Help with simple php that adds news to a database

3stripe

Hello!!!

newbie here so go easy!

if anyone could help me tweak a script it would be much appreciated, i'm working from the tutorial at http://www.purephotoshop.com/article/93 which is for a Flash news system.

When someone successfully adds an entry, the following happens:

		if(mysql_query($query)){

		 echo '<p style="text-align:middle;">News Added!</p>';

	}

but I would like the system to first go back to the overview page (admin.php, http://www.purephotoshop.com/article/92), and then output this message... how could I do this?

thankyou

james

paulnaj

Hi James,

There are ways of re-directing the page using the header() function, but it's full of pitfalls, and you would have to have it in mind before you start coding.

A perfectly good solution would be to provide the link to the page you want the users to return to just after your 'News added' message.

Paul 🙂

3stripe

Hi Paul,

Thanks for the simple solution...

Sounds almost perfect but the only problem is that if the user is not redirected, the form elements are left displaying the data they just entered.... so if they hit 'Add News' again, it creates a duplicate of their entry.

When the 'Delete' button is clicked, the form dissappears, but I don't know enough PHP to replicate this for 'Add News' 🙁

Can you give me any hints!!!

<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html>
  <head>
  	<title>bcwgroup News Management</title>
  	<link href="style.css" type="text/css" rel="stylesheet" />
  	<script type="text/javascript" src="fat.js"></script>
  </head>
  <body>
      <br />
    <div align="center"><img src="images/bcw_group_logo.gif" width="177" height="76"></div>

  <h3 align="center" style="text-align:center;">[url]www.bcwgroup.com[/url]</h3><br />
  <div align="center"><a href="admin.php">Browse</a> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="admin.php?mode=add">Add News</a>

  <div style="position:relative;top:30px;"> 
    <?php

// Setup Login Details
define('*********' , TRUE);
include('admin/functions.php');

   $DBhost = "*********";   // Database Server
   $DBuser = "*********";            // Database User
   $DBpass = "*********";            // Database Pass
   $DBName = "*********";            // Database Name


   // Connect to mySQL Server
   $DBConn = mysql_connect($DBhost,$DBuser,$DBpass) or die("Error in News Application: " . mysql_error());
   // Select mySQL Database
   mysql_select_db($DBName, $DBConn) or die("Error in News Application: " . mysql_error());

//define variables
$mode	= ( isset( $_POST['mode'] ) )	? $_POST['mode']	: ( ( isset( $_GET['mode'] ) )		? $_GET['mode']		: '' );
$action	= ( isset( $_POST['action'] ) )	? $_POST['action']	: ( ( isset( $_GET['action'] ) )		? $_GET['action']		: '' );
$id			= ( isset( $_GET['id'] ) ) ? intval($_GET['id']) : ( (isset($_POST['id'] ) ) ? intval($_POST['id'] ) : '' );
//What needs to be done?
if( $mode != '' ){

	switch($mode){
		case 'add' 	:
		case 'edit'	:

		include( 'admin/actions.php');

	break;

	case 'delete' :


	//DELETE NEWS ENTRY
	 $query = 'DELETE FROM bcwgroup_news 
	 					 WHERE id = ' . $id ;

	if(mysql_query($query)){

		echo 'Delete Sucessful!';

	}else{

		echo 'Could Not Delete News..' . mysql_error();

	}




	 break;

	 //DEFAULT TO INVALID
	  default :

			echo 'Invalid Request';

	}
}else{


//LIST ALL NEWS ENTRIES FOR US TO VIEW
$query = 'SELECT id, title, thedate , FROM_UNIXTIME(timestamp, \'%M %D %Y \') date  FROM bcwgroup_news';
$result = mysql_query($query);



echo '<table style="margin: 0 auto;width:500px;border: 1px dotted #E5E5E5;" cellpadding="5" cellspacing="1">
				<tr>
					<th>Title</th><th>Date</th><th></th><th></th>';

while($r = mysql_fetch_array($result)){

	//Swap our CSS classes
			$bg = 'light' ? 'light' : 'dark';
	//Swap special symbols
			$r = str_replace("%25", "%", $r);
			$r = str_replace("%26", "&", $r);		
			//$r = str_replace("%27", "'", $r);			
			//$r = str_replace("%22", "\"", $r);



	 echo '

	 <tr class="' . $bg . '"><td><strong><a href="admin.php?mode=edit&id=' . $r['id'] . '">' . stripslashes2($r['title']) . '</a></strong></td>
	 <td>' . $r['thedate'] . '</td>
	 <td><a href="admin.php?mode=edit&id=' . $r['id'] . '">Edit</a></td>
	 <td><a href="admin.php?mode=delete&id=' . $r['id'] .'">Delete</a></td></tr>';

}

echo '</table>';
}
?>
  </div>
  </div>
  </body>
</html>

paulnaj

It looks like the stuff you're actually interested is due to ...

