Realcookie Posted April 8, 2017 Share Posted April 8, 2017 Hey guys, Im busy with a project and im stuck at a place unfortunately. :/ I need to make a webpage with the recent 5 articles, with a archive page with all articles. And a admin panel where the admin can see all the articles and can edit,delete,add them. So now i made the table in the admin panel with all articles. So now each click of one of the articles in the table i need to get a page with a the information of that current article. So as example : Article title = A Artical Summary = B Artical Content = C So when u wanna edit this article there should come a page with the form filled in : Article title : A etc, so they are filled in and u can edit them. My question is how can i do this! Im a beginner in php so it could be i cant understand some terms. I hope you guys can help me out! Cheers. Quote Link to comment https://forums.phpfreaks.com/topic/303661-php-localhost-database-different-information-each/ Share on other sites More sharing options...
mlukac89 Posted April 8, 2017 Share Posted April 8, 2017 First you need to make a link to that article, for example <a href="article.php?id=<?php echo $article['id']; ?>">Article title</a> That link will get you to article.php page where you will : make a page article.php where you will grab data for that id from url grab id from url grab data from articles database where id from database is equal to a link in url put data from query into input fields Quote Link to comment https://forums.phpfreaks.com/topic/303661-php-localhost-database-different-information-each/#findComment-1545212 Share on other sites More sharing options...
Realcookie Posted April 9, 2017 Author Share Posted April 9, 2017 Thanks! I think this will help me alot already. If i dont ask to much could you make a example code for me? ( i love to work like that cause im a beginner ). If not i understand, thanks anyways buddy! Quote Link to comment https://forums.phpfreaks.com/topic/303661-php-localhost-database-different-information-each/#findComment-1545214 Share on other sites More sharing options...
Solution mlukac89 Posted April 9, 2017 Solution Share Posted April 9, 2017 Lets say you have page articles.php in admin panel where you have listed all articles from database. This is only a basic example and its not escaped for mysqli injection so "DON'T USE THIS ON LIVE SERVER", this is only that you get perception how things works, maybe is not a best way but its good to learn. articles.php <?php error_reporting(1); // mysqli connection $conn = mysqli_connect('host', 'user', 'password', 'database name'); // check for connection if (mysqli_connect_errno()) { die("Connection failed : " . mysqli_connect_error()); exit(); } // action to EDIT article if (isset($_GET['action']) && $_GET['action'] == 'edit' && isset($_GET['id'])) { $id = (int)$_GET['id']; // here is data for a single article fetched over id $query = mysqli_query($conn, "SELECT * FROM articles WHERE id = '$id'"); // check if query runs if ($query) { $data = mysqli_fetch_assoc($query); // make UPDATE when u process form to update data in database // if submit button is pressed if (isset($_POST['submit'])) { // get data from form $title = $_POST['title']; $text = $_POST['text']; // update query $update = mysqli_query($conn, "UPDATE articles SET title = '$title', text = '$text' WHERE id = '".$data['id']."'"); // check if update is successfuly if ($update) { // if updated redirect to articles.php header("Location: articles.php"); exit(); } else { echo "Mysqli error : " . mysqli_error($conn); } } echo '<form action="" method="post"> <label for="title">Title</label> <input type="text" id="title" name="title" value="'.$data['title'].'"><br /> <label for="text">Text</label> <textarea id="text" name="text">'.$data['text'].'</textarea><br /> <input type="submit" name="submit" value="Submit">'; } else { echo "Mysqli error : " . mysqli_error($conn); } } // action for DELETE article else if (isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id'])) { // delete article where id from url is same as id in database $id = (int)$_GET['id']; $query = mysqli_query($conn, "DELETE FROM articles WHERE id = '$id'"); // check if query runs if ($query) { // if query was successfuly get back on articles list header("Location : articles.php"); exit(); } else { die("Mysqli error : " . mysqli_error($conn)); exit(); } } // if no action display all articles else { // query to get all articles $query = mysqli_query($conn, "SELECT * FROM articles"); // check if query runs if ($query) { // get all articles in array $article = mysqli_fetct_array($query); echo '<table> <tr> <th>ID</th> <th>Title</th> <th>Posted date</th> <th>Actions</th> </tr>'; // loop through arcticles while ($article) { echo '<tr> <td>'.$article['id'].'</td> <td>'.$article['title'].'</td> <td>'.$article['date'].'</td> <td><a href="articles.php?id='.$article['id'].'&action=edit">Edit</a> | <a href="articles.php?id='.$article['id'].'&action=delete">Delete</a></td> </tr>'; } echo '</table>'; } else { echo "Mysqli error : " . mysqli_error($conn); } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/303661-php-localhost-database-different-information-each/#findComment-1545215 Share on other sites More sharing options...
