Jump to content


Photo

PHP List Selection


  • Please log in to reply
3 replies to this topic

#1 parkinl

parkinl
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 20 May 2005 - 07:10 PM

[code=php:0] I have a simple database with three fields 1) ID 2) pageTitle 3)content

I have a dropdown list poplulated by a query that allow a user to select the page to be edited. When the selection is made I would like to retrieve the associated content field from the database and redisplay the record on the page. I am very new so be gentle! Thanks

#2 jeremywesselman

jeremywesselman
  • Members
  • PipPipPip
  • Advanced Member
  • 154 posts
  • LocationIndependence, KY

Posted 21 May 2005 - 11:35 AM

I don't know if this is what you had in mind but this is what I got from the description above. You can see a live version here.

Here is the code:
[!--PHP-Head--][div class=\'phptop\']PHP[/div][div class=\'phpmain\'][!--PHP-EHead--]
[span style=\"color:#0000BB\"]<?php
[/span][span style=\"color:#FF8000\"]//  Jeremy Wesselman @ http://jwdevelopment.cincywebsolutions.com - hollywoodwesselman@hotmail.com

//enter your database info here
[/span][span style=\"color:#0000BB\"]$dbHost [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"DBHOST\"[/span][span style=\"color:#007700\"];
[/span][span style=\"color:#0000BB\"]$dbUser [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"DBUSER\"[/span][span style=\"color:#007700\"];
[/span][span style=\"color:#0000BB\"]$dbPass [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"DBPASS\"[/span][span style=\"color:#007700\"];
[/span][span style=\"color:#0000BB\"]$dbDatabase [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"DBDATABASE\"[/span][span style=\"color:#007700\"];
[/span][span style=\"color:#0000BB\"]$dbTable [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"DBTABLE\"[/span][span style=\"color:#007700\"];

[/span][span style=\"color:#FF8000\"]//connect to the database server, then select which db to use
[/span][span style=\"color:#0000BB\"]mysql_connect[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$dbHost[/span][span style=\"color:#007700\"], [/span][span style=\"color:#0000BB\"]$dbUser[/span][span style=\"color:#007700\"], [/span][span style=\"color:#0000BB\"]$dbPass[/span][span style=\"color:#007700\"]) or die([/span][span style=\"color:#DD0000\"]\"Could not connect to database server.<p>\" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]mysql_error[/span][span style=\"color:#007700\"]());
[/span][span style=\"color:#0000BB\"]mysql_select_db[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$dbDatabase[/span][span style=\"color:#007700\"]) or die([/span][span style=\"color:#DD0000\"]\"Could not connect to database. <p>\" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]mysql_error[/span][span style=\"color:#007700\"]());

[/span][span style=\"color:#FF8000\"]//if updating content
[/span][span style=\"color:#007700\"]if(isset([/span][span style=\"color:#0000BB\"]$_POST[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'update\'[/span][span style=\"color:#007700\"]]))
{
    [/span][span style=\"color:#FF8000\"]//assign variables
    [/span][span style=\"color:#0000BB\"]$content [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]$_POST[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'content\'[/span][span style=\"color:#007700\"]];
    [/span][span style=\"color:#0000BB\"]$pageTitle [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]$_POST[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'pageTitle\'[/span][span style=\"color:#007700\"]];
    
    [/span][span style=\"color:#FF8000\"]//run mysql query to update the content
    [/span][span style=\"color:#0000BB\"]$result [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_query[/span][span style=\"color:#007700\"]([/span][span style=\"color:#DD0000\"]\"UPDATE $dbTable SET content = \'$content\' WHERE pageTitle = \'$pageTitle\'\"[/span][span style=\"color:#007700\"]);
    
    [/span][span style=\"color:#FF8000\"]//if results are successful
    [/span][span style=\"color:#007700\"]if([/span][span style=\"color:#0000BB\"]$result[/span][span style=\"color:#007700\"])
    {
        echo([/span][span style=\"color:#DD0000\"]\"<font color=green>Successfully Updated.</font>\"[/span][span style=\"color:#007700\"]);
        echo([/span][span style=\"color:#DD0000\"]\"<p><a href=\'editPage.php\'>Edit Another Page</a>\"[/span][span style=\"color:#007700\"]);
    }
    [/span][span style=\"color:#FF8000\"]//if results aren\'t successful
    [/span][span style=\"color:#007700\"]else
    {
        echo([/span][span style=\"color:#DD0000\"]\"<font color=red>Updated Failed.</font>\"[/span][span style=\"color:#007700\"]);
    }
    
}
[/span][span style=\"color:#FF8000\"]//if not updating
[/span][span style=\"color:#007700\"]else
{
    [/span][span style=\"color:#FF8000\"]//if editing content
    [/span][span style=\"color:#007700\"]if (isset([/span][span style=\"color:#0000BB\"]$_POST[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'edit\'[/span][span style=\"color:#007700\"]]))
    {
        [/span][span style=\"color:#FF8000\"]//assign variables
        [/span][span style=\"color:#0000BB\"]$pageName [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]$_POST[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'pageTitle\'[/span][span style=\"color:#007700\"]];
        
