Chief Delphi - php/forms/posting/I NEED HELP!!!!!!!!!

Chief Delphi (http://www.chiefdelphi.com/forums/index.php)

- Programming (http://www.chiefdelphi.com/forums/forumdisplay.php?f=51)

- - php/forms/posting/I NEED HELP!!!!!!!!! (http://www.chiefdelphi.com/forums/showthread.php?t=45184)

php/forms/posting/I NEED HELP!!!!!!!!!

I want to put a comment/quotes page on my teams site, and let people submit their own, but I don't know anything about php or any other database. Can some one help me?

Re: php/forms/posting/I NEED HELP!!!!!!!!!

There are a few options. One is to use a free shoutbox type program. Another is to use php and log all of the comments to a text file. The last option is to use php and save it all to a database. The last will be the hardest to code but could allow for more features to be added. If i have any free tome today i will write you some sample code.

Re: php/forms/posting/I NEED HELP!!!!!!!!!

CHeck out these links. http://www.project-angel.com/index.p...&cat=PHP&id=13 and http://www.project-angel.com/index.p...&cat=PHP&id=14 . Hopefully that will get you started. If you need any help just ask.

Re: php/forms/posting/I NEED HELP!!!!!!!!!

Quote:

Originally Posted by chris31

I actually think that writing it to use a database (MySQL for example) would be easier than using the text file. That's just what I'd do, though. Either that or use XML..

Re: php/forms/posting/I NEED HELP!!!!!!!!!

Quote:

Originally Posted by MattD

I actually think that writing it to use a database (MySQL for example) would be easier than using the text file. That's just what I'd do, though. Either that or use XML..

With a text file there would be no need for a MySQL database (not sure if he has one). Plus, he wouldnt need to know SQL or and knowledge of XML. WIth XML you have to parse all of it. With a text file he could just log everything as a line of text.

Re: php/forms/posting/I NEED HELP!!!!!!!!!

Could some one give me the code for the text file option.

Re: php/forms/posting/I NEED HELP!!!!!!!!!

Just to confirm what you want, you want a box that holds the posts of the shoutbox, under that you want a spot for people to input a nickname and message. Will that work for you? Also, do you know what version of php your webserver is running?

Re: php/forms/posting/I NEED HELP!!!!!!!!!

Here is the server info:

Re: php/forms/posting/I NEED HELP!!!!!!!!!

And I would want it to look like this
http://www.khsfirst.com/insert.html for the submiting page, and http://www.khsfirst.com/Quotes.html for the pageit would show up on.

Re: php/forms/posting/I NEED HELP!!!!!!!!!

ya know, it would be a ton easier to just use a database.
if you have PHPmyAdmin, then use it.

PHP Code:


		
			
mysqlServer = mysql_pconnect("server","username","password") //server is typically "127.0.0.1"

mysql_select_db("siteData", mysqlServer);



$getNews = mysql_query("SELECT * FROM `news` ORDER BY `id` DESC");

$rowGetNews = mysql_fetch_assoc($getNews);

$numRowsGetNews = mysql_num_rows($getNews);



do {

echo $rowGetNews['body'];

} while($rowGetNews = mysql_fetch_assoc($getNews));

im assuming that you have a database, schema name "siteData", with a table called "news".
columns should be AT LEAST:
id INTEGER AUTO_INCREMENT, title VARCHAR(35), body TEXT

adding news to the DB is a different story.

Re: php/forms/posting/I NEED HELP!!!!!!!!!

Ya what is PHPmyAdmin? And how do I Use it?

Re: php/forms/posting/I NEED HELP!!!!!!!!!

Quote:

Originally Posted by general

Ya what is PHPmyAdmin? And how do I Use it?

phpMyAdmin is a php based MySQL admin tool. If you have CPanel then it is included, else you have to set it up.

The databases can be created without phpMyAdmin. I can write up some code for inputing data and createing the tables if you want me to. Also, can you find out if your webserver supports PHP and if so what version. If you cant find it, please post a link to the people who provide your hosting.

EDIT: I wrote this up quickly so its not that great but it will work.

