Lee

Hi, I'm making an attempt to build a small cms based site. I have read in a lot of places it is best to use the id of a table row to fetch contents, but being as I am using url rewrite in frontend, it won't be showing query strings, so I thought I would ask if anyone saw any potential problems if I did the following. Page table looks like this: Pages - id - name - content In backend, the user has a form to name the page and use ckeditor to add rich content. I will use php to ensure that the name is alphanumeric and use strtolower & str_replace to ensure that My First HTML Page is sent to mysql as my-first-html-page and also check that a row with this name does not already exist. So on front end this page url will be mywebsite.com/my-first-html-page So to output the content I strip out the domain & / so I'm left with the name as entered in the db. $url = $_SERVER['REQUEST_URI']; $url = str_replace ('/','',$url); Then in my function to output content I will use WHERE name = $url

At which point do I use DATE_FORMAT()? On insert, on select, or ideally can I use it when I echo it out? I haven't used this function before, so I'm not too familliar with it. Can I do something like this?.. echo DATE_FORMAT($item['created_at'], '%d/%m/%Y');

Thank you

Can I use a variable inside an sql query to determine which table to select from? The 2 functions below do exactly the same thing, they're just selecting data from different tables. I'm not sure how I can do it. Maybe put a parameter in the function & use sprinf? // Output the page data function showpages() { db_connect(); $query = ("SELECT * FROM pages"); // can I change pages to a variable somehow? $result = mysql_query($query); $result = result_to_assoc($result); return $result; } // Echo the pricelist data into the pricelist form function show_pricelist() { db_connect(); $query = ("SELECT * FROM pricelist"); // Again, if pricelist can be a variable, then I need only 1 function $result = mysql_query($query); $result = result_to_assoc($result); return $result; }

WOOOHOOO!!! I solved it, only taken me a whole day to figure it out lol function update($params) { $id = $_POST['id']; // this is the bit that made it work.. $connection = db_connect(); $query = sprintf("update content set page = '%s', page_id = '%s', title = '%s', text = '%s' where id = '$id'", mysql_real_escape_string($params['page']), mysql_real_escape_string($params['page_id']), mysql_real_escape_string($params['title']), mysql_real_escape_string($params['text']) ); $result = mysql_query($query); if (!$result) { return false; } else { return true; } } Then I just added this to the form. It may not be ideal, but the damn thing works at last <input type="hidden" name="id" id="id" size="4" maxlength="4" value="<?php $id = content($id); echo stripslashes($id['id']); ?>" />

It made no difference. Thanks anyway

I think you need to escape the double quotes.. if ($prevPage > $chapters[$chapter][0]) $out .= "<a href=\"mybook.php?chapter={$chapter}&page={$prevPage}\">Prev</a>";

Hmm great, getting somewhere now thanks. The Function can't run because $_POST['text'] isn't set. message appears as soon as the page is loaded now, before I even submit the form. However, the <textarea name="text" id= "text"> is set, it has text in it. Now I'm baffled by that instead lol

Thanks, I did try without a parameter and just setting the WHERE clause to $id (the value of $_GET ['id']) but it still doesn't update the database. Thanks for the tip about checking $_GET ['id'] I'm wondering if its something to do with this line: if(isset($_POST['text'])) { $result = update(); } It works ok for insert, but for some baffling reason, I can't make this update work.

Thanks pikachu the $id in function content ($id) is just holding $id as an array that I can use to fetch data from the row and echo it into the form values. That part is working fine. Its the update() function that I am having trouble with. I am calling it in this line (well I think that's what it should be doing anyway) maybe this is the bit I've got wwrong: if(isset($_POST['text'])) { $id = $_GET['id']; $result = update($id); }

