jamesjmann Posted January 30, 2011 Share Posted January 30, 2011 And I'm talking as basic as you can go! I'm trying to implement a commenting system on my website for news articles I post, and I've only gotten as far as creating the script to connect to my database (I use mysql). I've tried every open source script online for this app and I've not been able to get any one to work within my website. They'll work on separate blank html pages, but I can't figure out how to put the code into my existing pages, which is a huge problem. As a result, I've resorted to creating my own script, which shouldn't be too difficult to make. If anyone could possibly describe a step by step process on how this can be done I would be incredibly grateful! Just note that I don't want to use ajax, jscript or any other languages like that, just PHP. Another question I have, is how would I organize my database to include all news articles, and comments with a news article "id"? Would I need to put both in separate tables and just assign each comment with the uniqe id associated with whatever news article? And the last thing, I want pagination for my news. I have it to where if I insert a news article column into my table "mynews", it'll show up on the home page, but how and where would I insert a pagination code to make the articles "paginate"? Quote Link to comment Share on other sites More sharing options...
jamesjmann Posted January 30, 2011 Author Share Posted January 30, 2011 I realized I just posted this, but I added a whole more info regarding the scripts I'm using and when i tried to update the last post, it wouldn't let me. And I'm talking as basic as you can go! I'm trying to implement a commenting system on my website for news articles I post, and I've only gotten as far as creating the script to connect to my database (I use mysql). I've tried every open source script online for this app and I've not been able to get any one to work within my website. They'll work on separate blank html pages, but I can't figure out how to put the code into my existing pages to go with each article. As a result, I've resorted to creating my own script for the comment box system, which shouldn't be too difficult to make. If anyone could possibly describe a step by step process on how this can be done I would be incredibly grateful! Just note that I don't want to use ajax, jscript or any other languages like that, just PHP. The second thing I want to discuss is my News Content Management System. I used an open source script for this, and it's really basic and easy to understand. I use it because I prefer it to manually typing in an article in dreamweaver (this gets really annoying and I had to find out the hard way). So, I turned to the CMS to help make posting news articles easier. The only problem I have with this script is the form page, as you'll see upon scrolling down. Here's the code I use to connect to my database: <?php $username = "commentboxacp"; //your username $password = "enter password here"; //your password $host = "enter host name here"; //your mySQL server $database = "commentboxacp"; //The name of the database your table is in mysql_connect($host,$username,$password) or die("Error connecting to Database!<br>" . mysql_error()); //connect, but if there is a problem, display an error message telling why there is a problem mysql_select_db($database) or die("Cannot select database!<br>" . mysql_error()); //Choose the database from your mySQL server, but if there is a problem, display an error telling why ?> Of course, I put the password and hostname in when I upload the script but I removed it here for obvious reasons. Now, this next script I inserted into my home page (index.php). <? include("cms/news/dbconnect.php"); //include the file to connect to the database $getnews = mysql_query("SELECT * FROM mynews ORDER BY id DESC"); //query the database for all of the news while($r=mysql_fetch_array($getnews)){ //while there are rows in the table extract($r); //remove the $r so its just $variable echo("<hr> <font size=4>$type: </font><font size=3>$title</font><br> <font size=1><em>Posted by $user</em></font><font size=1> | added on $time</font><br><br> <font size=2>$message</font><br><br> <font size=2><a href=cms/news/index.php>Read More - $url</a></font><br> <!--beginning of comment box--> <!--end of comment box--><p>"); } ?> When I put this on my home page, whatever's stored in my database will replace the "$" variables (that's what I think they're called) in the html format I created. This works great. The only problem I have with it is that I don't know how to assign the text css classes or insert divs to contain the articles. I also need a code for pagination, once the number of news articles I post exceeds a certain number, like "10". Also, notice that I put this right after the variables that display the information for the articles. <!--beginning of comment box--> <!