Jump to content

New to PHP - seeking guidance on CMS

spacepoet

By spacepoet
in PHP Coding Help

 Share

Recommended Posts

spacepoet Advanced Member

spacepoet

Posted
Posted

Hello:

 

I am very new to PHP. I have done a few basic feedback forms, but that's it.

 

I have done Classic ASP for years, and am trying to switch over to PHP.

 

I wanted to see what it would take to make a basic CMS that would allow users to update page content from an admin panel.

 

Very much like the attached .JPG demo.

 

Is there existing code available like what I'm trying to do?

 

I can post the ASP version code if it will help.

 

I assume it would need a database, but I have only used DNS-less connections with Access - not anything PHP related.

 

I know the site is hosted on justhost.com, and justhost.com uses unix servers.

 

Any assistance would be appreciated!

 

[attachment deleted by admin]

Link to comment
Share on other sites
defeated Regular Member

defeated

Posted
Posted

With regard to your user panel, the form is very straight forward with the exception of the content section.

For that you should check out http://tinymce.moxiecode.com/.  It is easy to implement.

With regards to putting your form into a db then mysql is the answer.  I've never worked with any other type of db but it's very straight forward and following tutorials on mysql on w3schools or tizag.com should get you started in no time.

 

One caveat would be to watch out for injections.

 

Any data taken from your form should be protected as in the following example:

/*Get form data*/
$content=$_REQUEST['content']; // unsafe to put into db
$content=mysql_real_escape_string($_REQUEST['content']);//escapes unsafe characters like '

note: $_POST['whatever'] is more usual for fetching form posted data. $_REQUEST['whatever'] works for bot POST and GET methods.  I've just got into the habit of using it from laziness!

Link to comment
Share on other sites
spacepoet Advanced Member

spacepoet

Posted
  • Author
Posted

Hi there:

 

Thanks for the message. I apprecite it.

 

I have a RTE I use.

 

My concern is trying to figure out how to get the PHP code.

 

In other words, this ASP code will make the admin panel form work:

 

<%@ language=vbscript%>

<% option explicit %>

 

<!--#include file="include/myConn.asp"-->

 

<%

 

 

Set oConn = Server.CreateObject("ADODB.Connection")

oConn.open(Conn)

 

SQL = "SELECT * FROM myAbout"

Set RS = oConn.Execute(SQL)

 

If Request("POSTBACK") = "EDIT" Then

 

SQL = "UPDATE myAbout SET "

 

SQL = SQL & "myTitle = '" & quoteCorrect(Request("myTitle")) & "', "

SQL = SQL & "myDesc = '" & quoteCorrect(Request("myDesc")) & "', "

SQL = SQL & "myHeader = '" & quoteCorrect(Request("myHeader")) & "', "

SQL = SQL & "mySubHeader = '" & quoteCorrect(Request("mySubHeader")) & "', "

SQL = SQL & "myPageData = '" & quoteCorrect(Request("myPageData")) & "' "

 

oConn.Execute(SQL)

 

%>

<script language="JavaScript">

alert("This page was updated!");

location.href = "<%=Request.ServerVariables("URL")%>";

</script>

<%

 

 

End If

 

 

%>

 

 

<html>

<head>

 

</head>

 

<body>

 

 

<div id="mainContent">

 

<h1>Editing</h1>

 

<p>

 

<form method="post">

<input type="hidden" name="POSTBACK" value="EDIT">

 

 

<div style="float: left; width: 120px; margin-right: 30px;">

 

Page Title:

 

</div>

 

<div style="float: left; width: 550px;">

 

<textarea cols="80" rows="1" name="myTitle"><%=RS("myTitle")%></textarea>

 

</div>

 

<div style="clear: both;"><br /></div>

 

 

<div style="float: left; width: 120px; margin-right: 30px;">

 

Page Description:

 

</div>

 

<div style="float: left; width: 550px;">

 

<textarea cols="80" rows="1" name="myDesc"><%=RS("myDesc")%></textarea>

 

</div>

 

<div style="clear: both;"><br /></div>

 

<div style="float: left; width: 120px; margin-right: 30px;">

 

Page Header:

 

</div>

 

<div style="float: left; width: 550px;">

 

<textarea cols="80" rows="1" name="myHeader"><%=RS("myHeader")%></textarea>

 

