Jump to content

Recommended Posts

 I have a simple database with three fields 1) ID 2) pageTitle 3)content

 

I have a dropdown list poplulated by a query that allow a user to select the page to be edited. When the selection is made I would like to retrieve the associated content field from the database and redisplay the record on the page. I am very new so be gentle! Thanks

Link to comment
https://forums.phpfreaks.com/topic/2317-php-list-selection/
Share on other sites

I don't know if this is what you had in mind but this is what I got from the description above. You can see a live version here.

 

Here is the code:

[!--PHP-Head--][div class=\'phptop\']PHP[/div][div class=\'phpmain\'][!--PHP-EHead--]

[span style=\"color:#0000BB\"]<?php

[/span][span style=\"color:#FF8000\"]//  Jeremy Wesselman @ http://jwdevelopment.cincywebsolutions.com - hollywoodwesselman@hotmail.com

 

//enter your database info here

[/span][span style=\"color:#0000BB\"]$dbHost [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"DBHOST\"[/span][span style=\"color:#007700\"];

[/span][span style=\"color:#0000BB\"]$dbUser [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"DBUSER\"[/span][span style=\"color:#007700\"];

[/span][span style=\"color:#0000BB\"]$dbPass [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"DBPASS\"[/span][span style=\"color:#007700\"];

[/span][span style=\"color:#0000BB\"]$dbDatabase [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"DBDATABASE\"[/span][span style=\"color:#007700\"];

[/span][span style=\"color:#0000BB\"]$dbTable [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"DBTABLE\"[/span][span style=\"color:#007700\"];

 

[/span][span style=\"color:#FF8000\"]//connect to the database server, then select which db to use

[/span][span style=\"color:#0000BB\"]mysql_connect[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$dbHost[/span][span style=\"color:#007700\"], [/span][span style=\"color:#0000BB\"]$dbUser[/span][span style=\"color:#007700\"], [/span][span style=\"color:#0000BB\"]$dbPass[/span][span style=\"color:#007700\"]) or die([/span][span style=\"color:#DD0000\"]\"Could not connect to database server.<p>\" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]mysql_error[/span][span style=\"color:#007700\"]());

[/span][span style=\"color:#0000BB\"]mysql_select_db[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$dbDatabase[/span][span style=\"color:#007700\"]) or die([/span][span style=\"color:#DD0000\"]\"Could not connect to database. <p>\" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]mysql_error[/span][span style=\"color:#007700\"]());

 

[/span][span style=\"color:#FF8000\"]//if updating content

[/span][span style=\"color:#007700\"]if(isset([/span][span style=\"color:#0000BB\"]$_POST[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'update\'[/span][span style=\"color:#007700\"]]))

{

    [/span][span style=\"color:#FF8000\"]//assign variables

    [/span][span style=\"color:#0000BB\"]$content [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]$_POST[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'content\'[/span][span style=\"color:#007700\"]];

    [/span][span style=\"color:#0000BB\"]$pageTitle [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]$_POST[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'pageTitle\'[/span][span style=\"color:#007700\"]];

    

    [/span][span style=\"color:#FF8000\"]//run mysql query to update the content

    [/span][span style=\"color:#0000BB\"]$result [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_query[/span][span style=\"color:#007700\"]([/span][span style=\"color:#DD0000\"]\"UPDATE $dbTable SET content = \'$content\' WHERE pageTitle = \'$pageTitle\'\"[/span][span style=\"color:#007700\"]);

    

    [/span][span style=\"color:#FF8000\"]//if results are successful

    [/span][span style=\"color:#007700\"]if([/span][span style=\"color:#0000BB\"]$result[/span][span style=\"color:#007700\"])

    {

        echo([/span][span style=\"color:#DD0000\"]\"<font color=green>Successfully Updated.</font>\"[/span][span style=\"color:#007700\"]);

        echo([/span][span style=\"color:#DD0000\"]\"<p><a href=\'editPage.php\'>Edit Another Page</a>\"[/span][span style=\"color:#007700\"]);

    }

    [/span][span style=\"color:#FF8000\"]//if results aren\'t successful

    [/span][span style=\"color:#007700\"]else

    {

        echo([/span][span style=\"color:#DD0000\"]\"<font color=red>Updated Failed.</font>\"[/span][span style=\"color:#007700\"]);

    }

    

}

[/span][span style=\"color:#FF8000\"]//if not updating

[/span][span style=\"color:#007700\"]else

{

    [/span][span style=\"color:#FF8000\"]//if editing content

    [/span][span style=\"color:#007700\"]if (isset([/span][span style=\"color:#0000BB\"]$_POST[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'edit\'[/span][span style=\"color:#007700\"]]))

    {

        [/span][span style=\"color:#FF8000\"]//assign variables

        [/span][span style=\"color:#0000BB\"]$pageName [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]$_POST[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'pageTitle\'[/span][span style=\"color:#007700\"]];

        

        [/span][span style=\"color:#FF8000\"]//declare query, run query, and get results to display

        [/span][span style=\"color:#0000BB\"]$query [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"SELECT * FROM $dbTable WHERE pageTitle = \'$pageName\'\"[/span][span style=\"color:#007700\"];

        [/span][span style=\"color:#0000BB\"]$res [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_query[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$query[/span][span style=\"color:#007700\"]);

        while([/span][span style=\"color:#0000BB\"]$row [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_fetch_array[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$res[/span][span style=\"color:#007700\"]))