<?php 
include( 'admin/actions.php'); 
?>

... so we're gonna have to look in actions.php to see what's going on.

BTW, I'm a little surprised that another error hasn't cropped up, namely this line ...

<?php 
$query = 'SELECT id, title, thedate , FROM_UNIXTIME(timestamp, '%M %D %Y ') date  FROM bcwgroup_news'; 
?>

... which should cough up an error message because of the un-escaped single-quotes inside a single-quoted string. Change that line to ...

<?php 
$query = "SELECT id, title, thedate , FROM_UNIXTIME(timestamp, '%M %D %Y ') date  FROM bcwgroup_news"; 
?>

... just to be on the safe side.

Also, one other little thing, if you want to check both $POST and $GET variables, you could use $REQUEST ...

<?php 
$mode = isset($_REQUEST['mode'])? $_REQUEST['mode']: ''; 
?>

... since $_REQUEST contains $POST and $GET variables.

Paul 🙂

3stripe

I've pasted in the actions.php below, sorry it's so long, really appreciate your input on this!

<?php
#****************************
#  ADD NEWS ENTRY 
#****************************

//Check to make sure nobody attempts to access file directly
if(!defined('bcwgroup_news')){

echo 'You do not have permission to access this file';
exit;
}

$author = (isset($_POST['author'])) ? addslashes2($_POST['author']) : '';
$thedate   = (isset($_POST['thedate']))   ? addslashes2($_POST['thedate'])   : '';
$title  = (isset($_POST['title']))  ? addslashes2($_POST['title'])  : '';
$intro   = (isset($_POST['intro']))   ? addslashes2($_POST['intro'])   : '';
$body   = (isset($_POST['body']))   ? addslashes2($_POST['body'])   : '';

//ADD NEWS ENTRY
if($mode != '' && $action === 'add_news'){

//Did they fill in everything?
 if($author != '' && $title != '' && $body != '' && $thedate != ''  && $intro != ''){

 	//YES

	$query = "INSERT INTO bcwgroup_news (author, thedate, title, intro, body, timestamp)  
						VALUES('" . $author . "', '" . $thedate . "', '" . $title . "', '" . $intro . "', '" . $body . "', '" . time() . "')";

	if(mysql_query($query)){

		 echo '<p style="text-align:middle;">News Added!</p>';

	}else{

		echo 'Problem Executing Query' . mysql_error();

	}

 }else{

 	//NO
 	 echo 'Please fill in all fields!';

 }

//RETRIEVE INFO FOR EDIT NEWS ENTRY	
}elseif($mode === 'edit'){

if($action == ''){

 	$query = 'SELECT id, author, title , body, intro, thedate 
 						FROM bcwgroup_news 
 						WHERE id=' . $id . '';
 	$result = mysql_query($query);


 	 $r = mysql_fetch_row($result);

 	$id			= $r[0];
 	$author = stripslashes($r[1]);
 	$title	= stripslashes($r[2]);
 	$body   = stripslashes($r[3]);
 	$intro   = stripslashes($r[4]);
 	$thedate   = stripslashes($r[5]);

			//Swap special symbols
			$title = str_replace("%25", "%", $title);
			$body = str_replace("%25", "%", $body);
			$intro = str_replace("%25", "%", $intro);
			$thedate = str_replace("%25", "%", $thedate);

			$body = str_replace("%26", "&", $body);	
			$title = str_replace("%26", "&", $title);	
			$intro = str_replace("%26", "&", $intro);	
			$thedate = str_replace("%26", "&", $thedate);			


			}else{

	//DO THE EDIT AND SEND INFO TO THE DATABASE
	if($action === 'edit_news'){

	$query = 'UPDATE bcwgroup_news 

						SET author="' . $author . '", title="' . $title . '", body="' . $body . '", intro="' . $intro . '", thedate="' . $thedate . '"        
						WHERE id =" ' . $id . '"';

		if(mysql_query($query)){

			echo 'Update Sucessful!';

