Jump to content

Need PHP / MYSQL Blog help urgent

Blaze97

By Blaze97
in PHP Coding Help

 Share

Recommended Posts

Blaze97 Newbie

Blaze97

Posted
Posted

Okay so you may have noticed an earlier post from myself that problem have been fixed,

 

Some background info, The website is currently on my test server so not connected to the internet. I have only been learning PHP for the last 3-4 days so I am fairly new to most things so please keep your explanations simple, The finished code here is being designed for use on large scale websites with a lot of users around 100,000+ per 24 hour period and therefor will need to be secure. Yet I have no idea how to do that, The script once finished will also be freely distributed and contributors will be fairly credited.

 

I have some new problems that I need help fixing, So I am creating a PHP Blog connected to my MYSQL Database, Currently there is no admin backend that's a job for later but I do have the following files.

 

index.php - This displays all blog posts for all my categorys

news.php - This displays each blog post on there own

config.php - This contains my server connect code

 

I also have the following fields in my database

articleid - Unique ID number of each blog post

category - The category the blog post is in

title - The title of each blog post

body - The body of each post

author - The name of the author

date - date of posting

 

But now I need to add some comments so can anyone please help out, The comments should only appear below the article on the 'news.php' page so I was hoping someone could write me a script to post and display the comments, (No login system needed I got that covered surprisingly.) if you can also give me a .sql file to add the needed tables to my database that would be greatly appreciated,

 

Lastly would it be possible for someone to secure the script so it is invulnerable to SQL Injection attacks and any other form of attack that someone could pull off on the site.

 

So bring on the code,

 

Index.php

<?php include("config/config.php");
$data = mysql_query("SELECT * FROM blog ORDER by date ASC") 
or die(mysql_error()); 
while($row = mysql_fetch_array($data))
  {
echo "<table class='main'> <tr> <td> <a href='/news.php?articleid=" . $row['articleid'] . "' class='article_title'>" . $row['title'] . "</a>
<p>" . $row['introduction'] . "</p></td><tr><td ALIGN='RIGHT' class='small'> Posted by:" . $row['author'] . ", on " . $row['date'] .  ",</td></tr></table>";
  }
?>

Comments:I have removed all the junk out and left the basic script,

 

news.php

<?php include("config/config.php");
$data = mysql_query("SELECT * FROM blog WHERE articleid = {$_GET['articleid']} ORDER by date ASC")
or die(mysql_error()); 
while($row = mysql_fetch_array($data))
  {
echo "<table class='main'> <tr> <td> <a href='/news.php?articleid=" . $row['articleid'] . "' class='article_title'>" . $row['title'] . "</a>
<p>" . $row['introduction'] . "</p></td><tr><td ALIGN='RIGHT' class='small'> Posted by:" . $row['author'] . ", on " . $row['date'] .  ",</td></tr></table>";
  }
?>

Comments:So here's the complex bit if someone could please add the comments below the article here,

 

Thanks again,

Blaze,

(Really bad PHP Programmer)

Link to comment
Share on other sites
Blaze97 Newbie

Blaze97

Posted
  • Author
Posted

Yeah, I would post on the freelance forum but I'm keeping this to a budget of zero, I suppose I can probably sort out the comment script I had a think over it today and got an idea how to do it,

 

But still really need help preventing SQL Injection attacks and any other stupid attack that exists.

 

So if anyone can help with that I'd be greatful

Link to comment
Share on other sites
Muddy_Funster Regular Member

Muddy_Funster

Posted
Posted
Lastly would it be possible for someone to secure the script so it is invulnerable to SQL Injection attacks and any other form of attack that someone could pull off on the site.

 

Short answer - No.

Long Answer - Nothing is impervious to attack (if it was people wouldn't be finding ways into goverment systems as often as they do).  Read up on the use of SSL, mysql_real_escape_string() and Data Sanatisation and you should be as safe as you will need to be.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.