Home arrow PHP arrow Page 8 - Building A Quick-And-Dirty PHP/MySQL Publishing System

Changing Things Around - PHP

Looking to quickly add a dynamic news page to your corporate orpersonal Web site? This article shows you how, combining PHP's rapidapplication development capabilities with a MySQL database to create aprimitive news publishing system and administration module in just underfour hours.

TABLE OF CONTENTS:
  1. Building A Quick-And-Dirty PHP/MySQL Publishing System
  2. A Little Slug-gish
  3. A Maniac Is Born
  4. Bedtime Stories
  5. Admin Ahoy!
  6. Splitting Up
  7. Erasing The Past
  8. Changing Things Around
  9. Game Over
By: icarus, (c) Melonfire
Rating: starstarstarstarstar / 44
March 12, 2002

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement
The last item on the agenda involves updating, or editing, a news item. The script that does this is called "edit.php", and it's a combination of both "add.php" and "delete.php".

Like "delete.php", "edit.php" also gets the record's unique identifier via the $id variable. It now needs to display a form similar to that used by "add.php", except that this form needs to be pre-filled with the data for that news item.

Let's see how this is accomplished:

<?
// edit.php - edit a press release
?>

<!-- page header - snip -->

<?
// includes
include("../conf.php");
include("../functions.php");

// form not yet submitted
// display initial form with values pre-filled
if (!$submit)
{
// open database connection
$connection = mysql_connect($host, $user, $pass) or die ("Unable to
connect!");

// select database
mysql_select_db($db) or die ("Unable to select database!");

// generate and execute query
$query = "SELECT slug, content, contact FROM news WHERE id = '$id'";
$result = mysql_query($query) or die ("Error in query: $query. " .
mysql_error());

// if a result is returned
if (mysql_num_rows($result) > 0)
{
// turn it into an object
$row = mysql_fetch_object($result);

// print form with values pre-filled
?>
<table cellspacing="5" cellpadding="5">
<form action="<? echo $PHP_SELF; ?>" method="POST">
<input type="hidden" name="id" value="<? echo $id; ?>">
<tr>
<td valign="top"><b><font size="-1">Slug</font></b></td>
<td><input size="50" maxlength="250" type="text" name="slug" value="<?
echo $row->slug; ?>"></td>
</tr>
<tr>
<td valign="top"><b><font size="-1">Content</font></b></td>
<td><textarea name="content" cols="40" rows="10"><? echo $row->content;
?></textarea></td>
</tr>
<tr>
<td valign="top"><font size="-1">Contact person</font></td>
<td><input size="50" maxlength="250" type="text" name="contact" value="<?
echo $row->contact; ?>"></td>
</tr>
<tr>
<td colspan=2><input type="Submit" name="submit" value="Update"></td>
</tr>
</form>
</table>
<?
}
// no result returned
// print graceful error message
else
{
echo "<font size=-1>That press release could not be located in our
database.</font>";
}
}
else
{
// form submitted
// start processing it
}
?>

<!-- page footer - snip -->
Using the identifier from "list.php", "edit.php" queries the database for the fields relevant to that particular record, and uses that information to pre-fill an HTML form. Note that the $id variable is also attached to this form as a hidden variable; this ID will be used by the form processor when constructing the UPDATE query.

Here's what it looks like:



You might be wondering why I've bothered to check the number of rows returned by the query, and written code to display an error if no rows were returned. This is necessary because, if the identifier provided to "edit.php" is invalid or non-existent, the query will return zero rows, and the administrator will be faced with a form with no data in it.

Most of the time, this additional check is redundant, since the identifier will be generated from "list.php" and will therefore usually be valid. However, in the event that someone - a malicious hacker or, more likely, a company employee with too much time on his hands - decides to experiment with the URL string, changing the ID that gets appended to it to an invalid value, it could result in a series of ugly error messages or - even worse - cause the application to break. Therefore, by adding this check, I'm increasing the overall security of the application and simultaneously reducing the possibility of error.

Now, once the form gets submitted, the data entered into it needs to be validated and used to update the database. Let's see how that works:

<?
// edit.php - edit a press release
?>

<!-- page header - snip -->

<?
// form not yet submitted
// display initial form with values pre-filled
if (!$submit)
{
// form display code
}
else
{
// form submitted
// start processing it

// set up error list array
$errorList = array();
$count = 0;

// validate text input fields
if (!$slug) { $errorList[$count] = "Invalid entry: Slug"; $count++; }

if (!$content) { $errorList[$count] = "Invalid entry: Content"; $count++; }

// set default value for contact person
if (!$contact) { $contact = $def_contact; }

// check for errors
// if none found...
if (sizeof($errorList) == 0)
{
// open database connection
$connection = mysql_connect($host, $user, $pass) or die ("Unable to
connect!");

// select database
mysql_select_db($db) or die ("Unable to select database!");

// generate and execute query
$query = "UPDATE news SET slug = '$slug', content = '$content', contact =
'$contact', timestamp = NOW() WHERE id = '$id'";
$result = mysql_query($query) or die ("Error in query: $query. " .
mysql_error());

// print result
echo "<font size=-1>Update successful. <a href=list.php>Go back to the
main menu</a>.</font>";

// close database connection
mysql_close($connection);
}
else
{
// errors occurred
// print as list
echo "<font size=-1>The following errors were encountered: <br>";
echo "<ul>";
for ($x=0; $x<sizeof($errorList); $x++)
{
echo "<li>$errorList[$x]";
}
echo "</ul></font>";
}
}
?>

<!-- page footer - snip -->
This is almost identical to "add.php", with the obvious difference that this query string uses an UPDATE command, while that one used an INSERT command.

 
 
>>> More PHP Articles          >>> More By icarus, (c) Melonfire
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: