This script is just a basic news script. Many more features could be added to make it more secure and whatnot, but I'm just going over the basics for the time being. Included are four files:
news.php (view news)
addnews.php (add news)
editnews.php (edit news)
deletenews.php (delete news)
Feel free to modify this however you may wish. All pages include the HTML to make things easier on your part. At the beginning is the news.sql file used to create the news table (use this in phpMyAdmin or whatever your program of choice is). Also, for the sake of simplicity, news.php will also serve as the place where we will select which articles we want to edit or delete. You can easily modify this later on by, say, making the links only show when the user is logged in as an admin.
news.sql
CREATE TABLE `news` (
`id` int(11) NOT NULL auto_increment,
`title` varchar(255) NOT NULL default '',
`author` varchar(255) NOT NULL default '',
`date` int(14) NOT NULL default '0',
`body` text NOT NULL,
PRIMARY KEY (`id`)
) TYPE=MyISAM AUTO_INCREMENT=7 ;
news.php
<html>
<head>
<title>News</title>
</head>
<body>
<hr>
<?php
// If No News ID Is Set
if (!isset($_GET[`id`])) {
// Grabbing All The News From The Table
$query2 = mysql_query("SELECT * FROM news");
$query = mysql_fetch_array($query2);
// Converts Date In The MySql Table To Correct Format
$date2 = $query[`date`];
$year = substr($date2, 0, 4);
$month = substr($date2, 4, 2);
$day = substr($date2, 6, 2);
$date = "$month-$day-$year";
?>
<b><? print $query['title']; ?></b><br />
<i>By <? print $query['author']; ?></i><br />
<i>Added On <? print $date; ?></i>
<br /><br />
<? print $query['article']; ?>
<br /><br />
<a href="editnews.php?id=<? print $query['id']; ?>">Edit Article</a> <a href="deletenews.php?id=<? print $query['id']; ?>">Delete Article</a>
<hr>
<?
// If The News ID Is Set
} else if (isset($_GET['id'])) {
$id = $_GET['id'];
//Grabs Only The News Article With That ID
$query = mysql_query("SELECT * FROM news WHERE id='$id'");
?>
<b><? print $query['title']; ?></b><br />
<i>By <? print $query['author']; ?></i><br />
<i>Added On <? print $date; ?></i>
<br /><br />
<? print $query['article']; ?>
<br /><br />
<a href="editnews.php?id=<? print $id; ?>">Edit Article</a> <a href="deletenews.php?id=<? print $id; ?>">Delete Article</a>
<hr>
<? } ?>
</body>
</html>
addnews.php
<html>
<head>
<title>Add News</title>
</head>
<body>
<?
// Displaying Any Errors Sent From The Add Subpage
if (isset($_GET['error'])) {
if ($_GET['error'] == '1') {
print '<font color="#FF0000"><b>ERROR: </b>You didn't fill in all of the fields. Please try again.</font>';
}
print '<br /><br />';
}
?>
<form method="post" action="addnews.php?subpage=add">
Title:<br />
<input type="text" name="title">
<br /><br />
Author:<br />
<input type="text" name="author">
<br /><br />
Article:<br />
<textarea name="article" cols="40" rows="10"></textarea>
<br /><br />
<input type="submit" value="Submit"> <input type="reset" value="Clear">
</form>
</body>
</html>
<?
// If The URL Points To The Subpage Add
if (isset($_GET['subpage']) && $_GET['subpage'] == 'add') {
$mysqlhost = "localhost"; // Localhost is default
$mysqluser = ""; // MySql Username
$mysqlpass = ""; // MySql Password
$mysqldb = "" // MySql Database
// Connecting To The Database
$dbh = mysql_connect ($mysqlhost, $mysqluser, $mysqlpass) or die ('Couldn't connect to database.');
mysql_select_db ($mysqldb);
// Checking For Errors
if (isset($_POST['title']) && isset($_POST['author']) && isset($_POST['article'])) {
$date = date(Ymd); // Date For Our Article
// Add News To Database
$query = mysql_query("INSERT INTO news SET title='$title', author='$author', date='$date', article='$article'");
} else {
header("Location: addnews.php?error=1") // Redirects Us Back To The Add News Page With The Error
}
}
?>
editnews.php
<html>
<head>
<title>Edit News</title>
</head>
<body>
<?
