bahgheera Posted July 6, 2006 Share Posted July 6, 2006 Hello folks. I've been converting my website to php, I started last Saturday. So I'm a total php/mysql newbie. I've got my index.php set up pretty much like I want it - http://bahgheera.com/phptest/index.php. Now, I also have this script - http://bahgheera.com/phptest/backend2.php, which displays all the items from the index page, plus a form for adding new items (which actually works at this point), plus a link by each item to edit or delete the item. Now, what I'm having trouble with is the edit and delete links. I need to have some way of sending the id of the item to be edited to the next script - http://bahgheera.com/phptest/edit_item.php, but I just can't get my head around the logic required for this. Here's the code in question:[code] $month = date ( m ); $result = mysql_query ( "SELECT * FROM news2 WHERE date >= 060000 and date <= 063006 ORDER BY date DESC"); $num_rows = mysql_num_rows ( $result ); while ( $a_row = mysql_fetch_object( $result ) ) { $date_ex = "_".substr($a_row->date, 0, 2).".".substr($a_row->date, 3, 2).".".substr( $a_row->date, 6, 2)." //"; print $date_ex." ID = ".$a_row->id ; print '<DIV CLASS="container">'; print '<DIV CLASS="spacer"> </DIV>'; print ' <DIV CLASS="image">'; print ' <A HREF="'.stripslashes ( $a_row->resource_url ).'" TARGET="_blank">'; print ' <img src="http://bahgheera.com/img/'.stripslashes($a_row->img_url).'" width="150" height="150" border="0" alt="">'; print ' </A>'; print ' </DIV>'; print ' <DIV CLASS="text">'; print stripslashes ( $a_row->article_title ).'<br /><br />'; print stripslashes ( $a_row->article_text ).'<br /><br />'; print ' </DIV>'; print '<DIV CLASS="spacer"> </DIV>'; print '</DIV>'; print '<a href="edit_item.php">Edit</a> // <a href="">Delete</a>'; print '<DIV CLASS="rule"> </DIV><BR>'; }[/code]If this is even possible ( it has to be...) let me know. Any help will be greatly appreciated. In other words, freakin' awesome.Laters... Quote Link to comment Share on other sites More sharing options...
corbin Posted July 7, 2006 Share Posted July 7, 2006 uhhh i dont get what youre tryin to do... Quote Link to comment Share on other sites More sharing options...
bahgheera Posted July 7, 2006 Author Share Posted July 7, 2006 I want an Edit / Delete link beside each item. I have a while loop for displaying the items, and the edit / delete links are written to the browser inside this while loop. So I need to pass the id of the item to the edit_item.php script, depending on which link I've clicked.Sorry if this is confusing, I guarantee I'm more confused than you though.Laters... Quote Link to comment Share on other sites More sharing options...
corbin Posted July 7, 2006 Share Posted July 7, 2006 Does your sql table have a column like link_id or anything? Quote Link to comment Share on other sites More sharing options...
toplay Posted July 7, 2006 Share Posted July 7, 2006 Put the primary key value to retrieve the row in the edit link so when they click the link the value will get passed to your edit_item.php script. The example below assumes that the column "ID" is your primary key:print '<a href="edit_item.php?action=show&id=', urlencode($a_row->id), '">Edit</a> // <a href="">Delete</a>';The "ID" is probably numeric and you wouldn't necessarily need to urlencode() that value, but it's good to get in the habit of using urlencode() in these situations. The "action" is optional but I assume you're going to be displaying and updating all within the same script. So, you'll need a way to know what stage you're at (display data for edit or update the data they submitted).Then in your edit_item.php script, you would retrieve the value of the "id" passed in the URL (GET method) and use it to retrieve the info from your table. Example:$action = isSet($_GET['action']) ? strtolower($_GET['action']) : '';if ('update' != $action) { $action = 'show';}$id = isSet($_GET['id']) ? abs(intval($_GET['id'])) : 0; // Set a defaultif ($id < 1) { // ID not valid - display error, default to 1, or whatever exit;}When the action is to "show" the data for editing, do something like this:// Read data to display for edit purposes using query like this$sql = "SELECT * FROM news2 WHERE id = '$id'";....echo '<input type="text" name="article_text" value="', nl2br(htmlentities($a_row->article_text)), '"/>';...// Have ID passed back again so when they submit changes you know which row to updateecho '<input type="hidden" name="id" value="', $id, '"/>';echo '<input type="hidden" name="action" value="update"/>';Otherwise if the action is to "update", then validate all input, addslashes(), and update the row in the table corresponding to the $id value.hth. Quote Link to comment Share on other sites More sharing options...
