parkinl Posted May 20, 2005 Share Posted May 20, 2005 I have a simple database with three fields 1) ID 2) pageTitle 3)content I have a dropdown list poplulated by a query that allow a user to select the page to be edited. When the selection is made I would like to retrieve the associated content field from the database and redisplay the record on the page. I am very new so be gentle! Thanks Quote Link to comment https://forums.phpfreaks.com/topic/2317-php-list-selection/ Share on other sites More sharing options...
jeremywesselman Posted May 21, 2005 Share Posted May 21, 2005 I don't know if this is what you had in mind but this is what I got from the description above. You can see a live version here. Here is the code: [!--PHP-Head--][div class=\'phptop\']PHP[/div][div class=\'phpmain\'][!--PHP-EHead--] [span style=\"color:#0000BB\"]<?php [/span][span style=\"color:#FF8000\"]// Jeremy Wesselman @ http://jwdevelopment.cincywebsolutions.com - hollywoodwesselman@hotmail.com //enter your database info here [/span][span style=\"color:#0000BB\"]$dbHost [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"DBHOST\"[/span][span style=\"color:#007700\"]; [/span][span style=\"color:#0000BB\"]$dbUser [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"DBUSER\"[/span][span style=\"color:#007700\"]; [/span][span style=\"color:#0000BB\"]$dbPass [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"DBPASS\"[/span][span style=\"color:#007700\"]; [/span][span style=\"color:#0000BB\"]$dbDatabase [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"DBDATABASE\"[/span][span style=\"color:#007700\"]; [/span][span style=\"color:#0000BB\"]$dbTable [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"DBTABLE\"[/span][span style=\"color:#007700\"]; [/span][span style=\"color:#FF8000\"]//connect to the database server, then select which db to use [/span][span style=\"color:#0000BB\"]mysql_connect[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$dbHost[/span][span style=\"color:#007700\"], [/span][span style=\"color:#0000BB\"]$dbUser[/span][span style=\"color:#007700\"], [/span][span style=\"color:#0000BB\"]$dbPass[/span][span style=\"color:#007700\"]) or die([/span][span style=\"color:#DD0000\"]\"Could not connect to database server.<p>\" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]mysql_error[/span][span style=\"color:#007700\"]()); [/span][span style=\"color:#0000BB\"]mysql_select_db[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$dbDatabase[/span][span style=\"color:#007700\"]) or die([/span][span style=\"color:#DD0000\"]\"Could not connect to database. <p>\" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]mysql_error[/span][span style=\"color:#007700\"]()); [/span][span style=\"color:#FF8000\"]//if updating content [/span][span style=\"color:#007700\"]if(isset([/span][span style=\"color:#0000BB\"]$_POST[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'update\'[/span][span style=\"color:#007700\"]])) { [/span][span style=\"color:#FF8000\"]//assign variables [/span][span style=\"color:#0000BB\"]$content [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]$_POST[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'content\'[/span][span style=\"color:#007700\"]]; [/span][span style=\"color:#0000BB\"]$pageTitle [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]$_POST[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'pageTitle\'[/span][span style=\"color:#007700\"]]; [/span][span style=\"color:#FF8000\"]//run mysql query to update the content [/span][span style=\"color:#0000BB\"]$result [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_query[/span][span style=\"color:#007700\"]([/span][span style=\"color:#DD0000\"]\"UPDATE $dbTable SET content = \'$content\' WHERE pageTitle = \'$pageTitle\'\"[/span][span style=\"color:#007700\"]); [/span][span style=\"color:#FF8000\"]//if results are successful [/span][span style=\"color:#007700\"]if([/span][span style=\"color:#0000BB\"]$result[/span][span style=\"color:#007700\"]) { echo([/span][span style=\"color:#DD0000\"]\"<font color=green>Successfully Updated.</font>\"[/span][span style=\"color:#007700\"]); echo([/span][span style=\"color:#DD0000\"]\"<p><a href=\'editPage.php\'>Edit Another Page</a>\"[/span][span style=\"color:#007700\"]); } [/span][span style=\"color:#FF8000\"]//if results aren\'t successful [/span][span style=\"color:#007700\"]else { echo([/span][span style=\"color:#DD0000\"]\"<font color=red>Updated Failed.</font>\"[/span][span style=\"color:#007700\"]); } } [/span][span style=\"color:#FF8000\"]//if not updating [/span][span style=\"color:#007700\"]else { [/span][span style=\"color:#FF8000\"]//if editing content [/span][span style=\"color:#007700\"]if (isset([/span][span style=\"color:#0000BB\"]$_POST[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'edit\'[/span][span style=\"color:#007700\"]])) { [/span][span style=\"color:#FF8000\"]//assign variables [/span][span style=\"color:#0000BB\"]$pageName [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]$_POST[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'pageTitle\'[/span][span style=\"color:#007700\"]]; [/span][span style=\"color:#FF8000\"]//declare query, run query, and get results to display [/span][span style=\"color:#0000BB\"]$query [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"SELECT * FROM $dbTable WHERE pageTitle = \'$pageName\'\"[/span][span style=\"color:#007700\"]; [/span][span style=\"color:#0000BB\"]$res [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_query[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$query[/span][span style=\"color:#007700\"]); while([/span][span style=\"color:#0000BB\"]$row [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_fetch_array[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$res[/span][span style=\"color:#007700\"])) { echo([/span][span