news post help

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

sparklehorse7
Forum Newbie
Posts: 8
Joined: Mon Nov 21, 2005 7:43 pm
Location: australia

news post help

Post by sparklehorse7 »

Sami | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]


hi guys,
I'm looking for some pretty basic help with my news post. 
I just need someone that knows php to help me out with these php scripts
this is the script to input the information into the database newspost.php
It all wprks well but I need to be able to input a date that will be displayed as eg. Sun 26th Nov 2005 instead of the default date format.
And also I want the current date news or the next relevant date to be displayed and the old news to be removed from the post?  I want to be able to enter a post for a day specified by the date I enter, no timestamping


this is the script to input the information into the database newspost.php, have a look and see if you can figure out any solutions to my problem?

Code: Select all

<?
$db_host = "localhost";
$db_username = "my_username";
$db_password = "my_password";
$db_name = "my_database";

if ($submit) {
mysql_connect($db_host,$db_username,$db_password) or die(mysql_error());
mysql_select_db($db_name) or die(mysql_error());




$query = "INSERT INTO news (name, subject, message, date)
VALUES ('$name','$subject','$message','$date')";
mysql_query($query);

mysql_close();

echo "Thanks $name your message has been added";
}

?>
<form name="news" method="post" action="<? echo $PHP_SELF ?>">
<table align="center" cellpadding="6" cellspacing="0">

<tr>
  <td>Date :</td>
  <td><input type="text" name="date"></td>
</tr>
<tr>
  <td>Name :</td>
  <td><input type="text" name="name"></td>
</tr>
<tr>
  <td>Subject :</td>
  <td><input type="text" name="subject"></td>
</tr>
<tr>
  <td valign="top">Message :</td>
  <td><textarea name="message" cols="30" rows="6"></textarea></td>
</tr>
<tr>
 <td> </td>
  <td><input type="submit" name="submit" value="Add" style="cursor:pointer"> <input type="reset" name="reset" value="Clear" style="cursor:pointer"></td>
</tr>



And the news.php file to display the results for which I want to be displayed from the current date onwards.


<?

$db_host = "localhost";
$db_username = "my_username";
$db_password = "my_password";
$db_name = "my_database";

mysql_connect($db_host,$db_username,$db_password) or die(mysql_error());
mysql_select_db($db_name) or die(mysql_error());

$query = "SELECT name, subject, message, DATE_FORMAT(date, '%a %D %b') 
FROM news order by date DESC";
$result = mysql_query($query);

echo "<br><center>";

while($r=mysql_fetch_array($result))
{

echo "<tr>";
echo "<td bgcolor='#660000'><h10>// $r[date]<HR color='#FFFFFF'></td>";
echo date("d js M", strtotime($date));

echo "<tr>";
echo "<td bgcolor='#FFFFFF'><h10>// $r[subject]<HR color='#660000'></td>";
echo "</tr>";
echo "<tr>";
echo "<td bgcolor='#FFFFFF'>$r[message]<HR color='#660000'></h10></td>";
echo "</tr>";
echo "<tr>";
echo "<td bgcolor='#FFFFFF'>Posted By:
$r[name]</a>   $r[date]<br><br><br></td>";
echo "</tr>";
}
echo "</table>";

?>

This is driving me crazy, if anyone can help and point me in the right direction i will be very greatful :)

thanks in advance


Sami | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]
User avatar
trukfixer
Forum Contributor
Posts: 174
Joined: Fri May 21, 2004 3:14 pm
Location: Miami, Florida, USA

Post by trukfixer »

probably because you arent coding to account fro register_gobals = off

your code will only work with register_globals = on, which is a pretty big security issue all by itself - so..
you need to get all the post values pulled out of the $_POST superglobal like so:

Code: Select all

if(!empty($_POST))
{
     $name = $_POST['name'];
     $subject = $_POST['subject'];
     $date = $_POST['date'];
     $message = $_POST['message'];
}
and if I were you, I would clean and sanitize (filter) the user inputs , to make sure that the $_POST values do not contain SQL injection hacks, etc ..

(at the very least)
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

Code: Select all

<?php

foreach ($_POST as $key => $val) {
    $$key = $val;
}

?>
:P
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Jenk wrote:

Code: Select all

<?php

foreach ($_POST as $key => $val) {
    $$key = $val;
}

?>
:P
If you want to get lazy

Code: Select all

extract($_POST);


Both of these are not recommended as they both allow the user to inject variables into your script. Most of the time this will not be harmful, but it safer to check against variables that you were not expecting.

