Page 1 of 2

news post help

Posted: Sun Nov 27, 2005 5:31 am
by sparklehorse7
Sami | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]


hi guys,
I'm looking for some pretty basic help with my news post. 
I just need someone that knows php to help me out with these php scripts
this is the script to input the information into the database newspost.php
It all wprks well but I need to be able to input a date that will be displayed as eg. Sun 26th Nov 2005 instead of the default date format.
And also I want the current date news or the next relevant date to be displayed and the old news to be removed from the post?  I want to be able to enter a post for a day specified by the date I enter, no timestamping


this is the script to input the information into the database newspost.php, have a look and see if you can figure out any solutions to my problem?

Code: Select all

<?
$db_host = "localhost";
$db_username = "my_username";
$db_password = "my_password";
$db_name = "my_database";

if ($submit) {
mysql_connect($db_host,$db_username,$db_password) or die(mysql_error());
mysql_select_db($db_name) or die(mysql_error());




$query = "INSERT INTO news (name, subject, message, date)
VALUES ('$name','$subject','$message','$date')";
mysql_query($query);

mysql_close();

echo "Thanks $name your message has been added";
}

?>
<form name="news" method="post" action="<? echo $PHP_SELF ?>">
<table align="center" cellpadding="6" cellspacing="0">

<tr>
  <td>Date :</td>
  <td><input type="text" name="date"></td>
</tr>
<tr>
  <td>Name :</td>
  <td><input type="text" name="name"></td>
</tr>
<tr>
  <td>Subject :</td>
  <td><input type="text" name="subject"></td>
</tr>
<tr>
  <td valign="top">Message :</td>
  <td><textarea name="message" cols="30" rows="6"></textarea></td>
</tr>
<tr>
 <td> </td>
  <td><input type="submit" name="submit" value="Add" style="cursor:pointer"> <input type="reset" name="reset" value="Clear" style="cursor:pointer"></td>
</tr>



And the news.php file to display the results for which I want to be displayed from the current date onwards.


<?

$db_host = "localhost";
$db_username = "my_username";
$db_password = "my_password";
$db_name = "my_database";

mysql_connect($db_host,$db_username,$db_password) or die(mysql_error());
mysql_select_db($db_name) or die(mysql_error());

$query = "SELECT name, subject, message, DATE_FORMAT(date, '%a %D %b') 
FROM news order by date DESC";
$result = mysql_query($query);

echo "<br><center>";

while($r=mysql_fetch_array($result))
{

echo "<tr>";
echo "<td bgcolor='#660000'><h10>// $r[date]<HR color='#FFFFFF'></td>";
echo date("d js M", strtotime($date));

echo "<tr>";
echo "<td bgcolor='#FFFFFF'><h10>// $r[subject]<HR color='#660000'></td>";
echo "</tr>";
echo "<tr>";
echo "<td bgcolor='#FFFFFF'>$r[message]<HR color='#660000'></h10></td>";
echo "</tr>";
echo "<tr>";
echo "<td bgcolor='#FFFFFF'>Posted By:
$r[name]</a>   $r[date]<br><br><br></td>";
echo "</tr>";
}
echo "</table>";

?>

This is driving me crazy, if anyone can help and point me in the right direction i will be very greatful :)

thanks in advance


Sami | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url][/color]

Posted: Sun Nov 27, 2005 11:34 am
by trukfixer
probably because you arent coding to account fro register_gobals = off

your code will only work with register_globals = on, which is a pretty big security issue all by itself - so..
you need to get all the post values pulled out of the $_POST superglobal like so:

Code: Select all

if(!empty($_POST))
{
     $name = $_POST['name'];
     $subject = $_POST['subject'];
     $date = $_POST['date'];
     $message = $_POST['message'];
}
and if I were you, I would clean and sanitize (filter) the user inputs , to make sure that the $_POST values do not contain SQL injection hacks, etc ..

(at the very least)

Posted: Sun Nov 27, 2005 12:39 pm
by Jenk

Code: Select all

<?php

foreach ($_POST as $key => $val) {
    $$key = $val;
}

?>
:P

Posted: Sun Nov 27, 2005 2:14 pm
by John Cartwright
Jenk wrote:

Code: Select all

<?php

foreach ($_POST as $key => $val) {
    $$key = $val;
}

?>
:P
If you want to get lazy

Code: Select all

extract($_POST);


Both of these are not recommended as they both allow the user to inject variables into your script. Most of the time this will not be harmful, but it safer to check against variables that you were not expecting.

