ClanKiller.com :: View topic - Making a PHP blog?

ClanKiller.com https://forums.plasmasky.com/

Making a PHP blog? https://forums.plasmasky.com/viewtopic.php?f=8&t=1346	Page 1 of 2

Author:	Mole [ Thu Aug 04, 2005 8:28 am ]
Post subject:	Making a PHP blog?
As a few of you may know, I run a paint-ball website. Now, I need to update the website more often, but I tend not to because It's a matter of entering info in to the text files, saving as html, uploading, and so on. what I'd like to know, is how to, or where to find out how to, create a page, that is simular to a blog. In the sense of, I input information in to some feilds, it then generates the correct HTML, etc, and displays my information. now, I already have a blog on my site (www.paint-zone.co.uk) but I think it's time to take things further, and be able to code some form of simple blogging tool, or some kind of form, that changes a html page, without having to upload etc. I googled this, but obviously, put the words create, change, modify and html page in a search, and you get just that. How to create web pages, and so on. I guess you could think of what I'm trying to achive is a news page. where I can put the latest paintball stuff on to my site, maybe with a pic or two. Any tips? I've been toying around with forms thanks to w3schools as you can see here http://www.paint-zone.co.uk/post.php But obviously, that generates a one time viewable page, i need it to modify the page, or a database, that the page then pulls the correct info from. I don't expect to get this done in ten minutes, of course, but I don't know where to start. I have basic (Very basic) C++ coding knoledge, and from what I've been reading, php isn't that different, just uses different operaters.

Author:	Satis [ Thu Aug 04, 2005 3:27 pm ]
Post subject:
you need php and a database like MySQL. You know the news page on my front page? Yea, I can add news via a web interface. I'm sure you would like something similar. Basically, you use a form to input the data and pass it to another page. At that point, you use php to parse the data and store it in a database. Then on your front page, you have php retrieve the data from the database, format it the way you want, and display it. Where to start? That's a tall order. You need to learn at least basic php and you need to learn some basic MySQL stuff. You also need access to a MySQL database, obviously.

Author:	Mole [ Fri Aug 05, 2005 7:30 am ]
Post subject:
Well I've started on the Php path, I have acces to a MySQL database So I'm on my way. At least now I have a goal to shoot at, and if you know anywhere that would be a nice place to get some learning tools, feel free to yell them to me.

Author:	Satis [ Fri Aug 05, 2005 7:46 am ]
Post subject:
just google for php tutorials. There are literally thousands out there. If you have any questions, feel free to ask.

Author:	Mole [ Thu Aug 11, 2005 1:22 pm ]
Post subject:
Ok, I'm having a little trouble with the connecting PHP to the MySQL database. I'm reading THIS page. I've gotten a basic handle on php, and a even more basic handle on MySQl. What I have, so far, is a table in my database (paintzone) called "blog" From what I gather, the variable $dbcnx is either a predetermined thing, or I have to declare it, within the database. Or maybe, the command line: $dbcnx = @mysql_connect('localhost', 'root', 'mypasswd'); is saying, if localhost, root, mypassword, are all correct, then $dbcnx is true. Arg, My brain. Could someone clarify? Basically, I'm trying to find out how to do two things. 1. Write to a database, from a from. 2. Pull from a database, to a webpage.

Author:

Mole [ Thu Aug 11, 2005 1:27 pm ]

Post subject:

Sorry for the double post, but I thought it would be clearer than editing.

Using the script provided by that website, i seem to be able to connect to my mysql database.

Ok, I've managed to get it to write to a feild. It succsefully inserts the date, in to the table "blog", in the field "date"

Now, I'm also attemtping to enter text in to "text" but the field is turning up blank.

Here's my code


	Code: if (isset($_POST['text'])) { $text = $_POST['text']; $sql = "INSERT INTO blog SET text='$text', date=CURDATE()"; if (@mysql_query($sql)) { echo '<p>Your review has been added.</p>'; } else { echo '<p>Error adding submitted review: ' . mysql_error() . '</p>'; } }

OK, got that problems solved. I assumed by setting a value to 0, that would be infinite.

How do I set an infinite value in a feild.

Ok, Here's the latest. What I've got, is almost exactly what I need, but I fear the next bit may be a little confusing. I can get it display all the entries etc, but ofcourse, due to my in-efficient coding, it will display all the comments together, all the authors together, all the titles together and all the dates together.

Obvisouly, I'd like it to look like a blog, but I'm not sure which direction to put my foot out toward.

I think I need a more efficient way of querying the fields, instead of querying them all by date, info, author etc. A way to query it by it's primary key, ID, and then display all the info in that field.

Author:	Pig [ Thu Aug 11, 2005 11:23 pm ]
Post subject:
Make absolutely certain you sanitize any user input.

Author:	Mole [ Fri Aug 12, 2005 3:29 am ]
Post subject:
Er... now I feel even more stupid. Was that a Joke, or was it something that you actually do in php?

Author:	Pig [ Fri Aug 12, 2005 6:51 am ]
Post subject:
It means you purge their input of any malicious code, such as HTML tags, or SQL injection.