        {        

        echo([/span][span style=\"color:#DD0000\"]\"<form action=\" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]$_SERVER[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'PHP_SELF\'[/span][span style=\"color:#007700\"]] . [/span][span style=\"color:#DD0000\"]\" method=\'post\'>\"[/span][span style=\"color:#007700\"]);

        echo([/span][span style=\"color:#DD0000\"]\"ID: \" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]$row[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'id\'[/span][span style=\"color:#007700\"]] . [/span][span style=\"color:#DD0000\"]\"<br>\"[/span][span style=\"color:#007700\"]);

        echo([/span][span style=\"color:#DD0000\"]\"Page Title: \" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]$row[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'pageTitle\'[/span][span style=\"color:#007700\"]] . [/span][span style=\"color:#DD0000\"]\"<input type=\'hidden\' name=\'pageTitle\' value=\" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]$row[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'pageTitle\'[/span][span style=\"color:#007700\"]] . [/span][span style=\"color:#DD0000\"]\"><br>\"[/span][span style=\"color:#007700\"]);

        echo([/span][span style=\"color:#DD0000\"]\"<textarea rows=\'15\' cols=\'50\' name=\'content\'>\" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]$row[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'content\'[/span][span style=\"color:#007700\"]] . [/span][span style=\"color:#DD0000\"]\"</textarea><br>\"[/span][span style=\"color:#007700\"]);

        echo([/span][span style=\"color:#DD0000\"]\"<input type=\'submit\' value=\'Update Content\' name=\'update\'>\"[/span][span style=\"color:#007700\"]);

        echo([/span][span style=\"color:#DD0000\"]\"</form>\"[/span][span style=\"color:#007700\"]);

        }

    }

    [/span][span style=\"color:#FF8000\"]//if not editing content

    [/span][span style=\"color:#007700\"]else

    {

        [/span][span style=\"color:#FF8000\"]//run mysql query to pull pageTitle out of db into drop down box

        [/span][span style=\"color:#0000BB\"]$result [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_query[/span][span style=\"color:#007700\"]([/span][span style=\"color:#DD0000\"]\"SELECT * FROM $dbTable\"[/span][span style=\"color:#007700\"]);

        

        echo([/span][span style=\"color:#DD0000\"]\"<form action=\" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]$_SERVER[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'PHP_SELF\'[/span][span style=\"color:#007700\"]] . [/span][span style=\"color:#DD0000\"]\" method=\'POST\'>Select a page to edit: <select name=\'pageTitle\'>\"[/span][span style=\"color:#007700\"]);

        [/span][span style=\"color:#FF8000\"]//populate drop down box

        [/span][span style=\"color:#007700\"]while ([/span][span style=\"color:#0000BB\"]$row [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_fetch_row[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$result[/span][span style=\"color:#007700\"]))

        {

            echo([/span][span style=\"color:#DD0000\"]\"<option value=\\"[/span][span style=\"color:#0000BB\"]$row[/span][span style=\"color:#007700\"][[/span][span style=\"color:#0000BB\"]1[/span][span style=\"color:#007700\"]]&[/span][span style=\"color:#FF8000\"]#092;\">$row[1]</option>\");

        [/span][span style=\"color:#007700\"]}

        

        echo([/span][span style=\"color:#DD0000\"]\"</select> <input type=\'submit\' name=\'edit\' value=\'Edit Page\'></form>\"[/span][span style=\"color:#007700\"]);

    }

}

[/span][span style=\"color:#0000BB\"]mysql_close[/span][span style=\"color:#007700\"]();

[/span][span style=\"color:#0000BB\"]?>

[/span]

[/span][!--PHP-Foot--][/div][!--PHP-EFoot--]

 

I hope this helps

Jeremy

Link to comment
https://forums.phpfreaks.com/topic/2317-php-list-selection/#findComment-7599
Share on other sites

  • 2 weeks later...

Not many problems in the above script except a few pet peeves and security issues. Let's address the not so important stuff first.

 

Again as I always ask, why would you hide a variable inside of double quotes when coding in Dreamweaver? It makes the code a lot less readable and causing you hit Ctrl+F constantly searching for the variables.

 

That doesn't actually matter but it's just a good habit to get into.

 

The part I'm most concerned with is you're not preventing or even attempting to prevent malicious code from entering the database. Truth is, everyone out there isn't as good hearted as most of us are, so you want to make code that can slow their negativity down at least to a bare minimum.

 

I would always get in the habit of using stripslashes(); and addslashes(); for retrieval and insertion of information, respectively.

 

Secondly, you should check with a regular expression for common malicious SQL code that could be entering via the update page. That isn't as vital as the stripslashes(); and addslashes();, however.

 

If you don't want to have to work yourself to death by using addslashes(); for $_POST, $_GET, or $_REQUEST information you can always turn magic quotes on in your php.ini file.

 

While I keep mine turned on I still try to write all my code with addslashes(); and I like to have that attitude, "It will take me an extra 10 seconds to type in addslashes(); and stripslashes(); but it will take me 10 hours to figure out the problem if it gets hacked."

Link to comment
https://forums.phpfreaks.com/topic/2317-php-list-selection/#findComment-7649
Share on other sites

  • 2 weeks later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.