my toplist site

deathadder · January 9, 2012

hi, i am developing a toplist site, i have it fully working but... people can register multiple times with the same title, and password not so concerned about password but i dont want 50 of the same titled websites no it here is my code for inserting the data to the mysql database

<?php
include("config.php");

$sql="INSERT INTO sites (title, content, link, password)
VALUES
('$_POST[title]','$_POST[content]','$_POST[link]','$_POST[password]')";
if (!mysql_query($sql,$con))

  {
  die('Error: ' . mysql_error());
  }
echo "Site has been registered. Please check the homepage.";

mysql_close($con)
?>

and here is the register form code (i dont think you need it though)

<form action="insert.php" method="post">
<table align="center" border="0" bordercolor="" style="background-color:" width="400" cellpadding="3" cellspacing="3">
<tr>
	<td>Site name:</td>
	<td><input type="text" name="title" /></td>
</tr>
<tr>
	<td>Password:</td>
	<td><input type="password" name="password" /></td>
</tr>
	<tr>
	<td>Link to site:</td>
	<td><input type="text" name="link" /></td>
</tr>
<tr>
	<td>Description:</td>
	<td><textarea name="content" ></textarea></td>
</tr>
<input type="submit" value="Register" ></input>
</table>

</form>

MasterACE14 · January 9, 2012

just run a query to select titles where they match the user entered title, check the number of rows, if it's zero, then run the insert query otherwise display a 'title taken' message.

deathadder · January 9, 2012

could you give me the php code to do this?

MasterACE14 · January 9, 2012

<?php
include("config.php");

$q = mysql_query("SELECT `title` FROM `site` WHERE `title`='".$_POST['title']."'");

if(mysql_num_rows($q) == 0)
{
$sql="INSERT INTO sites (title, content, link, password)
VALUES
('$_POST[title]','$_POST[content]','$_POST[link]','$_POST[password]')";
if (!mysql_query($sql,$con))

  {
  die('Error: ' . mysql_error());
  }
echo "Site has been registered. Please check the homepage.";
} else {
   echo "A site with that title already exists.";
}


mysql_close($con)
?>

You need some validation and filtering, this is very insecure.

deathadder · January 9, 2012

sorry but it didnt work

Muddy_Funster · January 9, 2012

could you be a little more specific please?

just a quick thought - change this line:

if(mysql_num_rows($q) == 0)

to this

if(mysql_num_rows($q) === 0)

litebearer · January 9, 2012

Might want to rethink your setup. Maybe (very rough)...

1. Two tables - users and sites

2. Users has id, username, password and email

3. Sites has id, sitename, url, userid

ALSO consider what happens if url1-page1 and url2-page2 occurs?

MasterACE14 · January 9, 2012

$q = mysql_query("SELECT `title` FROM `sites` WHERE `title`='".$_POST['title']."'");

sorry typo, should of been `sites` not `site`

deathadder · January 10, 2012

master thanks it works now

lite bearer what do you mean? my toplist doesent really have that much of a login system its more of a add site once site is added you can edit it in the cpanel

Might want to rethink your setup. Maybe (very rough)...

1. Two tables - users and sites

2. Users has id, username, password and email

3. Sites has id, sitename, url, userid

ALSO consider what happens if url1-page1 and url2-page2 occurs?

also while where on the subject the cpanel when editing the site and you type wrong password it still says site updated, but it doesent update the site could you make it so it displays a error message?

<?php
include("config.php");

mysql_query("UPDATE sites SET content = '$_POST[content]'
WHERE title = '$_POST[title]' AND password = '$_POST[password]'");
mysql_query("UPDATE sites SET link = '$_POST[link]'
WHERE title = '$_POST[title]' AND password = '$_POST[password]'");
echo "Site Updated";
mysql_close($con);
?>

MasterACE14 · January 10, 2012

I agree with litebearer's suggestion, your system does need to be slightly reworked.

<?php
include("config.php");

mysql_query("UPDATE sites SET content = '$_POST[content]'
WHERE title = '$_POST[title]' AND password = '$_POST[password]'");
mysql_query("UPDATE sites SET link = '$_POST[link]'
WHERE title = '$_POST[title]' AND password = '$_POST[password]'");
echo "Site Updated";
mysql_close($con);
?>

that's not a very good way to get the job done.

deathadder · January 11, 2012

can you fix it make it better?