--end of comment box--><p>"); Is this where I would put the html comment box? Assuming so, every time a new article is added to the database, a comment box would appear right underneath it. How would I assign it a unique id so that it'll only display comments related to the specific news article? Now, here's the cms form that doesn't work (I have NO IDEA what the problem is here). The way it's scripted, an error message should pop up if the database wasn't queried. When I test it, the database doesn't update, but no error message is displayed. <?php include("dbconnect.php"); //include the file that connects to the database if(!empty($title)) { //if the title is not empty, than do this function $title = addslashes($title); $user = addslashes($user); $message = addslashes($message); $url = addslashes($url); $time = addslashes($time); $type = addslashes($type); $sql = "INSERT INTO mynews (id, title, user, message, url, time, type) VALUES ('NULL', '$title','$user','$message','$url','$time','$type')"; //Insert all of your information into the mynews table in your database $query = mysql_query($sql) or die("Cannot query the database.<br>" . mysql_error()); echo "Database Updated."; } else { //However, if the title variable is empty, than do this function ?> <form name="news" method="post" action="<?php echo $PHP_SELF; ?>"> <h1>Post New Article</h1> <p>Please fill out all of the following fields:</p> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="cmsNewsformText">Type*:</td> <td><font size="1"> <input name="type" type="text" class="cmsNewforms" size="50" /> </font></td> </tr> <tr> <td width="109" class="cmsNewsformText">News Topic/Title*: </td> <td width="471"> <font size="1"> <input name="title" type="text" class="cmsNewforms" value="enter title of article" size="50"> </font></td> </tr> <tr> <td width="109" class="cmsNewsformText">Username*:</td> <td width="471"> <font size="1"> <input name="user" type="text" class="cmsNewforms" value="enter username" size="50"> </font></td> </tr> <tr> <td class="cmsNewsformText">Url*:</td> <td><font size="1"> <input name="url" type="text" class="cmsNewforms" value="enter url of news article" size="50" /> </font></td> </tr> <tr> <td width="109" class="cmsNewsformText">Message*:</td> <td width="471"> <font size="1"> <textarea name="message" cols=43 rows=10 class="cmsNewforms">enter body of article </textarea> </font></td> </tr> </table> <p> <font size="1"> <input name="Submit" type="submit" class="Button1" value="Submit"> </font> </p> </form> <?php } //end this function ?> The way this script it supposed to work is to take the information put in the fields and return it to the database. The script on the home page would then run through the database and pull that information to display. The problem though is that the information isn't getting sent. This is the only script out of the three that doesn't work. Help? Quote Link to comment Share on other sites More sharing options...
blew Posted January 30, 2011 Share Posted January 30, 2011 you are not passing the fields to the code look $title = addslashes($title); $user = addslashes($user); $message = addslashes($message); $url = addslashes($url); $time = addslashes($time); $type = addslashes($type); see? try making this $title = addslashes($_POST['title']); $user = addslashes($_POST['user']); $message = addslashes($_POST['message']); $url = addslashes($_POST['url']); $time = addslashes($_POST['time']); $type = addslashes($_POST['type']); try it and let me know if worked properly Quote Link to comment Share on other sites More sharing options...
jamesjmann Posted January 30, 2011 Author Share Posted January 30, 2011 you are not passing the fields to the code look $title = addslashes($title); $user = addslashes($user); $message = addslashes($message); $url = addslashes($url); $time = addslashes($time); $type = addslashes($type); see? try making this $title = addslashes($_POST['title']); $user = addslashes($_POST['user']); $message = addslashes($_POST['message']); $url = addslashes($_POST['url']); $time = addslashes($_POST['time']); $type = addslashes($_POST['type']); try it and let me know if worked properly That didn't work. It's still just refreshing the page and doesn't seem to be talking to my database at all. Quote Link to comment Share on other sites More sharing options...
jamesjmann Posted January 30, 2011 Author Share Posted January 30, 2011 you are not passing the fields to the code look $title = addslashes($title); $user = addslashes($user); $message = addslashes($message); $url = addslashes($url); $time = addslashes($time); $type = addslashes($type); see? try making this $title = addslashes($_POST['title']); $user = addslashes($_POST['user']); $message = addslashes($_POST['message']); $url = addslashes($_POST['url']); $time = addslashes($_POST['time']); $type = addslashes($_POST['type']); try it and let me know if worked properly Here's the url to the form http://www.djsmiley.net/postnews.php Quote Link to comment Share on other sites More sharing options...
blew Posted January 30, 2011 Share Posted January 30, 2011 post all the code from postnew.php to see wheres the error Quote Link to comment Share on other sites More sharing options...