</div>

 

<div style="clear: both;"><br /></div>

 

<div style="float: left; width: 120px; margin-right: 30px;">

 

Page SubHeader:

 

</div>

 

<div style="float: left; width: 550px;">

 

<textarea cols="80" rows="1" name="mySubHeader"><%=RS("mySubHeader")%></textarea>

 

</div>

 

<div style="clear: both;"><br /></div>

 

Page Content:<br />

 

<textarea cols="80" id="myPageData" name="myPageData"><%=RS("myPageData")%></textarea>

 

<script type="text/javascript">

CKEDITOR.replace( 'myPageData' );

CKFinder.setupCKEditor( editor, '/ckfinder' );

</script>

 

<br />

 

<input type="submit" value="Submit" />

 

</form>

 

 

<%

RS.close

Set RS = nothing

oConn.close

set oConn = nothing

%>

 

 

 

</div>

 

</body>

 

</html>

 

 

I am trying to understand the syntax of this in a PHP format.

 

Or, find a basic example/file that would show me how to do this.

 

I would really say I am just trying to understand how to use PHP/SQL to UPDATE a record.

 

Does this make sense?

 

Thanks for the insight.

 

 

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted

There's a good free book in my signature (Hudzilla), take a look at that. It has chapters on handling forms and using databases.

 

I originally came from classic asp (about 6 years ago) and really, the switch should be pretty straight forward.

Link to comment
Share on other sites
spacepoet Advanced Member

spacepoet

Posted
  • Author
Posted

Hi!

 

OK, thanks for this link.

 

I hope the jump into PHP from ASP isn't too bad - I have heard once one gets an understanding of the syntax it starts coming together.

 

I haven't used mySQL databases (I think that's what PHP uses) but I would think it is somewhat like an Access database.

 

Thanks!

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted

Just for fun, I've translated your asp (which isn't particularly well written) to (decent) php. this should make things very simple for you.

 

<?php

if ($_SERVER['REQUEST_METHOD'] == 'POST') {

    include 'include/myConn.asp';

    if (mysql_connect('hostname','username','password') {
        mysql_select_db('databasename');
    } else {
        trigger_error(mysql_error());
    }

    $id = mysql_real_escape_string($_POST['id']);
    $myTitle = mysql_real_escape_string($_POST['myTitle']);
    $myDesc = mysql_real_escape_string($_POST['myDesc']);
    $myHeader = mysql_real_escape_string($_POST['myHeader']);
    $mySubHeader = mysql_real_escape_string($_POST['mySubHeader']);
    $myPageData = mysql_real_escape_string($_POST['myPageData']);

    $sql = "
        UPDATE myAbout
        SET
            myTitle = '$myTitle',
            myDesc = '$myDesc',
            myHeader = '$myHeader',
            mySubHeader = '$mySubHeader',
            myPageData = '$myPageData'
        WHERE id = $id
    ";

    if (mysql_query($sql) && mysql_affected_rows()) {
        header('Location: update-success.php');
    } else {
        header('Location: update-failed.php');
    }
}

Link to comment
Share on other sites
defeated Regular Member

defeated

Posted
Posted 

<?php
include('include/myConn.php'); //contains your mysql connection and table selection

//if statement deals with posted form: will be ignored if form has not been posted. 
//mysql_real_escape_string sanitizes in case of injection
//ideally I would use a line like
//$myTitle=mysql_real_escape_string($_REQUEST['mytitle']; outside of the query
//and in the query have
//myTitle=$myTitle,

if($_REQUEST['POSTBACK'] == "EDIT")
{
  mysql_query("UPDATE myAbout SET 
  myTitle=mysql_real_escape_string($_REQUEST['myTitle']),
  myDesc=mysql_real_escape_string($_REQUEST['myDesc']),
  myHeader=mysql_real_escape_string($_REQUEST['myHeader']),
  mySubHeader=mysql_real_escape_string($_REQUEST['mySubHeader']),
  myPageData=mysql_real_escape_string($_REQUEST['myPageData'])") or die("Problem updating db: ".mysql_error());
?>
<script language="JavaScript">
alert("This page was updated!");
location.href = "<%=Request.ServerVariables("URL")%>";
</script>

