Comments on: Creating a PHP CMS – Part 3 http://fwebde.com/web-design/creating-a-php-cms-part-3/ Helping people to make fantastic websites, whether you are a designer, a developer, or someone just who loves websites. Fri, 15 Jul 2011 11:19:41 +0000 hourly 1 http://wordpress.org/?v=3.3 By: lizzie http://fwebde.com/web-design/creating-a-php-cms-part-3/comment-page-1/#comment-3819 lizzie Wed, 13 Apr 2011 12:35:02 +0000 http://fwebde.com/?p=275#comment-3819 To clarify, it's a parse error, not an arse error :-S To clarify, it's a parse error, not an arse error :-S

]]> By: lizzie http://fwebde.com/web-design/creating-a-php-cms-part-3/comment-page-1/#comment-3818 lizzie Tue, 12 Apr 2011 15:38:38 +0000 http://fwebde.com/?p=275#comment-3818 Hii thanks for the wonderful tutorial. I'm up to the end of this page and I'm having trouble with functions.php, I get the following error {arse error: syntax error, unexpected T_REQUIRE_ONCE on line 4 It's require_once '../functions.php'; on line 4. Any suggestions? Hii thanks for the wonderful tutorial. I'm up to the end of this page and I'm having trouble with functions.php, I get the following error

{arse error: syntax error, unexpected T_REQUIRE_ONCE on line 4

It's
require_once '../functions.php';
on line 4.

Any suggestions?

]]> By: DavE http://fwebde.com/web-design/creating-a-php-cms-part-3/comment-page-1/#comment-3770 DavE Thu, 03 Mar 2011 15:30:03 +0000 http://fwebde.com/?p=275#comment-3770 <?php include '../functions.php' connect(); // Check if the title is entered if ($_POST['title']) { $title = mysql_real_escape_string($_POST['title']); } else { echo 'The title field is empty.'; } // Check if the body is entered if ($_POST['body']) { $body = mysql_real_escape_string($_POST['body']); } else { echo 'The body field is empty.'; } $date = time(); // If the title and body are both entered, insert into the database if ($title && $body) { connect(); mysql_query("INSERT INTO pages (title, body, date) VALUES ('$title', '$body', '$date')"); } else { echo '<a href="new.php">Back</a>'; } ?> what is wrong? <?php
include '../functions.php'
connect();

// Check if the title is entered
if ($_POST['title']) {
$title = mysql_real_escape_string($_POST['title']);
} else {
echo 'The title field is empty.';
}

// Check if the body is entered
if ($_POST['body']) {
$body = mysql_real_escape_string($_POST['body']);
} else {
echo 'The body field is empty.';
}

$date = time();

// If the title and body are both entered, insert into the database
if ($title && $body) {
connect();

mysql_query("INSERT INTO pages (title, body, date) VALUES ('$title', '$body', '$date')");
} else {
echo 'Back';
}
?>

what is wrong?

]]> By: Kars http://fwebde.com/web-design/creating-a-php-cms-part-3/comment-page-1/#comment-2065 Kars Sun, 26 Sep 2010 15:35:01 +0000 http://fwebde.com/?p=275#comment-2065 Ah man all the time it was giving empty fields and i didn't know why! But i had deleted connect() at the start because i thought it wasn't needed since it was already called to later on with the insert query. I had to find out that mysql_real_escape_string does only work when there 's a connection with the database >.<. Kinda logic, but it's nice to know. Moving on..;p Ah man all the time it was giving empty fields and i didn't know why! But i had deleted connect() at the start because i thought it wasn't needed since it was already called to later on with the insert query. I had to find out that mysql_real_escape_string does only work when there 's a connection with the database >.<. Kinda logic, but it's nice to know. Moving on..;p

]]> By: Eric Bannatyne http://fwebde.com/web-design/creating-a-php-cms-part-3/comment-page-1/#comment-2044 Eric Bannatyne Fri, 27 Aug 2010 17:43:17 +0000 http://fwebde.com/?p=275#comment-2044 If you're getting errors with mysql_real_escape_string, that probably means that there is a problem with your connection to the MySQL database. Remember: When inserting data into a database using these methods it is always <strong>crucial</strong> to sanitize your inputs using mysql_real_escape_string, doing otherwise would be a huge security risk (See the SQL injection section of <a href="http://fwebde.com/programming/hack-your-own-site/">Hack Your Own Site</a>. That article also mentions using prepared statements, a "newer" way of doing this, which is not mentioned in this article. If you're getting errors with mysql_real_escape_string, that probably means that there is a problem with your connection to the MySQL database.

Remember: When inserting data into a database using these methods it is always crucial to sanitize your inputs using mysql_real_escape_string, doing otherwise would be a huge security risk (See the SQL injection section of Hack Your Own Site. That article also mentions using prepared statements, a "newer" way of doing this, which is not mentioned in this article.

]]> By: cathy http://fwebde.com/web-design/creating-a-php-cms-part-3/comment-page-1/#comment-2043 cathy Fri, 27 Aug 2010 13:21:20 +0000 http://fwebde.com/?p=275#comment-2043 I have tried this code, initially i got errors refering to "mysql_real_escape_string" I decideed to remove this and just use "$title = $_GET['title'];". I now hav enoerrors but the data is not saving, Am I doin fsomething wrong? I have tried this code, initially i got errors refering to "mysql_real_escape_string"

I decideed to remove this and just use "$title = $_GET['title'];".

I now hav enoerrors but the data is not saving, Am I doin fsomething wrong?

]]> By: Eric Bannatyne http://fwebde.com/web-design/creating-a-php-cms-part-3/comment-page-1/#comment-95 Eric Bannatyne Thu, 20 Aug 2009 03:07:25 +0000 http://fwebde.com/?p=275#comment-95 Kabarovsky: This is probably not the case, but you can try making sure that the value of the 'name' attributes in your form fields match your $_POST values. Kabarovsky: This is probably not the case, but you can try making sure that the value of the 'name' attributes in your form fields match your $_POST values.

]]> By: Eric Bannatyne http://fwebde.com/web-design/creating-a-php-cms-part-3/comment-page-1/#comment-92 Eric Bannatyne Wed, 19 Aug 2009 01:52:24 +0000 http://fwebde.com/?p=275#comment-92 The quotes are really mostly extra protection, just in case... :P The quotes are really mostly extra protection, just in case... :P

]]> By: Hua Chen http://fwebde.com/web-design/creating-a-php-cms-part-3/comment-page-1/#comment-91 Hua Chen Wed, 19 Aug 2009 01:37:31 +0000 http://fwebde.com/?p=275#comment-91 I also afraid of SQL injection, but didn't mysql_real_escape_string has already prevent it? Can you help me Google it in Google English or ask your friends about it? Thanks! I also afraid of SQL injection, but didn't mysql_real_escape_string has already prevent it? Can you help me Google it in Google English or ask your friends about it? Thanks!

]]> By: Eric Bannatyne http://fwebde.com/web-design/creating-a-php-cms-part-3/comment-page-1/#comment-90 Eric Bannatyne Tue, 18 Aug 2009 16:26:12 +0000 http://fwebde.com/?p=275#comment-90 Hua Chen: There are some speed differences. I think that the quotes may also help to prevent SQL injection, but I'm not completely sure. Hua Chen: There are some speed differences. I think that the quotes may also help to prevent SQL injection, but I'm not completely sure.

]]>