Developing a newscript, problem.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
trooper
Forum Newbie
Posts: 10
Joined: Thu Oct 08, 2009 6:24 pm

Developing a newscript, problem.

Post by trooper »

Hey, well i've been workin' on a newsscript that I'm going to use on my homepage.

Now, my problem is not to fetch the news from my database. But to write to the DB.
I've checked if my var.php file is wrong, but since i can get information out of my db from my News.php file. It should be correct?

Here is my add.php file: --Newb, on php =)

Code: Select all

<?php
 
include "var.php"; 
if ($action==add) {
mysql_query("INSERT INTO news (title, content) VALUES ('".$_POST['title']."', '".$_POST['content']."')");
echo "<a href='news.php'>Home?</a>";
} else {
print "<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">
<tr>
<td><form name=\"form1\" method=\"post\" action=\"add.php?action=add\">
<div align=\"center\">
<p>Title:
<input type=\"text\" name=\"textfield\">
</p>
<p>Skriv :
<textarea name=\"title\" cols=\"50\" rows=\"10\" id=\"title\"></textarea>
</p>
<p>
<input type=\"submit\" name=\"submit\" value=\"Add\">
</p>
</div>
</form></td>
</tr>
</table>\n";
}
 
?>
var.php

Code: Select all

<?php
////////////////////////////////////////////////////////////////////////////////////////
$news_limit="11"; 
 
$host="localhost"; 
$username="xxxxxx"; 
$password="xxxxxx"; 
$db_name="xxxxxx"; 
$tbl_name="xxxxxx"; 
 
$bullet="www.mysite.url/my_image.png";
$title_cell_color="#999999"; 
$news_cell_color="#999999"; 
////////////////////////////////////////////////////////////////////////////////////////
 
$db = mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name", $db)or die("cannot select DB");
?>

Hope some of you guys can help me :-D
I'm sorry my bad english. I'm a norwegian =)
User avatar
Mirge
Forum Contributor
Posts: 298
Joined: Thu Sep 03, 2009 11:39 pm

Re: Developing a newscript, problem.

Post by Mirge »

In add.php, your if clause specifies "add" without any quotes (meaning a constant, not a string)...... do you have a constant called "add"? I assume not, which is not the correct behavior. Add quotes around it.

Next, your script is wide open for SQL injection. Always use mysql_real_escape_string() or an alternative means to sanitize your user input for use in MySQL.
trooper
Forum Newbie
Posts: 10
Joined: Thu Oct 08, 2009 6:24 pm

Re: Developing a newscript, problem.

Post by trooper »

Thanks for a great and fast answer =D

- I've just reacently started to get some intrest for php. So I don't know much (=
User avatar
Mirge
Forum Contributor
Posts: 298
Joined: Thu Sep 03, 2009 11:39 pm

Re: Developing a newscript, problem.

Post by Mirge »

You might consider grabbing the latest edition of "Programming PHP"... can be had relatively cheap on Amazon.com I believe.
trooper
Forum Newbie
Posts: 10
Joined: Thu Oct 08, 2009 6:24 pm

Re: Developing a newscript, problem.

Post by trooper »

hehe, Maybe another day. Not rich ATM, since I'm movin' in with my girl now. And awaiting a baby soon :b

Back to the case:
I did the change to $action=="add"
But still nothing?
User avatar
Mirge
Forum Contributor
Posts: 298
Joined: Thu Sep 03, 2009 11:39 pm

Re: Developing a newscript, problem.

Post by Mirge »

Well, where is $action being defined?

BTW, it's $10 for the book... http://www.amazon.com/gp/offer-listing/ ... ition=used
trooper
Forum Newbie
Posts: 10
Joined: Thu Oct 08, 2009 6:24 pm

Re: Developing a newscript, problem.

Post by trooper »

Maybe I've gone totaly out of my league?
- Ain't the action getting used in form?

Or did i maybe misunderstand you question? :)
User avatar
Mirge
Forum Contributor
Posts: 298
Joined: Thu Sep 03, 2009 11:39 pm

Re: Developing a newscript, problem.

Post by Mirge »

I don't see it being set anywhere. If you're relying on register_globals, DON'T.
trooper
Forum Newbie
Posts: 10
Joined: Thu Oct 08, 2009 6:24 pm

Re: Developing a newscript, problem.

Post by trooper »

No, I'm not.

So, then you've figured out the whole problem. Ass i seid. I don't know more than zero ATM.

I hope you can take some time and teach me what to do in this case. Hmm.. I should really find some good guide to php, for what I wish to learn.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Developing a newscript, problem.

Post by John Cartwright »

To access variables within the url, you need to use the $_GET superglobal, i.e.,

Code: Select all

$action = $_GET['action'];
Similarly, POST variables may be obtained through

Code: Select all

$value = $_POST['some_field_name'];
User avatar
Mirge
Forum Contributor
Posts: 298
Joined: Thu Sep 03, 2009 11:39 pm

Re: Developing a newscript, problem.

Post by Mirge »

trooper wrote:No, I'm not.

So, then you've figured out the whole problem. Ass i seid. I don't know more than zero ATM.

I hope you can take some time and teach me what to do in this case. Hmm.. I should really find some good guide to php, for what I wish to learn.
Honestly, you need to start over from step 1. This guide should prove useful :)... http://devzone.zend.com/article/627
trooper
Forum Newbie
Posts: 10
Joined: Thu Oct 08, 2009 6:24 pm

Re: Developing a newscript, problem.

Post by trooper »

I fugured the answer out just a minute b4 i checked this site ;)
I know some php, but.. My brain is kinda dead. And still words and varibles ar still har to remember :D But thanks, and I will take a look at that link ^^

Edt: I managet to fix a billion bugs in the file that's going to fetch the news :D Thanks guys, and thanks to wc3school =b
Last edited by trooper on Thu Oct 08, 2009 8:49 pm, edited 1 time in total.
User avatar
Mirge
Forum Contributor
Posts: 298
Joined: Thu Sep 03, 2009 11:39 pm

Re: Developing a newscript, problem.

Post by Mirge »

Learning PHP is easy. Can be done within a few hours--literally.

Learning how to safely and effectively write software with PHP takes much longer. Do yourself a huge favor by learning how to create reliable, stable, secure software from the get-go... build up a strong foundation of knowledge and then grow it with real world experience.
trooper
Forum Newbie
Posts: 10
Joined: Thu Oct 08, 2009 6:24 pm

Re: Developing a newscript, problem.

Post by trooper »

-- I've managed it all. (as you know)

But, I want to make it better.

I wish to be able to edit or delete news in a simple way :-)

Yesterday I asked on a norwegian forum.
All i got was a script that listed all the news, ink. id of the news. If this makes it easyer to start makin the script here it is:

Code: Select all

<?php
require_once "var.php";
 
}
$query  = "SELECT id, postdate, title, cat, content, content_ext FROM news";
$result = mysql_query($query);
 
while(list($id,$postdate,$title,$cat,$content,$content_ext)= mysql_fetch_row($result))
 
{
    echo "ID: $id" .
         "Dato postet: $postdate<br />".
         "Tittel: $title<br />".
         "Kategori: $cat<br />".
         "Innhold: $content<br />".
         "Innhold Lang: $content_ext<br />";
 
}
?>

Hope anyone can help me :D
trooper
Forum Newbie
Posts: 10
Joined: Thu Oct 08, 2009 6:24 pm

Re: Developing a newscript, problem.

Post by trooper »

Bump! :|
Post Reply