ClanKiller.com - View topic - Making a PHP blog?

It is currently Tue Jul 22, 2025 7:48 am

Making a PHP blog?

Page 1 of 2

[ 24 posts ]

Go to page 1, 2 Next

Print view

Previous topic | Next topic

Making a PHP blog?

Author

Message

Mole

Minor Diety

Joined: Fri Apr 11, 2003 5:09 pm
Posts: 4004
Location: Walsall, West Mids, UK

Making a PHP blog?

As a few of you may know, I run a paint-ball website. Now, I need to update the website more often, but I tend not to because It's a matter of entering info in to the text files, saving as html, uploading, and so on.

what I'd like to know, is how to, or where to find out how to, create a page, that is simular to a blog. In the sense of, I input information in to some feilds, it then generates the correct HTML, etc, and displays my information.

now, I already have a blog on my site (www.paint-zone.co.uk) but I think it's time to take things further, and be able to code some form of simple blogging tool, or some kind of form, that changes a html page, without having to upload etc.

I googled this, but obviously, put the words create, change, modify and html page in a search, and you get just that. How to create web pages, and so on.

I guess you could think of what I'm trying to achive is a news page. where I can put the latest paintball stuff on to my site, maybe with a pic or two.

Any tips? I've been toying around with forms thanks to w3schools as you can see here

http://www.paint-zone.co.uk/post.php

But obviously, that generates a one time viewable page, i need it to modify the page, or a database, that the page then pulls the correct info from.

I don't expect to get this done in ten minutes, of course, but I don't know where to start. I have basic (Very basic) C++ coding knoledge, and from what I've been reading, php isn't that different, just uses different operaters.

_________________
Games to complete:
GTA IV [100%] (For Multiplayer next!)
Fallout 3 [50%]
Rock Band [35%]
http://www.cafepress.com/SmeepProducts

Thu Aug 04, 2005 8:28 am

Satis

Felix Rex

Joined: Fri Mar 28, 2003 6:01 pm
Posts: 16701
Location: On a slope

you need php and a database like MySQL. You know the news page on my front page? Yea, I can add news via a web interface.

I'm sure you would like something similar.

Basically, you use a form to input the data and pass it to another page. At that point, you use php to parse the data and store it in a database. Then on your front page, you have php retrieve the data from the database, format it the way you want, and display it.

Where to start? That's a tall order. You need to learn at least basic php and you need to learn some basic MySQL stuff. You also need access to a MySQL database, obviously.

_________________
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.

Thu Aug 04, 2005 3:27 pm

Mole

Minor Diety

Joined: Fri Apr 11, 2003 5:09 pm
Posts: 4004
Location: Walsall, West Mids, UK

Well I've started on the Php path, I have acces to a MySQL database

So I'm on my way. At least now I have a goal to shoot at, and if you know anywhere that would be a nice place to get some learning tools, feel free to yell them to me.

_________________
Games to complete:
GTA IV [100%] (For Multiplayer next!)
Fallout 3 [50%]
Rock Band [35%]
http://www.cafepress.com/SmeepProducts

Fri Aug 05, 2005 7:30 am

Satis

Felix Rex

Joined: Fri Mar 28, 2003 6:01 pm
Posts: 16701
Location: On a slope

just google for php tutorials. There are literally thousands out there. If you have any questions, feel free to ask.

_________________
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.

Fri Aug 05, 2005 7:46 am

Mole

Minor Diety

Joined: Fri Apr 11, 2003 5:09 pm
Posts: 4004
Location: Walsall, West Mids, UK

Ok, I'm having a little trouble with the connecting PHP to the MySQL database.

I'm reading THIS page. I've gotten a basic handle on php, and a even more basic handle on MySQl.

What I have, so far, is a table in my database (paintzone) called "blog"

From what I gather, the variable $dbcnx is either a predetermined thing, or I have to declare it, within the database.

Or maybe, the command line: $dbcnx = @mysql_connect('localhost', 'root', 'mypasswd'); is saying, if localhost, root, mypassword, are all correct, then $dbcnx is true.

Arg, My brain. Could someone clarify?

Basically, I'm trying to find out how to do two things.

1. Write to a database, from a from.
2. Pull from a database, to a webpage.

_________________
Games to complete:
GTA IV [100%] (For Multiplayer next!)
Fallout 3 [50%]
Rock Band [35%]
http://www.cafepress.com/SmeepProducts

Thu Aug 11, 2005 1:22 pm

Mole

Minor Diety

Joined: Fri Apr 11, 2003 5:09 pm
Posts: 4004
Location: Walsall, West Mids, UK

Sorry for the double post, but I thought it would be clearer than editing.