Code: Select all

if (!empty($_POST)) {
   $expectedPost = array(
      'username',
      'password',
   );
   
   foreach ($expectedPost as $postVar) {
      $$postVar = $_POST[$postVar];
   }
}

Posted: Mon Nov 28, 2005 6:24 am
by sparklehorse7
that's awesome advice, I'm really a bit naive in thinking that that sort of hacking won't happen to me, thanks for switching me on to it :)
How can I change my date ourput to eg. Mon 28th Nov 2005? and also how can I create some sort of admin section where I can access my database and change it's values? like date and content etc?

thanks heaps for your comments, the've been an awesome help and learning explosion :)

cheers people

Posted: Mon Nov 28, 2005 6:37 am
by n00b Saibot
Mon 28th Nov 2005 = date('D jS M y')
All it takes is a look into manual... ;)

you can create admin section by having a separate sub-domain/directory, introducing a secure login system and coding the admin panel... as simple as that :)

Posted: Mon Nov 28, 2005 6:56 am
by sparklehorse7
thanks heaps, I think got some timestamp thing going on cos I only get todays date in my post? can you tell me what variables and values I need to set my date to so I can just enter any date in? And how can I enter a date in as 28-11-2005?
any help would be awesome

Posted: Mon Nov 28, 2005 7:19 am
by n00b Saibot
sparklehorse7 wrote:can you tell me what variables and values I need to set my date to so I can just enter any date in? And how can I enter a date in as 28-11-2005?

Code: Select all

$myDate = "28-11-2005";
print "Formatted Date &rarr; ".date(''D jS M y', strtotime($myDate));
:wink:

Posted: Mon Nov 28, 2005 7:32 am
by sparklehorse7
I put this code in my news.php file yeah? What do I replace the $myDate = "28-11-2005"; so it's the entered date data?
sorry but i'm crap at this :cry:

Posted: Mon Nov 28, 2005 8:03 am
by n00b Saibot

Code: Select all

$myDate = $POST['date'];

Posted: Mon Nov 28, 2005 12:18 pm
by sparklehorse7
Don't know what I've done wrong? This is in the news.php which posts the db data. I get this

Parse error: parse error, unexpected T_STRING in news/news.php on line 27

???

Where should I put this code?

Code: Select all

mysql_connect($db_host,$db_username,$db_password) or die(mysql_error());
mysql_select_db($db_name) or die(mysql_error());

$query = "SELECT name, subject, message, date
FROM news order by date DESC";
$result = mysql_query($query);
$myDate = $POST['date'];
 

echo "<br><center>";

while($r=mysql_fetch_array($result))
{


echo "<tr>";
echo "<td bgcolor='#FFFFFF'><h10>// $r[date]<HR color='#660000'></td>";
print "Formatted Date &rarr; ".date(''D jS M y', strtotime($myDate));
echo "</tr>";

echo "<tr>";
echo "<td bgcolor='#FFFFFF'><h10>// $r[subject]<HR color='#660000'></td>";
echo "<td bgcolor='#FFFFFF'>$r[message]<HR color='#660000'></h10></td>";
echo "</tr>";

echo "<tr>";
echo "</tr>";
}
echo "</table>";

?>

Posted: Mon Nov 28, 2005 12:40 pm
by foobar
sparklehorse7 wrote: print "Formatted Date &rarr; ".date(''D jS M y', strtotime($myDate));
There's a mistake in that.

Code: Select all

print "Formatted Date &rarr; ".date('D jS M y', strtotime($myDate));

Posted: Tue Nov 29, 2005 12:34 am
by n00b Saibot
oops, errored while drag-n-drop :| Correct that man :wink:

Posted: Tue Nov 29, 2005 3:15 am
by sparklehorse7
Yeah that works but it only posts todays date for all the posts no matter what date i enter?

// 2000-12-12
Formatted Date → Tue 29th Nov 05
// gg
ggggggggggggggg


I really want it to post

date posted(in formatted date style Tue 29th Nov 05
Subject
Message

From todays date onwards?
thanks for all the help, it's good to get feedback :)
Just need a little more

Posted: Tue Nov 29, 2005 3:21 am
by sparklehorse7
oh yeah, I'm not sure if this is the right db field format?

name, varchar, NoNull
subject, varchar, NoNull
message, varchar, NoNull
date, date, NoNull, 000-00-00
ID, int, NoNull, 0 (doesn't increment when data entered?)

and I've indexed the table on ID for which does crap?

any better ways?