<?php
}//end if statement

//now we want to pull all data from the table myAbout to populate form
$query=mysql_query("SELECT * FROM myAbout") or die("Could not get data from db: ".mysql_error());
while($result=mysql_fetch_array($query))
{
  $myTitle=$result['myTitle'];
  $myDesc=$result['myDesc'];
  $myHeader=$result['myHeader'];
  $mySubHeader=$result['mySubHeader'];
  $myPageData=$result['myPageData'];
}//end while
?>



<html>
<head>

</head>

<body>

         
      <div id="mainContent">

         <h1>Editing</h1>
         
      <p>
            
         <form method="post" action="<?php echo $PHP_SELF;?>">
         <input type="hidden" name="POSTBACK" value="EDIT">
         
         
         <div style="float: left; width: 120px; margin-right: 30px;">
         
         Page Title:
         
         </div>
         
         <div style="float: left; width: 550px;">
         
         <textarea cols="80" rows="1" name="myTitle"><?php echo $myTitle; ?></textarea>
         
         </div>

         <div style="clear: both;"><br /></div>
         

         <div style="float: left; width: 120px; margin-right: 30px;">
         
         Page Description:
         
         </div>
         
         <div style="float: left; width: 550px;">
         
         <textarea cols="80" rows="1" name="myDesc"><?php echo $myDesc; ?></textarea>
         
         </div>

         <div style="clear: both;"><br /></div>
         
         <div style="float: left; width: 120px; margin-right: 30px;">
         
         Page Header:
         
         </div>
         
         <div style="float: left; width: 550px;">
                  
         <textarea cols="80" rows="1" name="myHeader"><?php echo $myHeader; ?></textarea>
         
         </div>

         <div style="clear: both;"><br /></div>

         <div style="float: left; width: 120px; margin-right: 30px;">
         
         Page SubHeader:
         
         </div>
         
         <div style="float: left; width: 550px;">
                  
         <textarea cols="80" rows="1" name="mySubHeader"><?php echo $mySubHeader; ?></textarea>
         
         </div>

         <div style="clear: both;"><br /></div>
         
         Page Content:<br />         
         
         <textarea cols="80" id="myPageData" name="myPageData"><?php echo $myPageData; ?></textarea>

         <script type="text/javascript">
            CKEDITOR.replace( 'myPageData' );
            CKFinder.setupCKEditor( editor, '/ckfinder' );
         </script>
         
         <br />
         
         <input type="submit" value="Submit" />

         </form>
         
         

   


</div>

</body>

</html>

 

I'm not sure about the javascript alert.  I think the way I have it means it will trigger every time the page is called (including first call).  I'm not too hot on javascript. :-[

Link to comment
Share on other sites
spacepoet Advanced Member

spacepoet

Posted
  • Author
Posted

Wow!

 

Thanks very much to the both of you!

 

This will give me something to study and learn from, and use as a springboard.

 

I do see a lot of similarities as far as formatting the syntax and all.

 

I think this will be a good forum for me to learn a lot from.

 

One other thing:

 

I would use my myConn.asp page like this (as the connection to the database):

 

<%

dim Conn

Conn = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & server.mapPath("database/DB.mdb")

%>

 

 

Is this along the lines of what to do for PHP?

 

I am under the impression that a mySQL database for PHP is NOT a physical database  one would download, but something I would set-up on my hosting platform (I currently have a small site with PHP includes on GoDaddy, and plan to use this as my "I'm learning PHP" website as well) and create the connection that way.

 

Am I correct about this?

 

Thanks very much for all the help!

 

 

 

Link to comment
Share on other sites
defeated Regular Member

defeated

Posted
Posted 

<?php
mysql_connect("localhost", "admin", "1admin") or die(mysql_error());
mysql_select_db("test") or die(mysql_error());
?>

 

mySql is indeed set up on your web server.

 

This forum is THE best forum there is for PHP. The tutorials at w3schools and tizag.com are great and nothing beats here when you get stuck.  I had no programming background at all (.asp will be an advantage - C would be even better since it's nearly exactly the same) and while I'm not an amazing php programmer I can find my way around now, all thanks to the tutorials and this site.

Link to comment
Share on other sites
spacepoet Advanced Member

spacepoet

Posted
  • Author
Posted

Hey!