Using the script provided by that website, i seem to be able to connect to my mysql database.

Ok, I've managed to get it to write to a feild. It succsefully inserts the date, in to the table "blog", in the field "date"

Now, I'm also attemtping to enter text in to "text" but the field is turning up blank.

Here's my code


	Code: if (isset($_POST['text'])) { $text = $_POST['text']; $sql = "INSERT INTO blog SET text='$text', date=CURDATE()"; if (@mysql_query($sql)) { echo '<p>Your review has been added.</p>'; } else { echo '<p>Error adding submitted review: ' . mysql_error() . '</p>'; } }

OK, got that problems solved. I assumed by setting a value to 0, that would be infinite.

How do I set an infinite value in a feild.

Ok, Here's the latest. What I've got, is almost exactly what I need, but I fear the next bit may be a little confusing. I can get it display all the entries etc, but ofcourse, due to my in-efficient coding, it will display all the comments together, all the authors together, all the titles together and all the dates together.

Obvisouly, I'd like it to look like a blog, but I'm not sure which direction to put my foot out toward.

I think I need a more efficient way of querying the fields, instead of querying them all by date, info, author etc. A way to query it by it's primary key, ID, and then display all the info in that field.

_________________
Games to complete:
GTA IV [100%] (For Multiplayer next!)
Fallout 3 [50%]
Rock Band [35%]
http://www.cafepress.com/SmeepProducts

Thu Aug 11, 2005 1:27 pm

Pig

Duke

Joined: Mon Mar 31, 2003 8:59 am
Posts: 1358
Location: right behind you

Make absolutely certain you sanitize any user input.

Thu Aug 11, 2005 11:23 pm

Mole

Minor Diety

Joined: Fri Apr 11, 2003 5:09 pm
Posts: 4004
Location: Walsall, West Mids, UK

Er... now I feel even more stupid. Was that a Joke, or was it something that you actually do in php?

_________________
Games to complete:
GTA IV [100%] (For Multiplayer next!)
Fallout 3 [50%]
Rock Band [35%]
http://www.cafepress.com/SmeepProducts

Fri Aug 12, 2005 3:29 am

Pig

Duke

Joined: Mon Mar 31, 2003 8:59 am
Posts: 1358
Location: right behind you

It means you purge their input of any malicious code, such as HTML tags, or SQL injection.

Fri Aug 12, 2005 6:51 am

Satis

Felix Rex

Joined: Fri Mar 28, 2003 6:01 pm
Posts: 16701
Location: On a slope

indeed. Basically, with the way you're doing right now, someone could enter text that included some bad characters and do very bad things. For instance, if I made the text say this.....

'; drop table blogs;

it would cause your blogs table to be dropped.

It's called SQL injection and is a very real security hazard. The above assumes magic cookies is turned off. (seriously, I'm not making this up).

Also, I could put some malicious javascript or even html in the text page, and when you tried to display it on your page, it could cause bad things to happen.

for instance, if my $text input was

 

imagine what that would do to your page. That's a real basic example...I could do alot more.

I love this stuff.

Anyway, check out a couple cool php functions. Such as....
htmlentities()
addslashes()
maybe str_replace() and preg_replace() if you're feeling froggy.

Lastly...I hope you're doing your testing in a safe environment. IE, either locally or in a protected area of your site. You don't want this kinda stuff open to the world, not until you secure it.

_________________
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.

Last edited by Satis on Fri Aug 12, 2005 11:38 am, edited 1 time in total.

Fri Aug 12, 2005 9:05 am

Mole

Minor Diety

Joined: Fri Apr 11, 2003 5:09 pm
Posts: 4004
Location: Walsall, West Mids, UK

We'll i'm testing it as safely as I can, but I want to test it locally.

How much space does it take to install PHP?

_________________
Games to complete:
GTA IV [100%] (For Multiplayer next!)
Fallout 3 [50%]
Rock Band [35%]
http://www.cafepress.com/SmeepProducts

Fri Aug 12, 2005 11:05 am

Emperor

Joined: Wed Apr 16, 2003 1:25 am
Posts: 2560


	Quote: imagine what that would do to your page.

My first impression was what that array of s has done to this page.


	Mole wrote: How much space does it take to install PHP?

Depends. But in princip very little. PHP, MySQL & Apache at me takes about 200MB. You can lower it, I belive.