		}else{

			echo 'Could not update News..' . mysql_error();

	}

}


}
}
?>
<div style="margin-top: 0px;">
  <div align="center">
    <table style="margin: 0 auto;width:500px;top:1px;border:1px dotted #E5E5E5;" cellspacing="1">
	  <tr class="dark">
	  <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
	  <td><strong>Author:</strong></td>
	  <td><input type="text" name="author" value="<?php echo $author; ?>" style="width: 120px;" /></td>
  </tr>
  <td><strong>Date:</strong></td>
	  <td><input type="text" class="fade" name="thedate" value="<?php echo $thedate; ?>" style="width: 120px;" /></td>
  </tr>
 <tr class="light">
	  <td><strong>Title:</strong></td>
	  <td><input name="title" type="text" style="width: 400px;" value="<?php echo $title; ?>" size="200"></td>
	  </tr>
	      <td><strong>Intro:</strong></td>
	  <td><textarea name="intro" cols="50" rows="5"><?php echo stripslashes($intro); ?></textarea></td>
  </tr>
	  <tr class="dark">
	  <td><strong>Body:</strong></td>
	  <td><textarea name="body" cols="50" rows="10"><?php echo stripslashes($body); ?></textarea></td>
	  </tr>
	  <tr class="light">
	  <td colspan="2">
		  <div align="center">
		    <input type="hidden" value="<?php echo $mode; ?>" name="mode" />
		    <input type="hidden" value="<?php echo $id; ?>" name="id" />
		    <input type="hidden" value="<?php echo ($mode == 'add' ? 'add_news' : 'edit_news'); ?>" name="action" />
		    <input type="submit" value="Submit" name="submit" class="button" />
	        </div></td>
	  </tr>
		  </form>
    </table>
    <div id="instructions">
    <p> * Dates should be entered in full, eg. 4th May 2005, 8th January 2005, 23rd November 2004</p>
    </div>
  </div>
</div>

paulnaj

Hi Russell,

Obviously, there will be better, more 'general' methods, but you can 'hack' a solution ...

 <?php 
#**************************** 
#  ADD NEWS ENTRY 
#**************************** 

//Check to make sure nobody attempts to access file directly 
if(!defined('bcwgroup_news')){ 
    echo 'You do not have permission to access this file'; 
    exit; 
} 

$author = (isset($_POST['author'])) ? addslashes2($_POST['author']) : ''; 
$thedate   = (isset($_POST['thedate']))   ? addslashes2($_POST['thedate'])   : ''; 
$title  = (isset($_POST['title']))  ? addslashes2($_POST['title'])  : ''; 
$intro   = (isset($_POST['intro']))   ? addslashes2($_POST['intro'])   : ''; 
$body   = (isset($_POST['body']))   ? addslashes2($_POST['body'])   : ''; 


// Going to use this to decide whether or not to display the form
$news_was_added = false; 


//ADD NEWS ENTRY 
if($mode != '' && $action === 'add_news'){ 

//Did they fill in everything? 
 if($author != '' && $title != '' && $body != '' && $thedate != ''  && $intro != ''){ 

     //YES 

    $query = "INSERT INTO bcwgroup_news (author, thedate, title, intro, body, timestamp)   
                        VALUES('" . $author . "', '" . $thedate . "', '" . $title . "', '" . $intro . "', '" . $body . "', '" . time() . "')"; 

    if(mysql_query($query)){ 

         //echo '<p style="text-align:middle;">News Added!</p>'; 
		 $news_was_added = true; 

    }else{ 

        echo 'Problem Executing Query' . mysql_error(); 

    } 

 }else{ 

     //NO 
      echo 'Please fill in all fields!'; 

 } 

//RETRIEVE INFO FOR EDIT NEWS ENTRY     

}elseif($mode === 'edit'){ 

if($action == ''){ 

     $query = 'SELECT id, author, title , body, intro, thedate 
                         FROM bcwgroup_news 
                         WHERE id=' . $id . ''; 
     $result = mysql_query($query); 


      $r = mysql_fetch_row($result); 