 

Thanks much for showing me this as well.

 

I am much more of a designer, but I like to bill myself as a "designer who programs" so yes - this looks like it will be a very helpful forum.

 

Well, you two have given me a push with this code and some direction so I will try this all out!

 

I'll let ya know how it goes.

 

Thanks again!

Link to comment
Share on other sites
  • 2 weeks later...
spacepoet Advanced Member

spacepoet

Posted
  • Author
Posted

Hey:

 

I am trying to work with this code:

 

<?php
include('include/myConn.php'); //contains your mysql connection and table selection

//if statement deals with posted form: will be ignored if form has not been posted.
//mysql_real_escape_string sanitizes in case of injection
//ideally I would use a line like
//$myTitle=mysql_real_escape_string($_REQUEST['mytitle']; outside of the query
//and in the query have
//myTitle=$myTitle,

if($_REQUEST['POSTBACK'] == "EDIT")
{

  mysql_query("UPDATE myAbout SET
  myTitle=mysql_real_escape_string($_REQUEST['myTitle']),
  myDesc=mysql_real_escape_string($_REQUEST['myDesc']),
  myHeader=mysql_real_escape_string($_REQUEST['myHeader']),
  mySubHeader=mysql_real_escape_string($_REQUEST['mySubHeader']),
  myPageData=mysql_real_escape_string($_REQUEST['myPageData'])") or die("Problem updating db: ".mysql_error());



?>
<script language="JavaScript">
alert("This page was updated!");
location.href = "<%=test.php";
</script>

<?php
}//end if statement

//now we want to pull all data from the table myAbout to populate form
$query=mysql_query("SELECT * FROM myAbout") or die("Could not get data from db: ".mysql_error());
while($result=mysql_fetch_array($query))
{
  $myTitle=$result['myTitle'];
  $myDesc=$result['myDesc'];
  $myHeader=$result['myHeader'];
  $mySubHeader=$result['mySubHeader'];
  $myPageData=$result['myPageData'];
}//end while
?>




<form method="post" action="<?php echo $PHP_SELF;?>">
         <input type="hidden" name="POSTBACK" value="EDIT">
         
         
         <div style="float: left; width: 120px; margin-right: 30px;">
         
         Page Title:
         
         </div>
         
         <div style="float: left; width: 550px;">
         
         <textarea cols="80" rows="1" name="myTitle"><?php echo $myTitle; ?></textarea>
         
         </div>

         <div style="clear: both;"><br /></div>
         

         <div style="float: left; width: 120px; margin-right: 30px;">
         
         Page Description:
         
         </div>
         
         <div style="float: left; width: 550px;">
         
         <textarea cols="80" rows="1" name="myDesc"><?php echo $myDesc; ?></textarea>
         
         </div>

         <div style="clear: both;"><br /></div>
         
         <div style="float: left; width: 120px; margin-right: 30px;">
         
         Page Header:
         
         </div>
         
         <div style="float: left; width: 550px;">
                 
         <textarea cols="80" rows="1" name="myHeader"><?php echo $myHeader; ?></textarea>
         
         </div>

         <div style="clear: both;"><br /></div>

         <div style="float: left; width: 120px; margin-right: 30px;">
         
         Page SubHeader:
         
         </div>
         
         <div style="float: left; width: 550px;">
                 
         <textarea cols="80" rows="1" name="mySubHeader"><?php echo $mySubHeader; ?></textarea>
         
         </div>

         <div style="clear: both;"><br /></div>
         
         Page Content:<br />         
         
         <textarea cols="80" id="myPageData" name="myPageData"><?php echo $myPageData; ?></textarea>

         <script type="text/javascript">
            CKEDITOR.replace( 'myPageData' );
            CKFinder.setupCKEditor( editor, '/ckfinder' );
         </script>
         
         <br />
         
         <input type="submit" value="Submit" />

         </form>

 

With the full code above, I get this error:

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /var/www/domains/SUBDOMAIN.WEBSITE.com/docs/z.php on line 15

 

Now, if I remove the code in between the "if($_REQUEST['POSTBACK'] == "EDIT")" and the JS prompt, it works fine (the form displays and it populates the data, so I know it is not a DB connection issue).

 

So, what am I doing wring to get the data to INSERT properly?

