UPDATED: Edit/Delete functions added
This is a simple, (no graphics) webpage for displaying news from an SQL table with an add feature.
Ok, so the first thing you need to do, is create a new table within your database. either use phpMyAdmin, running this SQL code.
CREATE TABLE `news` (
`id` INT( 255 ) NOT NULL AUTO_INCREMENT ,
`title` VARCHAR( 255 ) NOT NULL ,
`article` TEXT NOT NULL ,
`updated` VARCHAR( 255 ) NOT NULL ,
PRIMARY KEY ( `id` )
) TYPE = MYISAM ;
or put it in a webpage, and view it (within a mysql_query). Running the SQL code through phpMyAdmin is the suggested way.
Secondly, create a new webpage, for example:
/home/www/www.website.com/news.php
Then, paste the code from the snippet in.
The following code needs to be edited to your website.
mysql_connect('host', 'login_to_sql', 'password_to_sql');
host = your mysql host. if you are using phpMyAdmin, you should get a message such as:
Welcome to phpMyAdmin
MySQL 4.1.18-log running on fdb1.runhosting.com as your_username@xx.your.ip.xx
The part you want from that is fdb1.runhosting.com
login_to_sql = your username, before the @ symbol in the previous quote.
password_to_sql = the password you used to get to your phpMyAdmin (or other SQL prog.)
Next, set the database_name as your databases name.
[b]Now, you have your db set up and webpage running. You're pretty much ready to roll. Remember this web requires a log in (password is changed within the script:
if ($_POST["pass"] == "jonesy") {
Just change "jonesy" to "xx_yourpass".[/b]
[b]A working version of this script can be found at :
http://wfs.myartsonline.com/news
Password = jonesy
I'll leave it up for a week or two as an example.
If you have any questions, drop me a PM or leave a comment
<?php
session_start();
mysql_connect('host', 'login_to_sql', 'password_to_sql');
mysql_select_db('database_name');
$day = gmdate(j);
$month = gmdate(F);
$year = gmdate(Y);
$date = $day. " " .$month. " " .$year;
echo "<title>My News Page</title>
<h1><a href=?>My News Page</a></h1>";
if ($_GET["admin"] == "add") {
if (!isset($_SESSION["admin"])) {
echo "<a href=?admin=login>You are not logged in as an admin</a>";
exit();
}
else {
if ($_POST) {
if ($_POST["title"] == "") {
echo "No title entered<br>";
exit();
}
if ($_POST["article"] == "") {
echo "No article entered";
exit();
}
else {
mysql_query("INSERT INTO `news` ( `id` , `title` , `article` , `updated` ) VALUES ('', '" .$_POST["title"]. "', '" .$_POST["article"]. "', '" .$date. "')");
echo "Article Posted<hr>
<b>Title:</b> " .$_POST["title"]. "<br>
<b>Article:</b> " .$_POST["article"]. "";
}
}
else {
echo "<form action=?admin=add method=post>
<table width=100% border=1>
<tr><td>Title:</td><td><input type=text name=title size=100></td></tr>
<tr><td>Article:</td><td><textarea name=article rows=10 cols=100></textarea></td></tr>
<tr><td colspan=2><input type=submit value=\"Add Article\"></td></tr></form>";
}
}
}
if ($_GET["admin"] == "del" && $_GET["id"]) {
if (!isset($_SESSION["admin"])) {
echo "<a href=?admin=login>You are not logged in as an admin</a>";
exit();
}
else {
mysql_query("DELETE FROM `news` WHERE `id` = '" .$_GET["id"]. "'");
echo "<a href=?>Your article has been deleted</a>";
}
}
if ($_GET["admin"] == "edit" && $_GET["id"]) {
if (!isset($_SESSION["admin"])) {
echo "<a href=?admin=login>You are not logged in as an admin</a>";
exit();
}
if ($_POST) {
mysql_query("UPDATE `news` SET `title` = '" .$_POST["title"]. "', `article` = '" .$_POST["article"]. "', `updated` = '" .$date. "' WHERE `id` = '" .$_GET["id"]. "'");
echo "<a href=?>Your article has been edited</a>";
}
else {
$sql = mysql_query("SELECT * FROM `news` WHERE `id` = '" .$_GET["id"]. "' LIMIT 0, 1");
$news = mysql_fetch_array($sql);
echo "<form action=?admin=edit&id=" .$_GET["id"]. " method=post>
<table width=100% border=1>
<tr><td>Title:</td><td><input type=text name=title size=100 value='" .$news["title"]. "'></td></tr>
<tr><td>Article:</td><td><textarea name=article rows=10 cols=100>" .$news["article"]. "</textarea></td></tr>
<tr><td colspan=2><input type=submit value=\"Edit Article\"></td></tr></form>";
}
}
if ($_GET["admin"] == "login") {
if (isset($_SESSION["admin"])) {
echo "You are logged in<br>
<a href=?admin=logout>Logout Here</a>";
}
else {
if ($_POST["pass"]) {
if ($_POST["pass"] == "jonesy") {
echo "<a href=?>You are now logged in</a>";
$_SESSION["admin"] = 1;
}
else {
echo "<a href=?admin=login>Incorrect Password</a>";
}
}
else {
echo "<form action=?admin=login method=post>
<input type=hidden name=admin value=login>
<input type=password name=pass><br>
<input type=submit value=Login></form>";
}
}
}
if ($_GET["admin"] == "logout") {
session_destroy();
echo "<a href=?>You are now logged out</a>";
}
if ($_GET["admin"]) {
exit();
}
else {
$sql = mysql_query("SELECT * FROM `news` ORDER BY `id` DESC LIMIT 0, 10");
echo "<i>Displaying the last 10 new articles</i><hr>";
while ($news = mysql_fetch_array($sql)) {
echo "<h3>[" .$news["id"]. "] " .$news["title"]. "<i> - Updated: " .$news["updated"]. "</i></h3>";
echo $news["article"];
if (isset($_SESSION["admin"])) {
echo "<br><a href=?admin=edit&id=" .$news["id"]. ">Edit</a> | <a href=?admin=del&id=" .$news["id"]. ">Delete</a>";
}
echo "<hr>";
}
if (isset($_SESSION["admin"])) {
echo "<a href=?admin=add>Add news article</a> | <a href=?admin=logout>Logout</a>";
}
else {
echo "<a href=?admin=login>Login</a>";
}
}
?>
This code is vulnerable to SQL Injection. You should always sanitize your $_GET and $_POST variables before using them in a query with mysql_real_escape_string(). Check this page for information on preventing an injection attack with PHP.
Umm i d love to but i dunno how to go about all that sadly sound awesome tho im on teh comp litterly 20+ hourse outta the day workin on my chat sie an codes wouldnt mind doin other things with my time sadly mIRC does get boring lol if you have some suggestion on gettin started liek \'\'PHP for Dumb asses\'\' it be cool if not thats cool theres always google =\