jamesjmann Posted January 30, 2011 Author Share Posted January 30, 2011 This is with the code you gave me. <?php include("dbconnect.php"); //include the file that connects to the database if(!empty($title)) { //if the title is not empty, than do this function $title = addslashes($_POST['title']); $user = addslashes($_POST['user']); $message = addslashes($_POST['message']); $url = addslashes($_POST['url']); $time = addslashes($_POST['time']); $type = addslashes($_POST['type']); $sql = "INSERT INTO mynews (id, title, user, message, url, time, type) VALUES ('NULL', '$title','$user','$message','$url','$time','$type')"; //Insert all of your information into the mynews table in your database $query = mysql_query($sql) or die("Cannot query the database.<br>" . mysql_error()); echo "Database Updated."; } else { //However, if the title variable is empty, than do this function ?> <form name="news" method="post" action="<?php echo $PHP_SELF; ?>"> <h1>Post New Article</h1> <p>Please fill out all of the following fields:</p> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="cmsNewsformText">Type*:</td> <td><font size="1"> <input name="type" type="text" class="cmsNewforms" size="50" /> </font></td> </tr> <tr> <td width="109" class="cmsNewsformText">News Topic/Title*: </td> <td width="471"> <font size="1"> <input name="title" type="text" class="cmsNewforms" value="enter title of article" size="50"> </font></td> </tr> <tr> <td width="109" class="cmsNewsformText">Username*:</td> <td width="471"> <font size="1"> <input name="user" type="text" class="cmsNewforms" value="enter username" size="50"> </font></td> </tr> <tr> <td class="cmsNewsformText">Url*:</td> <td><font size="1"> <input name="url" type="text" class="cmsNewforms" value="enter url of news article" size="50" /> </font></td> </tr> <tr> <td width="109" class="cmsNewsformText">Message*:</td> <td width="471"> <font size="1"> <textarea name="message" cols=43 rows=10 class="cmsNewforms">enter body of article </textarea> </font></td> </tr> </table> <p> <font size="1"> <input name="Submit" type="submit" class="Button1" value="Submit"> </font> </p> </form> <?php } //end this function ?> Quote Link to comment Share on other sites More sharing options...
jamesjmann Posted January 30, 2011 Author Share Posted January 30, 2011 I'm also having an issue when launching the "displaynews.php". I've never encountered this issue before now: Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/content/d/j/s/djsmiley/html/displaynews.php on line 13 Here's the code for "displaynews.php". The error in action: http://www.djsmiley.net/displaynews.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Display News</title> </head> <body> <? include("dbconnect.php"); //include the file to connect to the database $getnews = mysql_query("SELECT * FROM mynews ORDER BY id DESC"); //query the database for all of the news while($r=mysql_fetch_array($getnews)){ //while there are rows in the table extract($r); //remove the $r so its just $variable echo("<hr> <font size=3>$title added on $date</font><br> <font size=1>Posted by $user</font><br> <font size=2>$message</font><p>"); } ?> </body> </html> Quote Link to comment Share on other sites More sharing options...
blew Posted January 30, 2011 Share Posted January 30, 2011 <form name="news" method="post" action="<?php echo $PHP_SELF; ?>"> try changing the action="..." to <?php echo $_SERVER['PHP_SELF']; ?> displaynews.php -> try this code <?php include("dbconnect.php"); //include the file to connect to the database $getnews = mysql_query("SELECT * FROM mynews ORDER BY id DESC"); //query the database for all of the news while($r=mysql_fetch_array($getnews)){ //while there are rows in the table echo "<hr>"; echo "<font size=\"3\">$r['title'] added on $r['date']</font><br>"; echo "<font size=\"1\">Posted by $r['user']</font><br>"; echo "<font size=\"2\">$r['message']</font><p>"; } ?> see if this solves Quote Link to comment Share on other sites More sharing options...
jcbones Posted January 30, 2011 Share Posted January 30, 2011 This needs fixing as well: if(!empty($title)) { //if the title is not empty, than do this function <-This should be $_POST['title'], as the variable is not declared until the next line. $title = addslashes($_POST['title']); Quote Link to comment Share on other sites More sharing options...
jamesjmann Posted January 30, 2011 Author Share Posted January 30, 2011 I tried all of the above methods but im still getting errors, and i checked my database and no new columns have been added. Quote Link to comment Share on other sites More sharing options...