Realcookie Posted April 9, 2017 Author Share Posted April 9, 2017 (edited) Thanks mate. Im sure if i read this couple of times i will get it. Appreciate it! Edited April 9, 2017 by Realcookie Quote Link to comment https://forums.phpfreaks.com/topic/303661-php-localhost-database-different-information-each/#findComment-1545216 Share on other sites More sharing options...
mlukac89 Posted April 9, 2017 Share Posted April 9, 2017 no problem Quote Link to comment https://forums.phpfreaks.com/topic/303661-php-localhost-database-different-information-each/#findComment-1545217 Share on other sites More sharing options...
Jacques1 Posted April 9, 2017 Share Posted April 9, 2017 mlukac89: The code you've posted is fundamentally wrong, and it's certainly not a good example to learn from. If you don't have the knowledge or motivation to write correct code, then don't publish code at all. Those please-don't-use-my-scripts-in-production disclaimers are rather silly. What is a newbie supposed to do with this information? Fix your code? If they knew how to do that, they wouldn't need it in the first place. So a more realistic assumption is that the code will be used in production, possibly by many other people. As you certainly know, the PHP community is infamous for its love of copy-and-paste. There are many ways to answer a question. Choose the one that fits your abilities. Quote Link to comment https://forums.phpfreaks.com/topic/303661-php-localhost-database-different-information-each/#findComment-1545218 Share on other sites More sharing options...
mlukac89 Posted April 9, 2017 Share Posted April 9, 2017 Jacques1 i will have that in mind. I know many peoples copy/paste codes but why this approach is not good if you want to make all php logic in 1 script ? And can you explain me what need to be fixed in code ? Quote Link to comment https://forums.phpfreaks.com/topic/303661-php-localhost-database-different-information-each/#findComment-1545219 Share on other sites More sharing options...
Jacques1 Posted April 9, 2017 Share Posted April 9, 2017 Almost every line needs to be fixed: You have an entire zoo of security vulnerabilities: SQL injection, cross-site scripting, cross-site request forgery. This will also affect legitimate users; for example, try entering text which contains an apostrophe, and the whole thing blows up. The error handling is fundamentally broken. For some reason, you think that internal error messages should be displayed on the website, but this only irritates legitimate users while helping attackers gain important information. Error messages are meant for you, the programmer. They're none of the user's business. You don't understand how mysqli works. You use it like the old mysql_* functions, completely ignoring all modern features like prepared statements and exceptions. Using GET requests to change data violates the HTTP protocol and can cause a lot of problems, because browsers assume that GET does in fact mean “get the resource”, not “change the resource”. Don't mess with the error reporting at runtime. What do you even mean with by value “1”? The function expects a bit field created from the error constants (e. g. E_ALL & ~E_NOTICE) or -1 for everything. The HTML markup is invalid. Learn the basics before jumping to complex application. Make sure you understand how HTTP, HTML, web security and database interaction works. It will save you a lot of trouble. 1 Quote Link to comment https://forums.phpfreaks.com/topic/303661-php-localhost-database-different-information-each/#findComment-1545220 Share on other sites More sharing options...
benanamen Posted April 9, 2017 Share Posted April 9, 2017 mlukac89, @Jacques1 beat me to it in post #7 but it bears repeating. Do not EVER post code you know is bad. If it "works" noobs will forever copy/paste the code thus perpetuating security problems. Quote Link to comment https://forums.phpfreaks.com/topic/303661-php-localhost-database-different-information-each/#findComment-1545233 Share on other sites More sharing options...
mlukac89 Posted April 9, 2017 Share Posted April 9, 2017 mlukac89, @Jacques1 beat me to it in post #7 but it bears repeating. Do not EVER post code you know is bad. If it "works" noobs will forever copy/paste the code thus perpetuating security problems. Yea i know now, this code works but as Jaques1 said if its posted its better to make it secure. Btw i readed this page about security https://martinfowler.com/articles/web-security-basics.html and i know that i need to validate all inputs and outputs same as url but i make this only to that guy see how he can get, delete, edit stuff, but i won't post codes anymore because better is to leave to peoples learn to code by themself. Quote Link to comment https://forums.phpfreaks.com/topic/303661-php-localhost-database-different-information-each/#findComment-1545236 Share on other sites More sharing options...
Jacques1 Posted April 9, 2017 Share Posted April 9, 2017 I find it odd when people distinguish between “working code” and “secure code”. You cannot have working code with security vulnerabilities, because every vulnerability is also a defect. Even if everybody on the Internet behaved nicely, it would still be a defect. As I already said, your code crashes as soon as a user tries to enter text with an apostrophe (like “O'Reilly”). This has nothing to do with bad intentions, it's not even an exotic scenario. It can happen at any time with standard data. Proper escaping isn't some kind of bonus feature. It's a necessity. It's the only way to make sure that the application can handle all possible input. 1 Quote Link to comment https://forums.phpfreaks.com/topic/303661-php-localhost-database-different-information-each/#findComment-1545239 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.