 

Help?

 

Thanks!

Link to comment
Share on other sites
spacepoet Advanced Member

spacepoet

Posted
  • Author
Posted

Hi:

 

Thanks much for the tip. I see there errors in my ways there.

 

Getting closer - data displays, form submits, JS prompt works, but the data is not updating.

 

What did I miss?

<?php
include('include/myConn.php'); //contains your mysql connection and table selection

//if statement deals with posted form: will be ignored if form has not been posted. 
//mysql_real_escape_string sanitizes in case of injection
//ideally I would use a line like
//$myTitle=mysql_real_escape_string($_REQUEST['mytitle']; outside of the query
//and in the query have
//myTitle=$myTitle,

if($_REQUEST['POSTBACK'] == "EDIT")
{

$myTitle = mysql_real_escape_string($_POST['myTitle']);
$myDesc = mysql_real_escape_string($_POST['myDesc']);
$myHeader = mysql_real_escape_string($_POST['myHeader']);
$mySubHeader = mysql_real_escape_string($_POST['mySubHeader']);
$myPageData = mysql_real_escape_string($_POST['myPageData']);

$sql = "
UPDATE myAbout
   SET
      myTitle = '$myTitle',
      myDesc = '$myDesc',
      myHeader = '$myHeader',
      mySubHeader = '$mySubHeader',
      myPageData = '$myPageData'
  ";
?>


<script language="JavaScript">
alert("This page was updated!");
location.href = "z.php";
</script>




<?php
}//end if statement

//now we want to pull all data from the table myAbout to populate form
$query=mysql_query("SELECT * FROM myAbout") or die("Could not get data from db: ".mysql_error());
while($result=mysql_fetch_array($query))
{
  $myTitle=$result['myTitle'];
  $myDesc=$result['myDesc'];
  $myHeader=$result['myHeader'];
  $mySubHeader=$result['mySubHeader'];
  $myPageData=$result['myPageData'];
}//end while
?>

 

PS - I removed the ID portions, because this is always going to be the same form. I know it's a good practice to assign a table a primary ID (at least in ASP), but couldn't figure it out in the mySQL panel. :(

Link to comment
Share on other sites
spacepoet Advanced Member

spacepoet

Posted
  • Author
Posted

OK! Got it!

if ($_SERVER['REQUEST_METHOD'] == 'POST')
{

$myTitle = mysql_real_escape_string($_POST['myTitle']);
$myDesc = mysql_real_escape_string($_POST['myDesc']);
$myHeader = mysql_real_escape_string($_POST['myHeader']);
$mySubHeader = mysql_real_escape_string($_POST['mySubHeader']);
$myPageData = mysql_real_escape_string($_POST['myPageData']);

$sql = "
UPDATE myAbout
   SET
      myTitle = '$myTitle',
      myDesc = '$myDesc',
      myHeader = '$myHeader',
      mySubHeader = '$mySubHeader',
      myPageData = '$myPageData'
  ";
    
mysql_query($sql) && mysql_affected_rows()
    
?>

 

So this:

mysql_query($sql) && mysql_affected_rows()

 

is what executes SQL in PHP? Much like "Conn.Execute" would do in ASP?

 

Thanks very much for the help!

Link to comment
Share on other sites
spacepoet Advanced Member

spacepoet

Posted
  • Author
Posted

Hey:

 

Do I need to close a DB connection, like in ASP.

 

Something like:

myConn.php

<?php
$con = mysql_connect("localhost", "USERNAME", "PASSWORD") or die(mysql_error());
mysql_select_db("DATABASENAME") or die(mysql_error());
?>

 

Page:

<?php
include('include/myConn.php'); //contains your mysql connection and table selection
<html>
...

PHP PAGE DATA HERE
...

<?php
mysql_close($con);
?> 

</html>

 

Thanks again!

 

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted

So this:

mysql_query($sql) && mysql_affected_rows()

is what executes SQL in PHP? Much like "Conn.Execute" would do in ASP?

 

Thanks very much for the help!

 

Yeah. mysql_affected_rows() returns the number of rows affected, so you don't need it unless you want to check the query did something (which you should do).

 

Do I need to close a DB connection, like in ASP.

 

Nope. PHP has much better garbage collection and will do it itself.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.