I've tried a few different methods, but I can't get this damn function to work. Can someone show me where I've gone wrong? Here's my code & form. I'm still baffled why it doesn't work! url is update-content.php?id=12 <?php include("../include/session.php"); if(!$session->logged_in) { header('Location: ../login.php'); die; } require_once('../include/functions.php'); function content($id) { $id = $_GET['id']; $connection = db_connect(); $query = sprintf("select * from content where id = '$id'", mysql_real_escape_string($id) ); $result = mysql_query($query); $number_of_posts = mysql_num_rows($result); if ($number_of_posts == 0) { return false; } $row = mysql_fetch_array($result); return $row; } function update($param) { // Get the content id from url to output into the editor $id = $_GET['id']; $connect = db_connect(); $page = mysql_real_escape_string($_POST['page']); $page_id = mysql_real_escape_string($_POST['page_id']); $title = mysql_real_escape_string($_POST['title']); $text = mysql_real_escape_string($_POST['text']); $query = ("UPDATE content SET page = '$page' page_id = '$page_id' title = '$title' text = '$text' WHERE id = '$id' "); $result = mysql_query($query); if (!$result) { return false; } else { return true; } } ?> <?php // Send form data to mysql if(isset($_POST['text'])) { $result = update($_POST); if($result === true) { echo 'Success!'; die(); } } ?> And the form.. <form form name="editor" id="editor" method="post" action="update-content.php"> <p><br /> <b>Assign to page</b><br /> <input name="page" id="page" size="60" maxlength="500" value="<?php $page = content($id); echo stripslashes($page['page']); ?>" /> <br /> <br /> <b>Page id</b> <input name="page_id" id="page_id" size="4" maxlength="4" value="<?php $page_id = content($id); echo stripslashes($page_id['page_id']); ?>" /> <br /> <br /> <b>Title</b> <span class="smalltext">(Just a short name this piece of content)</span><br /> <input name="title" id="title" size="60" maxlength="200" value="<?php $title = content($id); echo stripslashes($title['title']); ?>" /> <br /> <br /> <br /> <strong>Content</strong> <span class="smalltext">(paste html in here)</span><br /> <textarea name="text" id="text" cols="75" rows="15"><?php $text = content($id); echo stripslashes($text['text']); ?></textarea> <?php //turn the text area into CK Editor echo $ckeditor_ini; ?> <br /> <input type="image" src="../images/button_submit.gif" alt="submit" name="submit" value="submit" /> <a href="index.php"><img src="../images/button_cancel.gif" alt="Cancel" width="120" height="26" border="0" /> </form>

Thanks, I'll give that a try.

Ok, I'm quite a noob to SQL (the reason for this practice) so I'll explain my db as in caveman terms. Tables in bold, columns in brackets. So far, it doesn't work. DB structure content ( homepage, about_page, contact_page ) title ( homepage, about_page, contact_page ) I guess I could just re-structure the db like this: homepage ( title, content ) about_page ( title, content ) contact_page ( title, content ) But then if I want to add pages, I will need to keep adding more tables. I don't suppose that is so bad.. Thanks for the reply

There is and will only ever be only one record in each.

Hi, I am trying to use 1 form to update a page title and a page content. They are both in different tables in the db. I tried the code below, but it won't work. Is there some way I can do it in the same function? function EditHomepage($param) { $connect = db_connect(); if(isset($param['submit'])){ $errors = array(); if(strlen($param['editbody']) < 1) { $errors[] = 'Homepage body must be at least 2 characters.'; } if(strlen($param['edit_title']) == 0) { $errors[] = 'You must enter a page title.'; } if($errors) { return $errors; } else { $homepageBody = mysql_real_escape_string($param['editbody']); $homepageTitle = mysql_real_escape_string($param['edit_title']); $query = sprintf ("UPDATE content, title SET homepage = '$homepageBody', tile,homepage = '$homepageTitle' "); $result = mysql_query($query); if (!$result) { return false; } else { return true; } } } }

Hmm, maybe I'm a bit out of my depth then. The text html seems fine, the editor just seems to be escaping the double quotes before sending it to the database, which I'm guessing is being done by mysql_real_escape_string. This is what is in the database: <strong>This is my homepage.</strong><img alt=\"\" src=\"/images/uploads/0ghfh7.jpg\" style=\"width: 300px; height: 400px; float: right;\" /><br /> <br /> Now I can rich edit this...<br /> The img alt=\"\" is not actually escaping twice, its just because I didn't enter an alt description, so it would just be alt="". Both " are being escaped once. If that is what you mean? I'm getting a bit lost with it now lol.

DOH! Thanks. Unfortunately though, it still has not made any difference.

Hi, I am using mysql_real_escape_string to send form input to the database and I am using CKeditor to replace the textarea. With text, everything works fine, but if I upload an image, the url gets returned like this: \"/images/uploads/0ghfh7.jpg\" THIS IS THE PAGE SOURCE <img alt="\"\"" src="%5C%22/images/uploads/0ghfh7.jpg%5C%22" style="" 300px;="" height:="" 400px;="" float:="" right;\=""> I tried stripslashes on the function that echoes the output, but it doesn't seem to have cured it, so how can I escape those backslashes? These are my functions: // Edit homepage content // Check the setup form and send data to database function EditHomepage($paramHP) { db_connect(); if(isset($paramHP['submit'])){ $errors = array(); if(strlen($paramHP['homepagebody']) < 1) { $errors[] = 'Homepage body must be at least 2 characters.'; } if($errors) { return $errors; } else { $homepageBody = mysql_real_escape_string($paramHP['homepagebody']); $query = sprintf ("UPDATE homepage SET body = '$homepageBody' "); $result = mysql_query($query); if (!$result) { return false; } else { return true; } } } } // View homepage content function get_homepage_body() { $connection = db_connect(); $query = 'select body from homepage'; $result = mysql_query($query); while ($row = mysql_fetch_array($result)) { echo stripslashes($row['body']; } } Thanks

Haha, I'm making you do it now. That works a treat now. I just realised how the form data is being sent doh! <?php if(isset($_POST['submit'])) { $result = SetupForm($_POST); if($result === true) { echo 'Congratulations - Your setup details have been submitted!'; die(); } } ?> Thanks a lot, that has really helped.