QuickOldCar Posted January 30, 2011 Share Posted January 30, 2011 As for your pagination, you can use either one of these and modify it to your needs. The first can do any posts amount, the second I hard coded set to 10 posts per page, which I didn't need more. It takes more math to predetermine all the +jump-to pages Can see them both working and the codes embed below them. http://get.blogdns.com/paginate and this is more deluxe http://get.blogdns.com/dynaindex/paginate.php Basically it controls the limit in a mysql query determined by what current page you are on. Since it gets the script and also queries in the url you should be able to use a GET['comment'] in the code you are doing and it would pass the value to the next set of comments Quote Link to comment Share on other sites More sharing options...
jamesjmann Posted January 30, 2011 Author Share Posted January 30, 2011 OMG dude i just realized in my "dbconnect.php" file i was pointing to the wrong database lol. i fixed that and now the original code i had works. u can view it at http://www.djsmiley.net/displaynews.php im still encountering issues with the form though. im still using the code with ur modifications and it's not working. Quote Link to comment Share on other sites More sharing options...
jamesjmann Posted January 30, 2011 Author Share Posted January 30, 2011 As for your pagination, you can use either one of these and modify it to your needs. The first can do any posts amount, the second I hard coded set to 10 posts per page, which I didn't need more. It takes more math to predetermine all the +jump-to pages Can see them both working and the codes embed below them. http://get.blogdns.com/paginate and this is more deluxe http://get.blogdns.com/dynaindex/paginate.php Basically it controls the limit in a mysql query determined by what current page you are on. Since it gets the script and also queries in the url you should be able to use a GET['comment'] in the code you are doing and it would pass the value to the next set of comments I just reviewed the code from the links you provided and all of it seems like japanese to me. Do you know how and where I can insert this code into the script I have posted? Or is it a more complicated matter than just copying and inserting? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted January 30, 2011 Share Posted January 30, 2011 <form name="news" method="post" action="<?php echo $PHP_SELF; ?>"> try changing the action="..." to <?php echo $_SERVER['PHP_SELF']; ?> Or even better, since $_SERVER['PHP_SELF'] is a known XSS vulnerability as a form action, just use action="" to submit a form to itself. Quote Link to comment Share on other sites More sharing options...
jamesjmann Posted January 30, 2011 Author Share Posted January 30, 2011 <form name="news" method="post" action="<?php echo $PHP_SELF; ?>"> try changing the action="..." to <?php echo $_SERVER['PHP_SELF']; ?> Or even better, since $_SERVER['PHP_SELF'] is a known XSS vulnerability as a form action, just use action="" to submit a form to itself. This didn't work either, so I decided to change the action="" to action="process.php" Here is the code for process.php <?php $name=$_POST['user']; $email=$_POST['title']; $location=$_POST['message']; $type=$_POST['type']; $url=$_POST['url']; mysql_connect("your hostname", "cmsnewsacp", "your password") or die(mysql_error()); mysql_select_db("cmsnewsacp") or die(mysql_error()); mysql_query("INSERT INTO `mynews` VALUES ('$user', '$title', '$message', '$type', '$url')"); Print "The article has successfully been posted"; ?> Now, when you send the form, it directs you to the "The article has successfully been posted" message, but it's still not getting sent to my database and IDK Y Here's the code again for postnews.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Post News</title> </head> <body> <form name="news" method="post" action="process.php"> <h1>Post New Article</h1> <p>Please fill out all of the following fields:</p> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td class="cmsNewsformText">Type*:</td> <td><font size="1"> <input name="type" type="text" class="cmsNewforms" size="50" /> </font></td> </tr> <tr> <td width="109" class="cmsNewsformText">News Topic/Title*: </td> <td width="471"> <font size="1"> <input name="title" type="text" class="cmsNewforms" value="enter title of article" size="50"> </font></td> </tr> <tr> <td width="109" class="cmsNewsformText">Username*:</td> <td width="471"> <font size="1"> <input name="user" type="text" class="cmsNewforms" value="enter username" size="50"> </font></td> </tr> <tr> <td class="cmsNewsformText">Url*:</td> <td><font size="1"> <input name="url" type="text" class="cmsNewforms" value="enter url of news article" size="50" /> </font></td> </tr> <tr> <td width="109" class="cmsNewsformText">Message*:</td> <td width="471"> <font size="1"> <textarea name="message" cols=43 rows=10 class="cmsNewforms">enter body of article </textarea> </font></td> </tr> </table> <p> <font size="1"> <input name="Submit" type="submit" class="Button1" value="Submit"> </font> </p> </form> </body> </html> And here's displaynews.php <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body> <? include("dbconnect.php"); //include the file to connect to the database $getnews = mysql_query("SELECT * FROM mynews ORDER BY id DESC"); //query the database for all of the news while($r=mysql_fetch_array($getnews)){ //while there are rows in the table extract($r); //remove the $r so its just $variable echo("<hr> <font size=3>$title added on $date</font><br> <font size=1>Posted by $user</font><br> <font size=2>$message</font><p>"); } ?> </body> </html> Does anyone know why this could be? The link to the form is http://www.djsmiley.net/postnews.php To see the news displayed from the database: http://www.djsmiley.net/displaynews.php Quote Link to comment Share on other sites More sharing options...