Code: Select all

if (!empty($_POST)) {
   $expectedPost = array(
      'username',
      'password',
   );
   
   foreach ($expectedPost as $postVar) {
      $$postVar = $_POST[$postVar];
   }
}
sparklehorse7
Forum Newbie
Posts: 8
Joined: Mon Nov 21, 2005 7:43 pm
Location: australia

Post by sparklehorse7 »

that's awesome advice, I'm really a bit naive in thinking that that sort of hacking won't happen to me, thanks for switching me on to it :)
How can I change my date ourput to eg. Mon 28th Nov 2005? and also how can I create some sort of admin section where I can access my database and change it's values? like date and content etc?

thanks heaps for your comments, the've been an awesome help and learning explosion :)

cheers people
User avatar
n00b Saibot
DevNet Resident
Posts: 1452
Joined: Fri Dec 24, 2004 2:59 am
Location: Lucknow, UP, India
Contact:

Post by n00b Saibot »

Mon 28th Nov 2005 = date('D jS M y')
All it takes is a look into manual... ;)

you can create admin section by having a separate sub-domain/directory, introducing a secure login system and coding the admin panel... as simple as that :)
sparklehorse7
Forum Newbie
Posts: 8
Joined: Mon Nov 21, 2005 7:43 pm
Location: australia

Post by sparklehorse7 »

thanks heaps, I think got some timestamp thing going on cos I only get todays date in my post? can you tell me what variables and values I need to set my date to so I can just enter any date in? And how can I enter a date in as 28-11-2005?
any help would be awesome
User avatar
n00b Saibot
DevNet Resident
Posts: 1452
Joined: Fri Dec 24, 2004 2:59 am
Location: Lucknow, UP, India
Contact:

Post by n00b Saibot »

sparklehorse7 wrote:can you tell me what variables and values I need to set my date to so I can just enter any date in? And how can I enter a date in as 28-11-2005?

Code: Select all

$myDate = "28-11-2005";
print "Formatted Date &rarr; ".date(''D jS M y', strtotime($myDate));
:wink:
sparklehorse7
Forum Newbie
Posts: 8
Joined: Mon Nov 21, 2005 7:43 pm
Location: australia

Post by sparklehorse7 »

I put this code in my news.php file yeah? What do I replace the $myDate = "28-11-2005"; so it's the entered date data?
sorry but i'm crap at this :cry:
User avatar
n00b Saibot
DevNet Resident
Posts: 1452
Joined: Fri Dec 24, 2004 2:59 am
Location: Lucknow, UP, India
Contact:

Post by n00b Saibot »

Code: Select all

$myDate = $POST['date'];
sparklehorse7
Forum Newbie
Posts: 8
Joined: Mon Nov 21, 2005 7:43 pm
Location: australia

Post by sparklehorse7 »

Don't know what I've done wrong? This is in the news.php which posts the db data. I get this

Parse error: parse error, unexpected T_STRING in news/news.php on line 27

???

Where should I put this code?

Code: Select all

mysql_connect($db_host,$db_username,$db_password) or die(mysql_error());
mysql_select_db($db_name) or die(mysql_error());

$query = "SELECT name, subject, message, date
FROM news order by date DESC";
$result = mysql_query($query);
$myDate = $POST['date'];
 

echo "<br><center>";

while($r=mysql_fetch_array($result))
{


echo "<tr>";
echo "<td bgcolor='#FFFFFF'><h10>// $r[date]<HR color='#660000'></td>";
print "Formatted Date &rarr; ".date(''D jS M y', strtotime($myDate));
echo "</tr>";

echo "<tr>";
echo "<td bgcolor='#FFFFFF'><h10>// $r[subject]<HR color='#660000'></td>";
echo "<td bgcolor='#FFFFFF'>$r[message]<HR color='#660000'></h10></td>";
echo "</tr>";

echo "<tr>";
echo "</tr>";
}
echo "</table>";

?>
foobar
Forum Regular
Posts: 613
Joined: Wed Sep 28, 2005 10:08 am

Post by foobar »

sparklehorse7 wrote: print "Formatted Date &rarr; ".date(''D jS M y', strtotime($myDate));
There's a mistake in that.

Code: Select all

print "Formatted Date &rarr; ".date('D jS M y', strtotime($myDate));
User avatar
n00b Saibot
DevNet Resident
Posts: 1452
Joined: Fri Dec 24, 2004 2:59 am
Location: Lucknow, UP, India
Contact:

Post by n00b Saibot »

oops, errored while drag-n-drop :| Correct that man :wink:
sparklehorse7
Forum Newbie
Posts: 8
Joined: Mon Nov 21, 2005 7:43 pm
Location: australia

Post by sparklehorse7 »

Yeah that works but it only posts todays date for all the posts no matter what date i enter?

// 2000-12-12
Formatted Date → Tue 29th Nov 05
// gg
ggggggggggggggg


I really want it to post

date posted(in formatted date style Tue 29th Nov 05
Subject
Message

From todays date onwards?
thanks for all the help, it's good to get feedback :)
Just need a little more
sparklehorse7
Forum Newbie
Posts: 8
Joined: Mon Nov 21, 2005 7:43 pm
Location: australia

Post by sparklehorse7 »

oh yeah, I'm not sure if this is the right db field format?

name, varchar, NoNull
subject, varchar, NoNull
message, varchar, NoNull
date, date, NoNull, 000-00-00
ID, int, NoNull, 0 (doesn't increment when data entered?)

and I've indexed the table on ID for which does crap?

any better ways?
Post Reply