\n State: $State\n Zip: $Zip\n Phone: $Phone\n Email: $Email\n Website: $Website\n Comments: $Comments\n", "From: $Email" ); header( "Location: http://www.website.com/thanks.php" ); ?> Any help or coding examples would be most appreciated! Thanks!

Hey! Thanks much for showing me this as well. I am much more of a designer, but I like to bill myself as a "designer who programs" so yes - this looks like it will be a very helpful forum. Well, you two have given me a push with this code and some direction so I will try this all out! I'll let ya know how it goes. Thanks again!

Wow! Thanks very much to the both of you! This will give me something to study and learn from, and use as a springboard. I do see a lot of similarities as far as formatting the syntax and all. I think this will be a good forum for me to learn a lot from. One other thing: I would use my myConn.asp page like this (as the connection to the database): <% dim Conn Conn = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & server.mapPath("database/DB.mdb") %> Is this along the lines of what to do for PHP? I am under the impression that a mySQL database for PHP is NOT a physical database one would download, but something I would set-up on my hosting platform (I currently have a small site with PHP includes on GoDaddy, and plan to use this as my "I'm learning PHP" website as well) and create the connection that way. Am I correct about this? Thanks very much for all the help!

Hi! OK, thanks for this link. I hope the jump into PHP from ASP isn't too bad - I have heard once one gets an understanding of the syntax it starts coming together. I haven't used mySQL databases (I think that's what PHP uses) but I would think it is somewhat like an Access database. Thanks!

Hi there: Thanks for the message. I apprecite it. I have a RTE I use. My concern is trying to figure out how to get the PHP code. In other words, this ASP code will make the admin panel form work: <%@ language=vbscript%> <% option explicit %> <!--#include file="include/myConn.asp"--> <% Set oConn = Server.CreateObject("ADODB.Connection") oConn.open(Conn) SQL = "SELECT * FROM myAbout" Set RS = oConn.Execute(SQL) If Request("POSTBACK") = "EDIT" Then SQL = "UPDATE myAbout SET " SQL = SQL & "myTitle = '" & quoteCorrect(Request("myTitle")) & "', " SQL = SQL & "myDesc = '" & quoteCorrect(Request("myDesc")) & "', " SQL = SQL & "myHeader = '" & quoteCorrect(Request("myHeader")) & "', " SQL = SQL & "mySubHeader = '" & quoteCorrect(Request("mySubHeader")) & "', " SQL = SQL & "myPageData = '" & quoteCorrect(Request("myPageData")) & "' " oConn.Execute(SQL) %> <script language="JavaScript"> alert("This page was updated!"); location.href = "<%=Request.ServerVariables("URL")%>"; </script> <% End If %> <html> <head> </head> <body> <div id="mainContent"> <h1>Editing</h1> <p> <form method="post"> <input type="hidden" name="POSTBACK" value="EDIT"> <div style="float: left; width: 120px; margin-right: 30px;"> Page Title: </div> <div style="float: left; width: 550px;"> <textarea cols="80" rows="1" name="myTitle"><%=RS("myTitle")%></textarea> </div> <div style="clear: both;"><br /></div> <div style="float: left; width: 120px; margin-right: 30px;"> Page Description: </div> <div style="float: left; width: 550px;"> <textarea cols="80" rows="1" name="myDesc"><%=RS("myDesc")%></textarea> </div> <div style="clear: both;"><br /></div> <div style="float: left; width: 120px; margin-right: 30px;"> Page Header: </div> <div style="float: left; width: 550px;"> <textarea cols="80" rows="1" name="myHeader"><%=RS("myHeader")%></textarea> </div> <div style="clear: both;"><br /></div> <div style="float: left; width: 120px; margin-right: 30px;"> Page SubHeader: </div> <div style="float: left; width: 550px;"> <textarea cols="80" rows="1" name="mySubHeader"><%=RS("mySubHeader")%></textarea> </div> <div style="clear: both;"><br /></div> Page Content:<br /> <textarea cols="80" id="myPageData" name="myPageData"><%=RS("myPageData")%></textarea> <script type="text/javascript"> CKEDITOR.replace( 'myPageData' ); CKFinder.setupCKEditor( editor, '/ckfinder' ); </script> <br /> <input type="submit" value="Submit" /> </form> <% RS.close Set RS = nothing oConn.close set oConn = nothing %> </div> </body> </html> I am trying to understand the syntax of this in a PHP format. Or, find a basic example/file that would show me how to do this. I would really say I am just trying to understand how to use PHP/SQL to UPDATE a record. Does this make sense? Thanks for the insight.

Hello: I am very new to PHP. I have done a few basic feedback forms, but that's it. I have done Classic ASP for years, and am trying to switch over to PHP. I wanted to see what it would take to make a basic CMS that would allow users to update page content from an admin panel. Very much like the attached .JPG demo. Is there existing code available like what I'm trying to do? I can post the ASP version code if it will help. I assume it would need a database, but I have only used DNS-less connections with Access - not anything PHP related. I know the site is hosted on justhost.com, and justhost.com uses unix servers. Any assistance would be appreciated! [attachment deleted by admin]