_________________
++

Fri Aug 12, 2005 11:08 am

Satis

Felix Rex

Joined: Fri Mar 28, 2003 6:01 pm
Posts: 16701
Location: On a slope

yea, sorry about the spam, I fixed that.

Anyway, the installation is very small. You can actually find bundles out there too...bundled versions of apache + php + mysql + phpmyadmin all in one convenient installer. Just be sure to get the same version of PHP you're using in production.

I have php, apache, phpmadmin and mysql all installed locally on this box and I do all my development against that. I also, as it happens, run a few pages for my company off this box too.

_________________
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.

Fri Aug 12, 2005 11:43 am

Mole

Minor Diety

Joined: Fri Apr 11, 2003 5:09 pm
Posts: 4004
Location: Walsall, West Mids, UK

I have installed it all succesfully, I have mysql and phpMyAdmin already on the server, and I can use that database noproblems from my machine, so now it's back to editing! at least i've completely removed my dev php stuff from the site now.

I'm having trouble getting it allow me to insert new records (this worked on the server)

here's the code i have, any one know what I have wrong?


	Code: <html> <body> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> Enter your alias: <input type="text" name="author" /> Enter the title: <input type="title" name="title" /> <label>Type your review:<br /> <textarea name="text" rows="10" cols="40"> </textarea></label> <input type="submit" value="Go!"/> </form> <?php $dbcnx = @mysql_connect('mysql.lcn.biz', 'myusername', 'mypassword'); if (!$dbcnx) { echo 'Unable to connect to the ' . 'database server at this time.' ; exit(); } // Select the database if (!@mysql_select_db('paintzone')) { exit('<p>Unable to locate the ' . 'database at this time.</p>'); } // Write to the fields if (isset($_POST['text'])) { $text = $_POST['text']; $sql = "INSERT INTO blog SET text='$text', author='$author', title='$title', date=CURDATE()"; if (@mysql_query($sql)) { echo '<p>Your review has been added.</p>'; } else { echo '<p>Error adding submitted review: ' . mysql_error() . '</p>'; } } // Query All entries $result = @mysql_query('SELECT * FROM blog'); if (!$result) { exit('<p>Error performing query: ' . mysql_error() . '</p>'); } // Display all Entries $author=mysql_result($result, 0 ,"author"); $date=mysql_result($result, 0 ,"date"); $title=mysql_result($result, 0 ,"title"); $text=mysql_result($result, 0 ,"text"); echo("<table><tr><td><center>$author</center></td><td><center>$date</center></td></tr><tr><td><center>$title</center></td></tr><tr><td><center>$text</center></td></tr></table>"); ?> </body> </html>

_________________
Games to complete:
GTA IV [100%] (For Multiplayer next!)
Fallout 3 [50%]
Rock Band [35%]
http://www.cafepress.com/SmeepProducts

Fri Aug 12, 2005 12:39 pm

Satis

Felix Rex

Joined: Fri Mar 28, 2003 6:01 pm
Posts: 16701
Location: On a slope

debug code, bud

on line 39, echo $sql. See what the sql query looks like. You can comment out the


	Code: if (@mysql_query($sql)) { echo '<p>Your review has been added.</p>'; } else { echo '<p>Error adding submitted review: ' . mysql_error() . '</p>'; }

for now if you want. I bet the sql query isn't formatted properly. Once definete issue is $author and $title probably aren't defined. $text should be, since you convert it from POST with the line


	Code: $text = $_POST['text'];

you should do the same with $author and $title. While you're at it, I suggest you clean the input, too. a la


	Code: $text = htmlentities($_POST['text']); $author = htmlentities($_POST['author']); $title= htmlentities($_POST['title']);

I'm assuming the magic cookies thing is turned on. If not, you'll want to addslashes on it too to keep people from maliciously escaping your select statement.

btw, this line can be simplified:


	Code: echo("<table><tr><td><center>$author</center></td><td><center>$date</center></td></tr><tr><td><center>$title</center></td></tr><tr><td><center>$text</center></td></tr></table>");


	Code: echo "<table><tr><td><center>$author</center></td><td><center>$date</center></td></tr><tr><td><center>$title</center></td></tr><tr><td><center>$text</center></td></tr></table>";

or, even better


	Code: echo '<table><tr><td><center>' .$author .'</center></td><td><center>' .$date .'</center></td></tr><tr><td><center> ' .$title .'</center></td></tr><tr><td><center>' .$text .'</center></td></tr></table>';

_________________
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.

Fri Aug 12, 2005 3:05 pm

Page 1 of 2

[ 24 posts ]

Go to page 1, 2 Next

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum