news

[onthespot]

Hey guys.

Ok so I have a page on my site called news.php.

Here I can enter news if I am an admin, if not just view the news piece already posted.

So I have two questions about this.

Firstly, how do i restrict each page to dsplay only 5 news piece, and then page 2 displays the next 5, all in desc order.

The second question and possibly the one I can't get my head around is how can i create a page for each news piece.

So when I add a news piece, it will be displayed on the overall news page, but not the full news, and the news subject can be clicked to take you to its very own news page just for that piece of news. Here I can add the capacity to have comments for a news piece too.

 

I just can't get my head around how to make this happen!

If you could help, i would be very grateful.

[RichardRotterdam]

Assuming you are using a database.

Firstly, how do i restrict each page to display only 5 news piece, and then page 2 displays the next 5, all in desc order.

Sounds like a typical case of "pagination".I suggest you look up some tutorials on that subject.

 

The second question and possibly the one I can't get my head around is how can i create a page for each news piece.

You could create a query using the where clause and filtering by id. You can just pass the id in the url and fetch it with the $_GET method.

Select * from news where id=69

[onthespot]

Thats very helpful dude. Just didnt really know where to start or what was the best way to go about doing it. Cheers

[onthespot]

What would be the best way to go about the news comments?

At the moment the news table features the following

 

newsid | posted | date | comment | subject

 

I would store the comments in a table called "newscomments"?

How would i connect the two?

[RichardRotterdam]

What would be the best way to go about the news comments?

At the moment the news table features the following

 

newsid | posted | date | comment | subject

 

I would store the comments in a table called "newscomments"?

How would i connect the two?

Yup you'd need a different table for that. You can set a relation between them using a foreign key.

 

It would look something like:

newscomments

- id

- news_id (foreign_key)

- comment

- date

 

Look up some tutorials on normalisation and relational databases for further details if you're interested

[onthespot]

And both tables would add records in tandem?

Also can you see any reason why this wouldnt work?

 

<?
$res=mysql_query("SELECT * FROM ".TBL_NEWS." ORDER BY date DESC");

while($row=mysql_fetch_assoc($res)){
$id=$row['newsid'];
$posted=$row['posted'];
$date=$row['date'];
$comment=$row['comment'];
$subject=$row['subject'];
?>
  <a href='newspiece.php?news=$id'><? echo $subject ?></A>

 

Its like the $id variable isn't taking the variable and adding it to the URL.

Have i made a simple error?

[RichardRotterdam]

And both tables would add records in tandem?

No it would not, but that's ok you need a news item before you can comment it anyway.

 

Also can you see any reason why this wouldn't work?

 

<?php
$res=mysql_query("SELECT * FROM ".TBL_NEWS." ORDER BY date DESC");

while($row=mysql_fetch_assoc($res)){
$id=$row['newsid'];
$posted=$row['posted'];
$date=$row['date'];
$comment=$row['comment'];
$subject=$row['subject'];
?>
  <a href='newspiece.php?news=$id'><?php echo $subject ?></A>

 

Its like the $id variable isn't taking the variable and adding it to the URL.

Have i made a simple error?

Is the $id var empty? What are the exact field names of that table?

[onthespot]

sorted that, needed to php echo. thats all

[onthespot]

Ok so i have set up the following,

news.php

<?
$res=mysql_query("SELECT * FROM ".TBL_NEWS." ORDER BY date DESC");

while($row=mysql_fetch_assoc($res)){
$id=$row['newsid'];
$posted=$row['posted'];
$date=$row['date'];
$comment=$row['comment'];
$subject=$row['subject'];
?>
  <a href='newspiece.php?news=<?echo $id?>'><? echo $subject ?></a>

 

then on newspiece.php

 

<?

$news=$_GET['news'];
$res=mysql_query("SELECT * FROM ".TBL_NEWS." WHERE '$news' = newsid");

while($row=mysql_fetch_assoc($res)){

$posted=$row['posted'];
$date=$row['date'];
$comment=$row['comment'];
$subject=$row['subject'];
?>

<h2><?echo "$subject\n";?></h2><br>
<?echo "at $date\n";?>
<?echo "$comment\n";?>
<?echo "Posted by <a href=\"userprofile.php?user=$posted\">$posted</a>\n";?>
<?echo "<br />\n";?>

<?
}
?>

 

I am getting the following error:

 

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource

 

on the line (newspiece.php):

 

while($row=mysql_fetch_assoc($res)){

 

any ideas?

[RichardRotterdam]

you have have your id and match field the wrong way around

change:

$res=mysql_query("SELECT * FROM ".TBL_NEWS." WHERE '$news' = newsid");

 

to:

$res=mysql_query("SELECT * FROM ".TBL_NEWS." WHERE newsid={$news}");

 

You also need to santize your id fetched with the $_GET. Simply never trust user input wether it's with a form or url parameter.

[onthespot]

What does your last comment there mean? Could you explain what you mean more please?

[seventheyejosh]

You have to do something like

 

$variable=mysql_real_escape_string($_GET['variable']);

 

it is used to prevent sql injection attacks

 

mysql_real_escape_string

[RichardRotterdam]

seventheyejosh is correct about the sql injection part. However in your case your id is probably a number. If that is the case you should make it even more strict by excepting only numbers as input instead of escaping the input.

[seventheyejosh]

that's very true.

 

something like this should help:

 

$id=$_GET['variable'];

if(!is_int($id)){

echo 'Invalid Id';
exit();
}else{

//process as normal

}//end if

 

it is just my preference to do the error at the top so i dont forget it later

 

alternatively though you can do

 

if(is_int()){

//blah
}else{
//die

}

 

either way

[onthespot]

Thankyou, really am not up to scratch on these security measures.

At the moment when I enter letters as the id, i get a mysql fetch error!

[onthespot]

$news=mysql_real_escape_string($_GET['news']);

if(!is_int($news)){

echo 'This piece of news does not exist. Back to <a href="news.php">News</a>';
exit();
}else{



}

 

That is what I have now, is that ok?

Problem I am getting is even when the id is an integer, it's still displaying the error message!

[onthespot]

anyone?

[seventheyejosh]

u dont need the mysql real escape since u have the is int check