Author:	Satis [ Fri Aug 12, 2005 9:05 am ]
Post subject:
indeed. Basically, with the way you're doing right now, someone could enter text that included some bad characters and do very bad things. For instance, if I made the text say this..... '; drop table blogs; it would cause your blogs table to be dropped. It's called SQL injection and is a very real security hazard. The above assumes magic cookies is turned off. (seriously, I'm not making this up). Also, I could put some malicious javascript or even html in the text page, and when you tried to display it on your page, it could cause bad things to happen. for instance, if my $text input was <br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br> <br><br><br><br><br><br><br><br> <br><br><br><br><br><br><br><br> <br><br><br><br><br><br><br><br> <br><br><br><br><br><br><br><br><br> <br><br><br><br><br><br><br><br><br><br><br><br> <br><br><br><br> imagine what that would do to your page. That's a real basic example...I could do alot more. I love this stuff. Anyway, check out a couple cool php functions. Such as.... htmlentities() addslashes() maybe str_replace() and preg_replace() if you're feeling froggy. Lastly...I hope you're doing your testing in a safe environment. IE, either locally or in a protected area of your site. You don't want this kinda stuff open to the world, not until you secure it.

Author:	Mole [ Fri Aug 12, 2005 11:05 am ]
Post subject:
We'll i'm testing it as safely as I can, but I want to test it locally. How much space does it take to install PHP?

Author:

RB [ Fri Aug 12, 2005 11:08 am ]

Post subject:


	Quote: imagine what that would do to your page.

My first impression was what that array of <br>s has done to this page.


	Mole wrote: How much space does it take to install PHP?

Depends. But in princip very little. PHP, MySQL & Apache at me takes about 200MB. You can lower it, I belive.

Author:	Satis [ Fri Aug 12, 2005 11:43 am ]
Post subject:
yea, sorry about the <br> spam, I fixed that. Anyway, the installation is very small. You can actually find bundles out there too...bundled versions of apache + php + mysql + phpmyadmin all in one convenient installer. Just be sure to get the same version of PHP you're using in production. I have php, apache, phpmadmin and mysql all installed locally on this box and I do all my development against that. I also, as it happens, run a few pages for my company off this box too.

Author:

Mole [ Fri Aug 12, 2005 12:39 pm ]

Post subject:

I have installed it all succesfully, I have mysql and phpMyAdmin already on the server, and I can use that database noproblems from my machine, so now it's back to editing! at least i've completely removed my dev php stuff from the site now.

I'm having trouble getting it allow me to insert new records (this worked on the server)

here's the code i have, any one know what I have wrong?


	Code: <html> <body> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> Enter your alias: <input type="text" name="author" /> Enter the title: <input type="title" name="title" /> <label>Type your review:<br /> <textarea name="text" rows="10" cols="40"> </textarea></label> <input type="submit" value="Go!"/> </form> <?php $dbcnx = @mysql_connect('mysql.lcn.biz', 'myusername', 'mypassword'); if (!$dbcnx) { echo 'Unable to connect to the ' . 'database server at this time.' ; exit(); } // Select the database if (!@mysql_select_db('paintzone')) { exit('<p>Unable to locate the ' . 'database at this time.</p>'); } // Write to the fields if (isset($_POST['text'])) { $text = $_POST['text']; $sql = "INSERT INTO blog SET text='$text', author='$author', title='$title', date=CURDATE()"; if (@mysql_query($sql)) { echo '<p>Your review has been added.</p>'; } else { echo '<p>Error adding submitted review: ' . mysql_error() . '</p>'; } } // Query All entries $result = @mysql_query('SELECT * FROM blog'); if (!$result) { exit('<p>Error performing query: ' . mysql_error() . '</p>'); } // Display all Entries $author=mysql_result($result, 0 ,"author"); $date=mysql_result($result, 0 ,"date"); $title=mysql_result($result, 0 ,"title"); $text=mysql_result($result, 0 ,"text"); echo("<table><tr><td><center>$author</center></td><td><center>$date</center></td></tr><tr><td><center>$title</center></td></tr><tr><td><center>$text</center></td></tr></table>"); ?> </body> </html>

Author:

Satis [ Fri Aug 12, 2005 3:05 pm ]

Post subject:

debug code, bud

on line 39, echo $sql. See what the sql query looks like. You can comment out the


	Code: if (@mysql_query($sql)) { echo '<p>Your review has been added.</p>'; } else { echo '<p>Error adding submitted review: ' . mysql_error() . '</p>'; }

for now if you want. I bet the sql query isn't formatted properly. Once definete issue is $author and $title probably aren't defined. $text should be, since you convert it from POST with the line


	Code: $text = $_POST['text'];

you should do the same with $author and $title. While you're at it, I suggest you clean the input, too. a la


	Code: $text = htmlentities($_POST['text']); $author = htmlentities($_POST['author']); $title= htmlentities($_POST['title']);

I'm assuming the magic cookies thing is turned on. If not, you'll want to addslashes on it too to keep people from maliciously escaping your select statement.

btw, this line can be simplified:


	Code: echo("<table><tr><td><center>$author</center></td><td><center>$date</center></td></tr><tr><td><center>$title</center></td></tr><tr><td><center>$text</center></td></tr></table>");


	Code: echo "<table><tr><td><center>$author</center></td><td><center>$date</center></td></tr><tr><td><center>$title</center></td></tr><tr><td><center>$text</center></td></tr></table>";

or, even better


	Code: echo '<table><tr><td><center>' .$author .'</center></td><td><center>' .$date .'</center></td></tr><tr><td><center> ' .$title .'</center></td></tr><tr><td><center>' .$text .'</center></td></tr></table>';

Page 1 of 2	All times are UTC - 6 hours
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/