        [/span][span style=\"color:#FF8000\"]//declare query, run query, and get results to display
        [/span][span style=\"color:#0000BB\"]$query [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#DD0000\"]\"SELECT * FROM $dbTable WHERE pageTitle = \'$pageName\'\"[/span][span style=\"color:#007700\"];
        [/span][span style=\"color:#0000BB\"]$res [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_query[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$query[/span][span style=\"color:#007700\"]);
        while([/span][span style=\"color:#0000BB\"]$row [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_fetch_array[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$res[/span][span style=\"color:#007700\"]))
        {        
        echo([/span][span style=\"color:#DD0000\"]\"<form action=\" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]$_SERVER[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'PHP_SELF\'[/span][span style=\"color:#007700\"]] . [/span][span style=\"color:#DD0000\"]\" method=\'post\'>\"[/span][span style=\"color:#007700\"]);
        echo([/span][span style=\"color:#DD0000\"]\"ID: \" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]$row[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'id\'[/span][span style=\"color:#007700\"]] . [/span][span style=\"color:#DD0000\"]\"<br>\"[/span][span style=\"color:#007700\"]);
        echo([/span][span style=\"color:#DD0000\"]\"Page Title: \" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]$row[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'pageTitle\'[/span][span style=\"color:#007700\"]] . [/span][span style=\"color:#DD0000\"]\"<input type=\'hidden\' name=\'pageTitle\' value=\" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]$row[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'pageTitle\'[/span][span style=\"color:#007700\"]] . [/span][span style=\"color:#DD0000\"]\"><br>\"[/span][span style=\"color:#007700\"]);
        echo([/span][span style=\"color:#DD0000\"]\"<textarea rows=\'15\' cols=\'50\' name=\'content\'>\" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]$row[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'content\'[/span][span style=\"color:#007700\"]] . [/span][span style=\"color:#DD0000\"]\"</textarea><br>\"[/span][span style=\"color:#007700\"]);
        echo([/span][span style=\"color:#DD0000\"]\"<input type=\'submit\' value=\'Update Content\' name=\'update\'>\"[/span][span style=\"color:#007700\"]);
        echo([/span][span style=\"color:#DD0000\"]\"</form>\"[/span][span style=\"color:#007700\"]);
        }
    }
    [/span][span style=\"color:#FF8000\"]//if not editing content
    [/span][span style=\"color:#007700\"]else
    {
        [/span][span style=\"color:#FF8000\"]//run mysql query to pull pageTitle out of db into drop down box
        [/span][span style=\"color:#0000BB\"]$result [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_query[/span][span style=\"color:#007700\"]([/span][span style=\"color:#DD0000\"]\"SELECT * FROM $dbTable\"[/span][span style=\"color:#007700\"]);
        
        echo([/span][span style=\"color:#DD0000\"]\"<form action=\" [/span][span style=\"color:#007700\"]. [/span][span style=\"color:#0000BB\"]$_SERVER[/span][span style=\"color:#007700\"][[/span][span style=\"color:#DD0000\"]\'PHP_SELF\'[/span][span style=\"color:#007700\"]] . [/span][span style=\"color:#DD0000\"]\" method=\'POST\'>Select a page to edit: <select name=\'pageTitle\'>\"[/span][span style=\"color:#007700\"]);
        [/span][span style=\"color:#FF8000\"]//populate drop down box
        [/span][span style=\"color:#007700\"]while ([/span][span style=\"color:#0000BB\"]$row [/span][span style=\"color:#007700\"]= [/span][span style=\"color:#0000BB\"]mysql_fetch_row[/span][span style=\"color:#007700\"]([/span][span style=\"color:#0000BB\"]$result[/span][span style=\"color:#007700\"]))
        {
            echo([/span][span style=\"color:#DD0000\"]\"<option value=\\"[/span][span style=\"color:#0000BB\"]$row[/span][span style=\"color:#007700\"][[/span][span style=\"color:#0000BB\"]1[/span][span style=\"color:#007700\"]]&[/span][span style=\"color:#FF8000\"]#092;\">$row[1]</option>\");
        [/span][span style=\"color:#007700\"]}
        
        echo([/span][span style=\"color:#DD0000\"]\"</select> <input type=\'submit\' name=\'edit\' value=\'Edit Page\'></form>\"[/span][span style=\"color:#007700\"]);
    }
}
[/span][span style=\"color:#0000BB\"]mysql_close[/span][span style=\"color:#007700\"]();
[/span][span style=\"color:#0000BB\"]?>
[/span]
[/span][!--PHP-Foot--][/div][!--PHP-EFoot--]

I hope this helps
Jeremy

#3 Pilot-Doofy

Pilot-Doofy
  • Members
  • PipPip
  • Member
  • 19 posts
  • LocationMustywindows.com!

Posted 29 May 2005 - 06:07 PM

Not many problems in the above script except a few pet peeves and security issues. Let's address the not so important stuff first.

Again as I always ask, why would you hide a variable inside of double quotes when coding in Dreamweaver? It makes the code a lot less readable and causing you hit Ctrl+F constantly searching for the variables.

That doesn't actually matter but it's just a good habit to get into.

The part I'm most concerned with is you're not preventing or even attempting to prevent malicious code from entering the database. Truth is, everyone out there isn't as good hearted as most of us are, so you want to make code that can slow their negativity down at least to a bare minimum.

I would always get in the habit of using stripslashes(); and addslashes(); for retrieval and insertion of information, respectively.

Secondly, you should check with a regular expression for common malicious SQL code that could be entering via the update page. That isn't as vital as the stripslashes(); and addslashes();, however.

If you don't want to have to work yourself to death by using addslashes(); for $_POST, $_GET, or $_REQUEST information you can always turn magic quotes on in your php.ini file.

While I keep mine turned on I still try to write all my code with addslashes(); and I like to have that attitude, "It will take me an extra 10 seconds to type in addslashes(); and stripslashes(); but it will take me 10 hours to figure out the problem if it gets hacked."

#4 parkinl

parkinl
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 12 June 2005 - 11:53 PM

Thanks Jeremy. That is what I had in mind. I have a form identicle to what you have here but I could not get it to load the content field data after I selected the page to be edited. I'll give it a try and let you know.

Lee




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users