Page 1 of 1

Developing a newscript, problem.

Posted: Thu Oct 08, 2009 6:36 pm
by trooper
Hey, well i've been workin' on a newsscript that I'm going to use on my homepage.

Now, my problem is not to fetch the news from my database. But to write to the DB.
I've checked if my var.php file is wrong, but since i can get information out of my db from my News.php file. It should be correct?

Here is my add.php file: --Newb, on php =)

Code: Select all

<?php
 
include "var.php"; 
if ($action==add) {
mysql_query("INSERT INTO news (title, content) VALUES ('".$_POST['title']."', '".$_POST['content']."')");
echo "<a href='news.php'>Home?</a>";
} else {
print "<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">
<tr>
<td><form name=\"form1\" method=\"post\" action=\"add.php?action=add\">
<div align=\"center\">
<p>Title:
<input type=\"text\" name=\"textfield\">
</p>
<p>Skriv :
<textarea name=\"title\" cols=\"50\" rows=\"10\" id=\"title\"></textarea>
</p>
<p>
<input type=\"submit\" name=\"submit\" value=\"Add\">
</p>
</div>
</form></td>
</tr>
</table>\n";
}
 
?>
var.php

Code: Select all

<?php
////////////////////////////////////////////////////////////////////////////////////////
$news_limit="11"; 
 
$host="localhost"; 
$username="xxxxxx"; 
$password="xxxxxx"; 
$db_name="xxxxxx"; 
$tbl_name="xxxxxx"; 
 
$bullet="www.mysite.url/my_image.png";
$title_cell_color="#999999"; 
$news_cell_color="#999999"; 
////////////////////////////////////////////////////////////////////////////////////////
 
$db = mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name", $db)or die("cannot select DB");
?>

Hope some of you guys can help me :-D
I'm sorry my bad english. I'm a norwegian =)

Re: Developing a newscript, problem.

Posted: Thu Oct 08, 2009 6:48 pm
by Mirge
In add.php, your if clause specifies "add" without any quotes (meaning a constant, not a string)...... do you have a constant called "add"? I assume not, which is not the correct behavior. Add quotes around it.

Next, your script is wide open for SQL injection. Always use mysql_real_escape_string() or an alternative means to sanitize your user input for use in MySQL.

Re: Developing a newscript, problem.

Posted: Thu Oct 08, 2009 6:59 pm
by trooper
Thanks for a great and fast answer =D

- I've just reacently started to get some intrest for php. So I don't know much (=

Re: Developing a newscript, problem.

Posted: Thu Oct 08, 2009 7:01 pm
by Mirge
You might consider grabbing the latest edition of "Programming PHP"... can be had relatively cheap on Amazon.com I believe.

Re: Developing a newscript, problem.

Posted: Thu Oct 08, 2009 7:21 pm
by trooper
hehe, Maybe another day. Not rich ATM, since I'm movin' in with my girl now. And awaiting a baby soon :b

Back to the case:
I did the change to $action=="add"
But still nothing?

Re: Developing a newscript, problem.

Posted: Thu Oct 08, 2009 7:24 pm
by Mirge
Well, where is $action being defined?

BTW, it's $10 for the book... http://www.amazon.com/gp/offer-listing/ ... ition=used

Re: Developing a newscript, problem.

Posted: Thu Oct 08, 2009 7:37 pm
by trooper
Maybe I've gone totaly out of my league?
- Ain't the action getting used in form?

Or did i maybe misunderstand you question? :)

Re: Developing a newscript, problem.

Posted: Thu Oct 08, 2009 7:46 pm
by Mirge
I don't see it being set anywhere. If you're relying on register_globals, DON'T.

Re: Developing a newscript, problem.

Posted: Thu Oct 08, 2009 7:52 pm
by trooper
No, I'm not.

So, then you've figured out the whole problem. Ass i seid. I don't know more than zero ATM.

I hope you can take some time and teach me what to do in this case. Hmm.. I should really find some good guide to php, for what I wish to learn.

Re: Developing a newscript, problem.

Posted: Thu Oct 08, 2009 8:10 pm
by John Cartwright
To access variables within the url, you need to use the $_GET superglobal, i.e.,

Code: Select all

$action = $_GET['action'];
Similarly, POST variables may be obtained through

Code: Select all

$value = $_POST['some_field_name'];

Re: Developing a newscript, problem.

Posted: Thu Oct 08, 2009 8:22 pm
by Mirge
trooper wrote:No, I'm not.

So, then you've figured out the whole problem. Ass i seid. I don't know more than zero ATM.

I hope you can take some time and teach me what to do in this case. Hmm.. I should really find some good guide to php, for what I wish to learn.
Honestly, you need to start over from step 1. This guide should prove useful :)... http://devzone.zend.com/article/627

Re: Developing a newscript, problem.

Posted: Thu Oct 08, 2009 8:28 pm
by trooper
I fugured the answer out just a minute b4 i checked this site ;)
I know some php, but.. My brain is kinda dead. And still words and varibles ar still har to remember :D But thanks, and I will take a look at that link ^^

Edt: I managet to fix a billion bugs in the file that's going to fetch the news :D Thanks guys, and thanks to wc3school =b

Re: Developing a newscript, problem.

Posted: Thu Oct 08, 2009 8:42 pm
by Mirge
Learning PHP is easy. Can be done within a few hours--literally.

Learning how to safely and effectively write software with PHP takes much longer. Do yourself a huge favor by learning how to create reliable, stable, secure software from the get-go... build up a strong foundation of knowledge and then grow it with real world experience.

Re: Developing a newscript, problem.

Posted: Sun Oct 11, 2009 8:57 pm
by trooper
-- I've managed it all. (as you know)

But, I want to make it better.

I wish to be able to edit or delete news in a simple way :-)

Yesterday I asked on a norwegian forum.
All i got was a script that listed all the news, ink. id of the news. If this makes it easyer to start makin the script here it is:

Code: Select all

<?php
require_once "var.php";
 
}
$query  = "SELECT id, postdate, title, cat, content, content_ext FROM news";
$result = mysql_query($query);
 
while(list($id,$postdate,$title,$cat,$content,$content_ext)= mysql_fetch_row($result))
 
{
    echo "ID: $id" .
         "Dato postet: $postdate<br />".
         "Tittel: $title<br />".
         "Kategori: $cat<br />".
         "Innhold: $content<br />".
         "Innhold Lang: $content_ext<br />";
 
}
?>

Hope anyone can help me :D

Re: Developing a newscript, problem.

Posted: Wed Oct 21, 2009 6:25 pm
by trooper
Bump! :|