style=\"color:#DD0000\"]\"<form action=\" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]$_SERVER[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'PHP_SELF\'[/span][span style=\"color:#007700\"]] . [/span][span style=\"color:#DD0000\"]\" method=\'post\'>\"[/span][span style=\"color:#007700\"]); echo([/span][span style=\"color:#DD0000\"]\"ID: \" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]$row[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'id\'[/span][span style=\"color:#007700\"]] . [/span][span style=\"color:#DD0000\"]\"<br>\"[/span][span style=\"color:#007700\"]); echo([/span][span style=\"color:#DD0000\"]\"Page Title: \" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]$row[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'pageTitle\'[/span][span style=\"color:#007700\"]] . [/span][span style=\"color:#DD0000\"]\"<input type=\'hidden\' name=\'pageTitle\' value=\" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]$row[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'pageTitle\'[/span][span style=\"color:#007700\"]] . [/span][span style=\"color:#DD0000\"]\"><br>\"[/span][span style=\"color:#007700\"]); echo([/span][span style=\"color:#DD0000\"]\"<textarea rows=\'15\' cols=\'50\' name=\'content\'>\" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]$row[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'content\'[/span][span style=\"color:#007700\"]] . [/span][span style=\"color:#DD0000\"]\"</textarea><br>\"[/span][span style=\"color:#007700\"]); echo([/span][span style=\"color:#DD0000\"]\"<input type=\'submit\' value=\'Update Content\' name=\'update\'>\"[/span][span style=\"color:#007700\"]); echo([/span][span style=\"color:#DD0000\"]\"</form>\"[/span][span style=\"color:#007700\"]); } } [/span][span style=\"color:#FF8000\"]//if not editing content [/span][span style=\"color:#007700\"]else { [/span][span style=\"color:#FF8000\"]//run mysql query to pull pageTitle out of db into drop down box [/span][span style=\"color:#0000BB\"]$result [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_query[/span][span style=\"color:#007700\"]([/span][span style=\"color:#DD0000\"]\"SELECT * FROM $dbTable\"[/span][span style=\"color:#007700\"]); echo([/span][span style=\"color:#DD0000\"]\"<form action=\" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]$_SERVER[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'PHP_SELF\'[/span][span style=\"color:#007700\"]] . [/span][span style=\"color:#DD0000\"]\" method=\'POST\'>Select a page to edit: <select name=\'pageTitle\'>\"[/span][span style=\"color:#007700\"]); [/span][span style=\"color:#FF8000\"]//populate drop down box [/span][span style=\"color:#007700\"]while ([/span][span style=\"color:#0000BB\"]$row [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_fetch_row[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$result[/span][span style=\"color:#007700\"])) { echo([/span][span style=\"color:#DD0000\"]\"<option value=\\"[/span][span style=\"color:#0000BB\"]$row[/span][span style=\"color:#007700\"][[/span][span style=\"color:#0000BB\"]1[/span][span style=\"color:#007700\"]]&[/span][span style=\"color:#FF8000\"]#092;\">$row[1]</option>\"); [/span][span style=\"color:#007700\"]} echo([/span][span style=\"color:#DD0000\"]\"</select> <input type=\'submit\' name=\'edit\' value=\'Edit Page\'></form>\"[/span][span style=\"color:#007700\"]); } } [/span][span style=\"color:#0000BB\"]mysql_close[/span][span style=\"color:#007700\"](); [/span][span style=\"color:#0000BB\"]?> [/span] [/span][!--PHP-Foot--][/div][!--PHP-EFoot--] I hope this helps Jeremy Quote Link to comment https://forums.phpfreaks.com/topic/2317-php-list-selection/#findComment-7599 Share on other sites More sharing options...
Pilot-Doofy Posted May 29, 2005 Share Posted May 29, 2005 Not many problems in the above script except a few pet peeves and security issues. Let's address the not so important stuff first. Again as I always ask, why would you hide a variable inside of double quotes when coding in Dreamweaver? It makes the code a lot less readable and causing you hit Ctrl+F constantly searching for the variables. That doesn't actually matter but it's just a good habit to get into. The part I'm most concerned with is you're not preventing or even attempting to prevent malicious code from entering the database. Truth is, everyone out there isn't as good hearted as most of us are, so you want to make code that can slow their negativity down at least to a bare minimum. I would always get in the habit of using stripslashes(); and addslashes(); for retrieval and insertion of information, respectively. Secondly, you should check with a regular expression for common malicious SQL code that could be entering via the update page. That isn't as vital as the stripslashes(); and addslashes();, however. If you don't want to have to work yourself to death by using addslashes(); for $_POST, $_GET, or $_REQUEST information you can always turn magic quotes on in your php.ini file. While I keep mine turned on I still try to write all my code with addslashes(); and I like to have that attitude, "It will take me an extra 10 seconds to type in addslashes(); and stripslashes(); but it will take me 10 hours to figure out the problem if it gets hacked." Quote Link to comment https://forums.phpfreaks.com/topic/2317-php-list-selection/#findComment-7649 Share on other sites More sharing options...
parkinl Posted June 12, 2005 Author Share Posted June 12, 2005 Thanks Jeremy. That is what I had in mind. I have a form identicle to what you have here but I could not get it to load the content field data after I selected the page to be edited. I'll give it a try and let you know. Lee Quote Link to comment https://forums.phpfreaks.com/topic/2317-php-list-selection/#findComment-7730 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.