// Displaying Any Errors Sent From The Add Subpage
if (isset($_GET['error'])) {
if ($_GET['error'] == '1') {
print '<font color="#FF0000"><b>ERROR: </b>You didn't fill in all of the fields. Please try again.</font>';
}
print '<br /><br />';
// Making Sure That An ID Is Set
} else if (isset($_GET['id'])) {
// Grabbing News From Database With That ID
$query2 = mysql_query("SELECT * FROM news WHERE id=`$id`");
$query = mysql_fetch_array($query2);
?>
<form method="post" action="editnews.php?subpage=update">
Title:<br />
<input type="text" name="title" value="<? print $query['title']; ?>">
<br /><br />
Author:<br />
<input type="text" name="author" value="<? print $query['author']; ?>">
<br /><br />
Article:<br />
<textarea name="article" cols="40" rows="10"><? print $query['article']; ?></textarea>
<br /><br />
<input type="submit" value="Submit"> <input type="reset" value="Clear">
</form>
</body>
</html>
<? } else { ?>
<font color="#FF0000"><b>ERROR: </b>No ID is set. Please <a href="javascript:history.go(-1)">go back</a> and try again.</font>
<? }
// If The URL Points To The Subpage Update
if (isset($_GET['subpage']) && $_GET['subpage'] == 'update') {
$mysqlhost = "localhost"; // Localhost is default
$mysqluser = ""; // MySql Username
$mysqlpass = ""; // MySql Password
$mysqldb = "" // MySql Database
// Connecting To The Database
$dbh = mysql_connect ($mysqlhost, $mysqluser, $mysqlpass) or die ('Couldn't connect to database.');
mysql_select_db ($mysqldb);
// Checking For Errors
if (isset($_POST['title']) && isset($_POST['author']) && isset($_POST['article'])) {
// Updating News
$query = mysql_query("UPDATE news WHERE id='$id' SET title='$title', author='$author', date='$date', article='$article' LIMIT 1");
} else {
header("Location: editnews.php?error=1") // Redirects Us Back To The Edit News Page With The Error
}
}
?>
deletenews.php
<?php
// Making Sure A News ID Is Set
if (isset($_GET['id'])) {
$id = $_GET['id'];
// If No Subpage Is Set, We Go To A Confirmation Message
if (!isset($_GET['subpage'])) {
print 'Are you sure you want to delete this news?';
print '<br /><br />';
print '<a href="deletenews.php?subpage=delete&id=<? print $id; ?>">Yes</a> | <a href="news.php">No</a>';
// If The Subpage Is Set To Delete
} else if (isset($_GET['subpage']) && $_GET['subpage'] == 'delete') {
//Deleting The News
$query = mysql_query("DELETE FROM news WHERE id='$id' LIMIT 1");
// Error When No ID Is Set
print '<font face="Arial"><b>ERROR: </b>No ID is set. Please <a href="javascript:history.go(-1)">go back</a> and try again.</font>';
} ?>
Hopefully, this script has helped you make your site better. I tried my best to tell what everything in this script does to make things a bit easier., so hopefully that helped you better understand this script. Feel free to use this on your site. If you have any questions regarding the script, please contact me or leave a comment and I'll try to respond when I get a chance.
Nick Wilson wrote :1118
Well, looks like I made a few mistakes in this example. First of all is this part from news.php:
<?
// Converts Date In The MySql Table To Correct Format
$date2 = $news[`date`];
$year = substr($date2, 0, 4);
$month = substr($date2, 4, 2);
$day = substr($date2, 6, 2);
$date = "$month-$day-$year";
// If No News ID Is Set
if (!isset($_GET[`id`])) {
// Grabbing All The News From The Table
$query = mysql_query("SELECT * FROM news");
?>
Instead, it should be like this:
<?
// If No News ID Is Set
if (!isset($_GET[`id`])) {
// Grabbing All The News From The Table
$query2 = mysql_query("SELECT * FROM news");
$query = mysql_fetch_array($query2);
// Converts Date In The MySql Table To Correct Format
$date2 = $query[`date`];
$year = substr($date2, 0, 4);
$month = substr($date2, 4, 2);
$day = substr($date2, 6, 2);
$date = "$month-$day-$year";
?>
Next is this part from editnews.php:
// Grabbing News From Database With That ID
$query = mysql_query("SELECT * FROM news WHERE id=`$id`");
This should be instead:
// Grabbing News From Database With That ID
$query2 = mysql_query("SELECT * FROM news WHERE id=`$id`");
$query = mysql_fetch_array($query2);
And finally, this part from deletenews.php:
//Deleting The News
$query = mysql_query("DELETE * FROM news WHERE id=`$id` LIMIT 1");
Should be instead:
//Deleting The News
$query = mysql_query("DELETE FROM news WHERE id=`$id` LIMIT 1");
This should make the script run if it isn`t working right (even if it is, upgrade anyway, as version 4.3.6 introduces a much stricter level of coding as I found out the hard way, hence the modifications above). Hope this helps.