     $id            = $r[0]; 
     $author = stripslashes($r[1]); 
     $title    = stripslashes($r[2]); 
     $body   = stripslashes($r[3]); 
     $intro   = stripslashes($r[4]); 
     $thedate   = stripslashes($r[5]); 

            //Swap special symbols 
            $title = str_replace("%25", "%", $title); 
            $body = str_replace("%25", "%", $body); 
            $intro = str_replace("%25", "%", $intro); 
            $thedate = str_replace("%25", "%", $thedate); 

            $body = str_replace("%26", "&", $body);     
            $title = str_replace("%26", "&", $title);     
            $intro = str_replace("%26", "&", $intro);     
            $thedate = str_replace("%26", "&", $thedate);             


            }else{ 

    //DO THE EDIT AND SEND INFO TO THE DATABASE 
    if($action === 'edit_news'){ 

    $query = 'UPDATE bcwgroup_news 

                        SET author="' . $author . '", title="' . $title . '", body="' . $body . '", intro="' . $intro . '", thedate="' . $thedate . '"         
                        WHERE id =" ' . $id . '"'; 

        if(mysql_query($query)){ 

            echo 'Update Sucessful!'; 

        }else{ 

            echo 'Could not update News..' . mysql_error(); 

    } 

} 


} 
} 


if($news_was_added){
	// DON'T display the form
	 echo '<p style="text-align:middle;">News Added!</p> ... <a href="#">Return to wherever</a>'; 
} else {
	// DO display the form
?> 
<div style="margin-top: 0px;"> 
  <div align="center"> 
    <table style="margin: 0 auto;width:500px;top:1px;border:1px dotted #E5E5E5;" cellspacing="1"> 
      <tr class="dark"> 
      <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> 
      <td><strong>Author:</strong></td> 
      <td><input type="text" name="author" value="<?php echo $author; ?>" style="width: 120px;" /></td> 
  </tr> 
  <td><strong>Date:</strong></td> 
      <td><input type="text" class="fade" name="thedate" value="<?php echo $thedate; ?>" style="width: 120px;" /></td> 
  </tr> 
<tr class="light"> 
      <td><strong>Title:</strong></td> 
      <td><input name="title" type="text" style="width: 400px;" value="<?php echo $title; ?>" size="200"></td> 
      </tr> 
          <td><strong>Intro:</strong></td> 
      <td><textarea name="intro" cols="50" rows="5"><?php echo stripslashes($intro); ?></textarea></td> 
  </tr> 
      <tr class="dark"> 
      <td><strong>Body:</strong></td> 
      <td><textarea name="body" cols="50" rows="10"><?php echo stripslashes($body); ?></textarea></td> 
      </tr> 
      <tr class="light"> 
      <td colspan="2"> 
          <div align="center"> 
            <input type="hidden" value="<?php echo $mode; ?>" name="mode" /> 
            <input type="hidden" value="<?php echo $id; ?>" name="id" /> 
            <input type="hidden" value="<?php echo ($mode == 'add' ? 'add_news' : 'edit_news'); ?>" name="action" /> 
            <input type="submit" value="Submit" name="submit" class="button" /> 
            </div></td> 
      </tr> 
          </form> 
    </table> 
    <div id="instructions"> 
    <p> * Dates should be entered in full, eg. 4th May 2005, 8th January 2005, 23rd November 2004</p> 
    </div> 
  </div> 
</div> 
<?php
}
?>

Have a look through what I've done ... see if you get the gist.

Paul 🙂

3stripe

Wow cheers Paul! Very much appreciated....

Had a look through, and can see how you've set a variable to say whether or not news has just been added,

$news_was_added = true;

and then used that to show/hide the full table at the end.... cool!

(Can you recommend any good php books for learners btw, i need to do some reading, maybe... or find a good freelancer to help me with this stuff!)

paulnaj

Glad it worked!

As regards books, if you are really new to any form of programming, then any of the 'PHP in 24 hours', 'PHP for dummies' etc are great, because they ease you in to the idea of programming in general.

Always have the manual to the ready ... it's definitive and their are lots of user comments, suggestions etc. The Getting Started section is good as well.

Another route is to just read through some of the articles on this site (and others) ... you find yourself saying 'Aaah, that'd be useful for so and so'.

Good luck!

Paul 🙂

3stripe

ta for the pointers paul,

i do a little actionscript so i've a rough knowledge of coding already that might help a wee bit!

james