QuickOldCar Posted January 30, 2011 Share Posted January 30, 2011 Yes, your insert isn't inserting anything. mysql_query("INSERT INTO `mynews` VALUES ('$user', '$title', '$message', '$type', '$url')"); should be something like, of course use your values in the database whatever they are mysql_query("INSERT INTO mynews (user, title, message, type, url) VALUES ('$user', '$title', '$message', '$type', '$url')"); Well that's to be specific, but inserting the other way should still insert them, I did see you originally had it the specific way to start off. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted January 30, 2011 Share Posted January 30, 2011 There's no logic in place to return any debugging information. mysql_select_db("cmsnewsacp") or die(mysql_error()); $query = "INSERT INTO `mynews` VALUES ('$user', '$title', '$message', '$type', '$url')"; if( $result = mysql_query($query) ) { if( mysql_affected_rows() > 0 ) { echo 'The article has successfully been posted'; } else { echo 'Query ran successfully, but no record was inserted.'; } } else { // Next line should be changed to a generic 'Sorry, there was an error' type of message in a production environment . . . echo "<br>Query: $query<br>Failed with error: " . mysql_error() . '<br>'; } ?> Quote Link to comment Share on other sites More sharing options...
jamesjmann Posted January 30, 2011 Author Share Posted January 30, 2011 OMG thank you quick car that worked!!!!!! i can now post articles online!!! yay!!! Quote Link to comment Share on other sites More sharing options...
QuickOldCar Posted January 30, 2011 Share Posted January 30, 2011 Good, now you may want to filter,escape,sanitize any of the user input before it gets to the database. Quote Link to comment Share on other sites More sharing options...
jamesjmann Posted January 30, 2011 Author Share Posted January 30, 2011 Good, now you may want to filter,escape,sanitize any of the user input before it gets to the database. What do you mean? Quote Link to comment Share on other sites More sharing options...
QuickOldCar Posted January 30, 2011 Share Posted January 30, 2011 block unwanted characters http://php.net/manual/en/function.mysql-real-escape-string.php fix quotes and such http://php.net/manual/en/function.htmlentities.php You just can't let anyone input what they want. btw, i did a test post and it didn't show my name or the text, got the insert and then select values correct and the same on both display.php and process.php? Quote Link to comment Share on other sites More sharing options...
jamesjmann Posted January 30, 2011 Author Share Posted January 30, 2011 block unwanted characters http://php.net/manual/en/function.mysql-real-escape-string.php fix quotes and such http://php.net/manual/en/function.htmlentities.php You just can't let anyone input what they want. btw, i did a test post and it didn't show my name or the text, got the insert and then select values correct and the same on both display.php and process.php? Yeah, I fixed that about a second before you posted this. I guess I misnamed a variable in process.php <?php $user=$_POST['user']; //for example, "$user" was named something else which is why it didn't display your name you typed $title=$_POST['title']; $message=$_POST['message']; $type=$_POST['type']; $url=$_POST['url']; mysql_connect("hostname", "username", "password") or die(mysql_error()); mysql_select_db("cmsnewsacp") or die(mysql_error()); mysql_query("INSERT INTO mynews (user, title, message, type, url) VALUES ('$user', '$title', '$message', '$type', '$url')"); Print "The article has successfully been posted"; ?> MOD Edit: DB login credentials removed . . . Quote Link to comment Share on other sites More sharing options...
jamesjmann Posted January 30, 2011 Author Share Posted January 30, 2011 How and where would I insert the escape string and how would I modify it accordingly? Quote Link to comment Share on other sites More sharing options...
jcbones Posted January 30, 2011 Share Posted January 30, 2011 Take your mysql_query string, and turn it into something like: $sql = sprintf("INSERT INTO mynews (user, title, message, type, url) VALUES ('%s', '%s', '%s', '%s', '%s')", mysql_real_escape_string($user), mysql_real_escape_string($title), mysql_real_escape_string($message), mysql_real_escape_string($type), mysql_real_escape_string($url)); $result = mysql_query($sql); As always Un-tested (may be a parse error). Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.