Muddy_Funster · January 11, 2012

a better way would be

<?php
include("config.php");
$content = $_POST['content'];
$link = $_POST['link'];
$title = $_POST['title'];
$pass = $_POST['password'];
$qry = "UPDATE sites SET content = '$content', link = '$link' WHERE title='$title' and password='$pass'";
mysql_query($qry) or die (mysql_error());
echo "Site Updated";
mysql_close($con);
?>

MasterACE14 · January 11, 2012

a better way would be

<?php
include("config.php");
$content = $_POST['content'];
$link = $_POST['link'];
$title = $_POST['title'];
$pass = $_POST['password'];
$qry = "UPDATE sites SET content = '$content', link = '$link' WHERE title='$title' and password='$pass'";
mysql_query($qry) or die (mysql_error());
echo "Site Updated";
mysql_close($con);
?>

with correct validation and filtering on those POST's of course.

deathadder · January 12, 2012

a better way would be

<?php
include("config.php");
$content = $_POST['content'];
$link = $_POST['link'];
$title = $_POST['title'];
$pass = $_POST['password'];
$qry = "UPDATE sites SET content = '$content', link = '$link' WHERE title='$title' and password='$pass'";
mysql_query($qry) or die (mysql_error());
echo "Site Updated";
mysql_close($con);
?>

would this code be ready to use or is it incompletete?

QuickOldCar · January 12, 2012

Your main concern should be looking for duplicates of websites, the titles shouldn't matter.

also parsing the websites would help to prevent duplicate sites such as different protocols like http versus https.

http://mysite.com, www.mysite.com, mysite.com, mysite.com/index.php, mysite.com/whatever/whatever

Your goal is to list the website and just one of them.

Users should be able to post more than one, so as long as check for username,password,email, then continue with the rest of script.

Here is just an example of how I do it, although i run them through curl first to see if they are a real url and follow redirects

You probably want to not add any feed and ftp type protocols, can edit all that to how you want.

<form action="" method="POST">
<input type="text" name="site" value="<?php echo $_POST['site'];?>" placeholder="site url" />
<input type="text" name="title" value="<?php echo $_POST['title'];?>" placeholder="site title" />
<input type="submit" value="Add Site" />
</form>


<?php
if (isset($_POST['site']) && $_POST['site'] != "" && isset($_POST['title']) && $_POST['title'] != "") {

$url_input = $_POST['site'];
$title_input = $_POST['title'];

function getparsedHost($new_parse_url) {
                $parsedUrl = parse_url(trim($new_parse_url));
                return strtolower(trim($parsedUrl['host'] ? $parsedUrl['host'] : array_shift(explode('/', $parsedUrl['path'], 2))));
            }

//much easier to resolve urls with curl and also be sure that site exists, but lets try and fix some
if ((substr($url_input, 0,  == "https://") || (substr($url_input, 0, 12) == "https://www.") || (substr($url_input, 0, 7) == "http://") || (substr($url_input, 0, 11) == "http://www.") || (substr($input_parse_url, 0, 6) == "ftp://") || (substr($input_parse_url, 0, 11) == "feed://www.") || (substr($input_parse_url, 0, 7) == "feed://")) {
                $new_parse_url = $url_input;
            } else {
                $new_parse_url = "http://$url_input";
            }

//start mysql connection here
include("config.php");

$site = str_ireplace("www.", "", getparsedHost($new_parse_url));
$site = mysql_real_escape_string($site);
$title = mysql_real_escape_string($title_input);

$q = mysql_query("SELECT * FROM `sites` WHERE `link`='".$site."'");
$check = mysql_num_rows($q);
mysql_query("SET NAMES 'utf8'");

if($check > 0) {
//or you can just display the already submitted site information to them instead of this update
            echo "The site was updated !!";
            mysql_query("UPDATE `sites` SET link='$site',title='$title''");

        } else {
//if doesn't exist, insert new
            echo "The site was added.</h2>";
            mysql_query("INSERT INTO `sites` (link,title) VALUES ('$site', '$title')");
        }

echo "Site: " . $site . "<br /> Title: " . $title;

} else {
echo "Please insert a site and title.";
}
?>

deathadder · January 12, 2012

what the hell is that? you trieng to give me an alternative for a register page and a update page? while there is no password box but 2 title boxes when i only need one? example my reigster page is title password description url to webbsite not just site, title and, there needs to be a password, also please explain better what this code does relative to what my code already does? it only gives and error for not typing anything in i asked for an error be displayed on editing the site if the password or title was incorrect

QuickOldCar · January 12, 2012

I thought I explained it to you.

And it's an example of how I check for duplicate urls, I wasn't trying to make you a complete code.

If you needed more or different you can edit it.

If not then don't use any of my advice and continue what you were doing.

Sign In

my toplist site

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information