PHP Code:


		
			
Database Layout



Database --> "siteData"

Table --> "news"

columns --> id INTEGER AUTO_INCREMENT, title VARCHAR(35), body TEXT





=================================



// Code for printing out all of the news



// Connecting, selecting database

$link = mysql_connect ("server","username","password") or die ('I cannot connect to the database because: ' . mysql_error());//Open up the specific database

mysql_select_db ("siteData");





$query = ""SELECT * FROM `news` ORDER BY `id` DESC"";

$result = mysql_query($query) or die('Query failed: ' . mysql_error());





echo "<table>\n";

echo "\t<tr>\n";

echo "\t\t<td>Name</td>\n";

echo "\t\t<td>Post</td>\n";

echo "\t</tr>\n";





while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) 

{

   echo "\t<tr>\n";

   foreach ($line as $col_value) 

   {

       echo "\t\t<td>$col_value</td>\n";

   }

   echo "\t</tr>\n";

}

echo "</table>\n";





=================================



// Code for adding news to the db



Add Post



<FORM ACTION="<?=$PHP_SELF?>" METHOD="POST" NAME="newsentry" type="text">



Name:



<BR>



<INPUT TYPE="text" SIZE="50" NAME="name" type="text">



<BR>



Post:



<BR>



<INPUT TYPE="text" SIZE="50" NAME="post" type="text">



<BR>





<INPUT TYPE="submit" NAME="submit" VALUE="Submit">

<BR>





</FORM>



<?



if($HTTP_POST_VARS['submit'])

{



        if(!$HTTP_POST_VARS['name'])

        {

            echo "You must enter a name";

            exit;

        }

        if(!$HTTP_POST_VARS['post'])

        {

            echo "You must enter a post";

            exit;

        }





    $query = "INSERT INTO news VALUES ('', '$HTTP_POST_VARS['name']', '$HTTP_POST_VARS['post']')";

     $result = mysql_query($query);

}



?>

Re: php/forms/posting/I NEED HELP!!!!!!!!!

Quote:

Originally Posted by chris31

PHP Code:


		
			
Database Layout



Database --> "siteData"

Table --> "news"

columns --> id INTEGER AUTO_INCREMENT, title VARCHAR(35), body TEXT





=================================



// Code for printing out all of the news



// Connecting, selecting database

$link = mysql_connect ("server","username","password") or die ('I cannot connect to the database because: ' . mysql_error());//Open up the specific database

mysql_select_db ("siteData");





$query = ""SELECT * FROM `news` ORDER BY `id` DESC"";

$result = mysql_query($query) or die('Query failed: ' . mysql_error());





echo "<table>\n";

echo "\t<tr>\n";

echo "\t\t<td>Name</td>\n";

echo "\t\t<td>Post</td>\n";

echo "\t</tr>\n";





while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) 

{

   echo "\t<tr>\n";

   foreach ($line as $col_value) 

   {

       echo "\t\t<td>$col_value</td>\n";

   }

   echo "\t</tr>\n";

}

echo "</table>\n";





=================================



// Code for adding news to the db



Add Post



<FORM ACTION="<?=$PHP_SELF?>" METHOD="POST" NAME="newsentry" type="text">



Name:



<BR>



<INPUT TYPE="text" SIZE="50" NAME="name" type="text">



<BR>



Post:



<BR>



<INPUT TYPE="text" SIZE="50" NAME="post" type="text">



<BR>





<INPUT TYPE="submit" NAME="submit" VALUE="Submit">

<BR>





</FORM>



<?



if($HTTP_POST_VARS['submit'])

{



        if(!$HTTP_POST_VARS['name'])

        {

            echo "You must enter a name";

            exit;

        }

        if(!$HTTP_POST_VARS['post'])

        {

            echo "You must enter a post";

            exit;

        }





    $query = "INSERT INTO news VALUES ('', '$HTTP_POST_VARS['name']', '$HTTP_POST_VARS['post']')";

     $result = mysql_query($query);

}



?>

Ah, so you are going to go with the MySQL option. Honestly, to me that seems much more easier than using a text file..

Oh by the way (correct me if I am wrong), I see a SQL injection vulnerability in your code. It's not as if it'll probably ever cause any real problems, it's just that it exists.

PHP Code:


		
			
$query = "INSERT INTO news VALUES ('', '$HTTP_POST_VARS['name']', '$HTTP_POST_VARS['post']')";

Plain text posted is being inserted into the query. So, in theory, someone could submit something that could potentially alter the query. My advice would be to look into using the mysql_escape_string() or the mysql_real_escape_string() function.

Re: php/forms/posting/I NEED HELP!!!!!!!!!

Quote:

Originally Posted by MattD

Or, he could just make sure that no one but an administrator can get to that page. Dont execute the query if you arent logged in!

PHP Code:


		
			
if ($_SESSION['UserClass'] == 'Admin') { }

or something like that. but if you do that, you would need to setup a login system.
I used to have a bunch of tutorials that i made about how to do this stuff.

Re: php/forms/posting/I NEED HELP!!!!!!!!!

Quote:

Originally Posted by Uberbots

Or, he could just make sure that no one but an administrator can get to that page. Dont execute the query if you arent logged in!

Well, sure.. but that still doesn't solve the SQL injection vulnerability. I think he wants just anyone to be able to submit, anyway.