bahgheera Posted July 8, 2006 Author Share Posted July 8, 2006 Thank you toplay. I would never have guessed to pass the id in the link itself, I knew that was possible but I didn't think it was ok from a security standpoint. I can see I have a lot more reading to do this weekend. Thanks again.Laters... Quote Link to comment Share on other sites More sharing options...
Crimpage Posted July 8, 2006 Share Posted July 8, 2006 Well, there would be nothing stopping me from just going to edit.php?id=10 and editing it... So you should maybe think about a login page or restricting access to it somehow... Quote Link to comment Share on other sites More sharing options...
toplay Posted July 8, 2006 Share Posted July 8, 2006 [quote author=bahgheera link=topic=99732.msg393373#msg393373 date=1152317809]Thank you toplay. I would never have guessed to pass the id in the link itself, I knew that was possible but I didn't think it was ok from a security standpoint. I can see I have a lot more reading to do this weekend.Thanks again.Laters...[/quote]Well, one can use PHP sessions to limit access and secure things, but you still will need to know what they clicked on in order to edit/delete it.http://www.php.net/session Quote Link to comment Share on other sites More sharing options...
bahgheera Posted July 8, 2006 Author Share Posted July 8, 2006 Yes, I am planning to add an authentication system somehow, I just haven't gotten to that point yet. Quote Link to comment Share on other sites More sharing options...
bahgheera Posted July 8, 2006 Author Share Posted July 8, 2006 So am I to understand that if I place the text '?id=5' at the end of my url, then in the script being called, there will be a variable called $id with a value of 5? is the 'action=show' just another variable? Can I customize that, can I use my own arbitrary 'actions'? Questions, questions, questions.Thanks! Quote Link to comment Share on other sites More sharing options...
toplay Posted July 8, 2006 Share Posted July 8, 2006 [quote author=bahgheera link=topic=99732.msg393659#msg393659 date=1152386646]So am I to understand that if I place the text '?id=5' at the end of my url, then in the script being called, there will be a variable called $id with a value of 5?[/quote]Only if you have register_globals on. It should be off and use $_GET instead (see my original post here).[quote author=bahgheera link=topic=99732.msg393659#msg393659 date=1152386646]is the 'action=show' just another variable? Can I customize that, can I use my own arbitrary 'actions'? Questions, questions, questions.[/quote]Yes to all. The "action" is the key/variable and "show" is it's value. You can use any key/value pair you want. I was just giving you an example. Quote Link to comment Share on other sites More sharing options...
bahgheera Posted July 18, 2006 Author Share Posted July 18, 2006 Hey thanks for all the informaton toplay and others.It's a shame no one mentioned to me that if you set up your backend script first, and worry about the authentication system later, then googlebot will come through your site and hit *EVERY SINGLE DELETE LINK* as it's indexing. :'( Ah well, a lesson learned.Chalk one up to experience; at least it was just a test database...Laters... Quote Link to comment Share on other sites More sharing options...
toplay Posted July 18, 2006 Share Posted July 18, 2006 [quote author=bahgheera link=topic=99732.msg393617#msg393617 date=1152376581]Yes, I am planning to add an authentication system somehow, I just haven't gotten to that point yet.[/quote]You mentioned including an authentication system. That's one of the reasons of why you need security.Security must be thought of first, during, and after a project and not just treated as an after thought.As you say a good lesson learned. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.