Jump to content

Archived

This topic is now archived and is closed to further replies.

bahgheera

Hi php geniuses, link issue

Recommended Posts

Hello folks. I've been converting my website to php, I started last Saturday. So I'm a total php/mysql newbie. I've got my index.php set up pretty much like I want it - http://bahgheera.com/phptest/index.php. Now, I also have this script - http://bahgheera.com/phptest/backend2.php, which displays all the items from the index page, plus a form for adding new items (which actually works at this point), plus a link by each item to edit or delete the item.

Now, what I'm having trouble with is the edit and delete links. I need to have some way of sending the id of the item to be edited to the next script -  http://bahgheera.com/phptest/edit_item.php, but I just can't get my head around the logic required for this. Here's the code in question:

[code]
      $month = date ( m );
      $result = mysql_query ( "SELECT * FROM news2 WHERE date >= 060000 and date <= 063006 ORDER BY date DESC");
      $num_rows = mysql_num_rows ( $result );

      while ( $a_row = mysql_fetch_object( $result ) ) {

        $date_ex = "_".substr($a_row->date, 0, 2).".".substr($a_row->date, 3, 2).".".substr( $a_row->date, 6, 2)." //";
        print $date_ex." ID = ".$a_row->id ;

        print '<DIV CLASS="container">';

        print '<DIV CLASS="spacer">&nbsp;</DIV>';

        print ' <DIV CLASS="image">';

        print ' <A HREF="'.stripslashes ( $a_row->resource_url ).'" TARGET="_blank">';
        print ' <img src="http://bahgheera.com/img/'.stripslashes($a_row->img_url).'" width="150" height="150" border="0" alt="">';
        print ' </A>';
        print ' </DIV>';

        print ' <DIV CLASS="text">';

        print stripslashes ( $a_row->article_title ).'<br /><br />';
        print stripslashes ( $a_row->article_text ).'<br /><br />';
        print ' </DIV>';

        print '<DIV CLASS="spacer">&nbsp;</DIV>';

        print '</DIV>';
        print '<a href="edit_item.php">Edit</a> // <a href="">Delete</a>';
        print '<DIV CLASS="rule"> </DIV><BR>';

      }
[/code]

If this is even possible ( it has to be...) let me know. Any help will be greatly appreciated. In other words, freakin' awesome.

Laters...

Share this post


Link to post
Share on other sites
I want an Edit / Delete link beside each item. I have a while loop for displaying the items, and the edit / delete links are written to the browser inside this while loop. So I need to pass the id of the item to the edit_item.php script, depending on which link I've clicked.

Sorry if this is confusing, I guarantee I'm more confused than you though.

Laters...

Share this post


Link to post
Share on other sites
Does your sql table have a column like link_id or anything? 

Share this post


Link to post
Share on other sites
Put the primary key value to retrieve the row in the edit link so when they click the link the value will get passed to your edit_item.php script. The example below assumes that the column "ID" is your primary key:

print '<a href="edit_item.php?action=show&id=', urlencode($a_row->id), '">Edit</a> // <a href="">Delete</a>';

The "ID" is probably numeric and you wouldn't necessarily need to urlencode() that value, but it's good to get in the habit of using urlencode() in these situations. The "action" is optional but I assume you're going to be displaying and updating all within the same script. So, you'll need a way to know what stage you're at (display data for edit or update the data they submitted).

Then in your edit_item.php script, you would retrieve the value of the "id" passed in the URL (GET method) and use it to retrieve the info from your table. Example:

$action = isSet($_GET['action']) ? strtolower($_GET['action']) : '';
if ('update' != $action) {
  $action = 'show';
}
$id = isSet($_GET['id']) ? abs(intval($_GET['id'])) : 0;  // Set a default

if ($id < 1) {
  // ID not valid - display error, default to 1, or whatever
  exit;
}

When the action is to "show" the data for editing, do something like this:

// Read data to display for edit purposes using query like this
$sql = "SELECT * FROM news2 WHERE id = '$id'";
....
echo '<input type="text" name="article_text" value="', nl2br(htmlentities($a_row->article_text)), '"/>';
...
// Have ID passed back again so when they submit changes you know which row to update
echo '<input type="hidden" name="id" value="', $id, '"/>';
echo '<input type="hidden" name="action" value="update"/>';

Otherwise if the action is to "update", then validate all input, addslashes(), and update the row in the table corresponding to the $id value.

hth.

Share this post


Link to post
Share on other sites
Thank you toplay. I would never have guessed to pass the id in the link itself, I knew that was possible but I didn't think it was ok from a security standpoint. I can see I have a lot more reading to do this weekend.

Thanks again.

Laters...

Share this post


Link to post
Share on other sites
Well, there would be nothing stopping me from just going to edit.php?id=10 and editing it... So you should maybe think about a login page or restricting access to it somehow...

Share this post


Link to post
Share on other sites
[quote author=bahgheera link=topic=99732.msg393373#msg393373 date=1152317809]
Thank you toplay. I would never have guessed to pass the id in the link itself, I knew that was possible but I didn't think it was ok from a security standpoint. I can see I have a lot more reading to do this weekend.

Thanks again.

Laters...
[/quote]
Well, one can use PHP sessions to limit access and secure things, but you still will need to know what they clicked on in order to edit/delete it.

http://www.php.net/session

Share this post


Link to post
Share on other sites
Yes, I am planning to add an authentication system somehow, I just haven't gotten to that point yet.

Share this post


Link to post
Share on other sites
So am I to understand that if I place the text '?id=5' at the end of my url, then in the script being called, there will be a variable called $id with a value of 5? is the 'action=show' just another variable? Can I customize that, can I use my own arbitrary 'actions'? Questions, questions, questions.

Thanks!

Share this post


Link to post
Share on other sites
[quote author=bahgheera link=topic=99732.msg393659#msg393659 date=1152386646]
So am I to understand that if I place the text '?id=5' at the end of my url, then in the script being called, there will be a variable called $id with a value of 5?
[/quote]
Only if you have register_globals on. It should be off and use $_GET instead (see my original post here).

[quote author=bahgheera link=topic=99732.msg393659#msg393659 date=1152386646]
is the 'action=show' just another variable? Can I customize that, can I use my own arbitrary 'actions'? Questions, questions, questions.
[/quote]
Yes to all. The "action" is the key/variable and "show" is it's value. You can use any key/value pair you want. I was just giving you an example.

Share this post


Link to post
Share on other sites
Hey thanks for all the informaton toplay and others.

It's a shame no one mentioned to me that if you set up your backend script first, and worry about the authentication system later, then googlebot will come through your site and hit *EVERY SINGLE DELETE LINK* as it's indexing.  :'( Ah well, a lesson learned.

Chalk one up to experience; at least it was just a test database...

Laters...

Share this post


Link to post
Share on other sites
[quote author=bahgheera link=topic=99732.msg393617#msg393617 date=1152376581]
Yes, I am planning to add an authentication system somehow, I just haven't gotten to that point yet.
[/quote]
You mentioned including an authentication system. That's one of the reasons of why you need security.

Security must be thought of first, during, and after a project and not just treated as an after thought.

As you say a good lesson learned.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.