Joco

I didn't make this script im only following along with a video i saw online im new to php so i just wanted to try to see if this CMS was going to be any good or not. i ran into another problem aswell it appears that in the index.php code it says Undefined index: add and i get that when i view the admin/index.php file. now the admin/index.php file has the following code in it. <?php if($_POST['add']): $obj->add_content($_POST); endif; ?> the error talks about [color=red]if($_POST['add']):[/color] that is basically inside the <form method="post" action="index.php"> [color=red]<input type="hidden" name="add" value="true" />[/color] <div> <label for="title">Title:</label> <input type="text" name="title" id="title" /> </div> <div> <label for="body">Body:</label> <textarea name="body" id="body" rows="8" cols="40"></textarea> </div> <input type="submit" name="submit" value="Add Content" /> </form> </div> I just wanted to try to see if i could following along with making a CMS that would be some what secure against website attacks like SQL Injections anyways the maker of the video sure in my view made this really bad.

Alright so sorry for the double posting i figured out another way that works pretty much the same way where i had the $return; i simply replace that with echo '<p><a href="index.php">Go Back?</a></p>'; and it works fine!

Well the code works however the error is showing up on the index.php on line 24 if(isset($_GET['id'])): $obj->get_content($_GET['id']); else: $obj->get_content(); endif; line 24 for my code is: $obj->get_content();

I'm lost on how to fix this problem any advice?

Undefined variable: return line 38 that line is : echo $return; Below is a look at my full code. <?php class cms { var $host; var $username; var $password; var $db; function connect() { $con = mysql_connect($this->host, $this->username, $this->password) or die(mysql_error()); mysql_select_db($this->db, $con) or die(mysql_error()); } function get_content($id = ''){ if($id !=""): $id = mysql_real_escape_string($id); $sql = "SELECT * FROM cms_content WHERE id = '$id'"; $return = '<a href="index.php">Go Back?</a>'; else: $sql = "SELECT * FROM cms_content ORDER BY id DESC"; endif; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) != 0): while($row = mysql_fetch_assoc($res)) { echo '<h1><a href="index.php?id=' . $row['id'] .'">' . $row['title'] .'</a></h1>'; echo '<p>' . $row['body'] . '</p>'; } else: echo '<p> Sorry! This Page doesn\'t exist!</p>'; endif; echo $return; } }//Ends our class ?>

Can someone help fix this so that its not able to be attacked by by XSS attacks My site got hacked using this a few months but I'd like to still use this or something like this that works the same so I dont get hacked. <?php if (!isset($_GET["link"])) include 'main.php'; else if(is_file($_GET["link"] . ".php") && $_GET["link"] !="index" ) include htmlspecialchars($_GET["link"] . ".php"); else include 'error.php'; ?>

Hello, This has been something I been trying to figure out for awhile I wanna load a page when you click on the menu links to load within the index.php kinda like how iframes was for html but im using DIV Layers and I wanna click on something like "links.php" and have it load links.php within the same page.