Ah thanks, that's much cleaner lol. However, with that code, it is not collecting the data from the form and the errors do not return now. Sorry, I'm really struggling to get to grips with functions (which is why I am trying this exercise), so although I can see what you have written is doing, I'm a little lost now about collecting the form data and returning the error.

OOPS!! What a rookie mistake, gives away that I am using dreamweaver to quickly copy & paste form fields. Thanks But at least I know now that there is something more important wrong with my function. So I'm guessing I should define those variables that grab the form data outside the function?

Hi, thanks for the reply. At the top of the function, I set $CompanyName = $_POST['name']; and so on.... to grab the input from the form. Then later I set $CompanyName = $params['name']; and so on.... to do the mysql query. I don't really know how else to shorten that. This is the form: <?php require_once ('functions.php'); if(isset($_POST['submit'])) { $result = SetupForm($_POST); if($result === true) { echo 'Setup details successfully submitted!'; die(); } } ?> <legend>Setup Form</legend> <?php if(isset($result) && $result) { echo '<div align="center"><ul>'; foreach($result as $error) echo '<li>' . $error . '</li>'; echo '</ul></div>'; } ?> <div align="center" > <form id="setup" name="setup" method="post" action="setup.php"> <b>Enter your name:</b><br /> <input name="name" type="text" id="name" size="60" /> <br /> <br /> <b>Enter the area where you are based:</b><br /> <input name="area" type="text" id="area" size="60" /> <br /> <br /> <b>Your email address: </b> <br /> <input name="email" type="text" id="email" size="60" maxlength="80" /> <b><br /> <br /> Short description about you:</b><br /> <input name="description" type="text" id="description" size="60" /> <b><br /> <br /> Enter the year that you started: </b> <br /> <input name="description2" type="text" id="description2" size="4" maxlength="4" /> <br /> <br /> <label> <input type="submit" name="submit" value="submit" /> </label> </form> </div>

If there are 4 of them in the db, then as PFMaBiSmAd says, you need to use the WHERE clause in your query to specify which one to output. Otherwise, the loop will keep outputting every row in your sql table.

Hi, I'm still a bit of a noob with php, so this code might be a bit ugly, but anyway I'm making a form to send data to a mysql table. As a rule I was told to check isset on one of the input fields, which should surpress the undefined index error. I did this but I still get: Undefined index: year in D:\wamp\www\practice\karaoke-site\admin\functions.php on line 37 Can anyone tell me where I've gone wrong? Thanks function SetupForm($params) { if(isset ($_POST ['year']) ) { $CompanyName = $_POST['name']; $email = $_POST['email']; $area = $_POST['area']; $description = $_POST['description']; $year = $_POST['year']; } $CompanyName = $params['name']; $email = $params['email']; $area = $params['area']; $description = $params['description']; $year = $params['year']; $errors = array(); if(strlen($CompanyName) < 1) $errors[] = 'Company name must be at least 2 characters.'; if(strlen($area) < 2) $errors[] = 'You must enter the area where you operate.'; if(strlen($description) < 1) $errors[] = 'You must enter a description for your company.'; if( (strlen($year) < 4 )&&(!is_numeric($year)) ) $errors[] = 'You must enter a 4 digit year i.e. 2009.'; if(!preg_match('/^[A-Za-z][\w._-]+@\w[\w-.]+\.[a-zA-Z]{2,3}(\.[a-zA-Z]{2,3})?$/' , $email)) $errors[] = 'You must enter a valid email address'; if($errors) return $errors; $query = sprintf ( "INSERT into setup set name = '%s', email = '%s', area = '%s', description = '%s', year = '%s' ", mysql_real_escape_string($params['name']), mysql_real_escape_string($params['email']), mysql_real_escape_string($params['area']), mysql_real_escape_string($params['description']), mysql_real_escape_string($params['year']) ); $result = mysql_query($query); if (!$result) { return false; } else { return true; } }

Hi, Does anyone know where I can get a php file manager script that has a wysiwyg editor? Preferably open source. Thanks