Quote:
|
Originally Posted by chris31
phpMyAdmin is a php based MySQL admin tool. If you have CPanel then it is included, else you have to set it up.
The databases can be created without phpMyAdmin. I can write up some code for inputing data and createing the tables if you want me to. Also, can you find out if your webserver supports PHP and if so what version. If you cant find it, please post a link to the people who provide your hosting.
EDIT: I wrote this up quickly so its not that great but it will work.
PHP Code:
Database Layout
Database --> "siteData"
Table --> "news"
columns --> id INTEGER AUTO_INCREMENT, title VARCHAR(35), body TEXT
=================================
// Code for printing out all of the news
// Connecting, selecting database
$link = mysql_connect ("server","username","password") or die ('I cannot connect to the database because: ' . mysql_error());//Open up the specific database
mysql_select_db ("siteData");
$query = ""SELECT * FROM `news` ORDER BY `id` DESC"";
$result = mysql_query($query) or die('Query failed: ' . mysql_error());
echo "<table>\n";
echo "\t<tr>\n";
echo "\t\t<td>Name</td>\n";
echo "\t\t<td>Post</td>\n";
echo "\t</tr>\n";
while ($line = mysql_fetch_array($result, MYSQL_ASSOC))
{
echo "\t<tr>\n";
foreach ($line as $col_value)
{
echo "\t\t<td>$col_value</td>\n";
}
echo "\t</tr>\n";
}
echo "</table>\n";
=================================
// Code for adding news to the db
Add Post
<FORM ACTION="<?=$PHP_SELF?>" METHOD="POST" NAME="newsentry" type="text">
Name:
<BR>
<INPUT TYPE="text" SIZE="50" NAME="name" type="text">
<BR>
Post:
<BR>
<INPUT TYPE="text" SIZE="50" NAME="post" type="text">
<BR>
<INPUT TYPE="submit" NAME="submit" VALUE="Submit">
<BR>
</FORM>
<?
if($HTTP_POST_VARS['submit'])
{
if(!$HTTP_POST_VARS['name'])
{
echo "You must enter a name";
exit;
}
if(!$HTTP_POST_VARS['post'])
{
echo "You must enter a post";
exit;
}
$query = "INSERT INTO news VALUES ('', '$HTTP_POST_VARS['name']', '$HTTP_POST_VARS['post']')";
$result = mysql_query($query);
}
?>
|
Ah, so you are going to go with the MySQL option. Honestly, to me that seems much more easier than using a text file..
Oh by the way (correct me if I am wrong), I see a SQL injection vulnerability in your code. It's not as if it'll probably ever cause any real problems, it's just that it exists.
PHP Code:
$query = "INSERT INTO news VALUES ('', '$HTTP_POST_VARS['name']', '$HTTP_POST_VARS['post']')";
Plain text posted is being inserted into the query. So, in theory, someone could submit something that could potentially alter the query. My advice would be to look into using the mysql_escape_string() or the mysql_real_escape_string() function.