database driven page system

By lehmann14l on Jun 18, 2007

This stores pages into a database using an edit page and the stored pages may be viewed using the page.php page.
to see the script in action, go to
http://omfgesad.com/_edit_.php
http://omfgesad.com/page.php

any comments/suggestions appreciated. 

####_edit_.php###########REMOVE THIS LINE##########################

<?php
####max page form (1=9, 2=99, 3=999 and so on)####
$maxlen = "1";
##################################################
function db() {
    $conn = mysql_connect("db_host", "db_user", "db_pass") or die(mysql_error());
    mysql_select_db("db_name",$conn)  or die(mysql_error());
    return $conn;
}

$conn = db(); 

if (!$_POST[pagenum]) {
$editid = "1";
} else {
$editid = "$_POST[pagenum]";
}

$result = mysql_query("SELECT * FROM edit WHERE id='$editid'");

while($row = mysql_fetch_array($result))
  {
$edit = $row['edit'];
$pageid = $row['id'];
  } 
$getedits .= "$edit";

if ($_POST[op] == "add") {
        mysql_query("DELETE FROM edit WHERE id='$editid'");
        $addedit = "INSERT INTO edit (id, edit) VALUES ('$editid', '$_POST[edit]')"; 
        mysql_query($addedit,$conn) or die(mysql_error());

}
mysql_close($conn);
?>
<?php
if ($_POST[op] == "add") {
header ("Location: /_edit_.php");
}
?>
<head>
<title>Edit Page</title>
</head>
<html>
<body>
<form action="<? echo $_SERVER["PHP_SELF"]; ?>" method="post">
<label>Edit - Current page: <? echo $pageid; ?> - <font color="red">NO server side scripting</font><br /><textarea name="edit" rows="25" cols="100" <? echo $tf; ?>><? echo $getedits; ?></textarea></label><br />
<input type="hidden" name="op" value="add" /><br />
<label for="pagenum">Page number</label><input type="text" name="pagenum" size="2" maxlength="<? echo $maxlen; ?>" value="<? echo $editid; ?>" onClick="this.form.pagenum.value=''" />
<input type="submit" name="submit" value="Edit" /><a href="/"><button>Home</button></a><font color="red"><--[step <b>2</b> and <b>3</b> for creating a page]-- Put your html in the text area then hit edit.</font>
</form>
<form method="post" action="<? echo $_SERVER["PHP_SELF"]; ?>">
<label for="pagenum">Page number</label><input type="text" name="pagenum" size="2" maxlength="<? echo $maxlen; ?>" value="<? echo $editid; ?>" onClick="this.form.pagenum.value=''" />
<input type="submit" name="submit" value="Get Page" /><font color="red"><--[step <b>1</b> for creating a page]-- Type in a page number then hit get.</font></form>
Go to <a href="/page.php?page=<? echo $editid; ?>" target="_blank">Page <? echo $editid; ?></a><font color="red"><--[step <b>4</b> for creating a page]-- go back to step <b>1</b> and go back to your newly created page then click this link.</font>
<br /><br />
</body>
</html>

####page.php###########REMOVE THIS LINE##########################

<?php
######Default page#####
$defaultpg = "0";
#######################

function db() {
    $conn = mysql_connect("db_host", "db_user", "db_pass") or die(mysql_error());
    mysql_select_db("db_name",$conn)  or die(mysql_error());
    return $conn;
}

$conn = db(); 

if (!$_GET[page]) {
$pg = $defaultpg;
} else {
$pg = "$_GET[page]";
}

$result = mysql_query("SELECT * FROM edit WHERE id='$pg'");

while($row = mysql_fetch_array($result))
  {
$edit = $row['edit'];
  } 
$getedits .= "$edit";

?>
<? echo $getedits; ?>

lehmann14l

Like Page Follow Author

Comments

Sign in to comment.
Blank   -  Jul 07, 2007

just a suggestion, but you should be using mysql_real_escape_string on any user based inputs (or at the very least, an \'if(!is_numeric($editid)) die(\"Invalid input\");\'), because they could easily compromise your system by SQL injection.

 Respond  
Are you sure you want to unfollow this person?
Are you sure you want to delete this?
Click "Unsubscribe" to stop receiving notices pertaining to this post.
Click "Subscribe" to resume notices pertaining to this post.