rish1103

I've been working on coding a personal blog/site and so far i've got some of the features set up but I dont have any way of securing my "admin cp". I want to code a site that will work as follows when user comes on site, sees main page. click on admin link and it takes you to a login page. the login page is within the the admin folder where all of the blog management scripts are like add, update and delete entry. i know how to do a simple variable matching and giving access or similarly wiht java script to give an illusion of security but how do i go about actually coding a simple password script that would help me do this. I'm fairly new to php but I've got extensive C experience and just need to be pointed into the right direction.

the error returned comes up where it encounters the first single quote or ' how do i cure that and find out which ohter characters can cause a query to fail?

Is it possible there could be something wrong with my MySQL isntallation? I've never had this problem before. I tried what was mentioned here and it didnt help. the I downloaded a blog script from hotscripts to try and its the same with that as well. I'm relly stuck.

[!--quoteo(post=354578:date=Mar 13 2006, 12:41 PM:name=kenrbnsn)--][div class=\'quotetop\']QUOTE(kenrbnsn @ Mar 13 2006, 12:41 PM) [snapback]354578[/snapback][/div][div class=\'quotemain\'][!--quotec--] I would add some error checking and a minimal amount of data screening: [code]<?php $title=mysql_real_escape_string($_POST['title']); mysql_connect(localhost,$username,$password); @mysql_select_db($database) or die( "Unable to select database"); if ($_POST['date'] != '')  {    $tmp = strtotime($_POST['date']);    if ($tmp == -1) date = '0000-00-00';    else $date = date('Y-m-d',$tmp);    } else $date = '0000-00-00'; $entry=mysql_real_escape_string($_POST['entry']); $query = "INSERT INTO blog VALUES ('','$title','$date','$entry')"; mysql_query($query) or die('Problem with insert query: ' . $query . '<br />' . mysql_error()); ?>[/code] The date checking code will allow your users to input any valid date. (not tested) Ken [/quote] cool I'll add what you mentioned and see what I end up with.

[!--quoteo(post=354570:date=Mar 13 2006, 12:18 PM:name=kenrbnsn)--][div class=\'quotetop\']QUOTE(kenrbnsn @ Mar 13 2006, 12:18 PM) [snapback]354570[/snapback][/div][div class=\'quotemain\'][!--quotec--] Please post your code. [/quote] That's the form I use for making the entry into the blog. [code]                     <form action="blogin.php" method="post">                     <font face="Arial" size="2">                     <input type="text" name="title" size = "60" value ="Title"><br>                     <input type="text" name="date" value="YYYY-MM-DD"><br>                     <textarea rows="20" name="entry" cols="60">Make Entry Here</textarea>                     <br>                     <input type="Submit"></font>                     </form> [/code] Thats the script that enters the form data into the database. Like i said simple form and simple action. I am unable to understand whats wrong. [code] <? $username="######"; $password="######"; $database="######"; $title=$_POST['title']; $date=$_POST['date']; $entry=$_POST['entry']; mysql_connect(localhost,$username,$password); @mysql_select_db($database) or die( "Unable to select database"); $query = "INSERT INTO blog VALUES ('','$title','$date','$entry')"; mysql_query($query); print "<font face=\"Arial\">Thankyou for submitting your information! <a href=\"../index.php\">Click here to return home</a></font>"; mysql_close(); ?> [/code]

I'm trying to write a simple blog script. Basically a varchar(255) title and a text field for the blog entry and it works for short one line entries. everytime the entry is more than two lines, nothing is entered into database and i also donot receive any error messages or anything. Can anyone suggest anything.