R
E
S
O
U
R
C
E
S
       Home      Products & Services      Contact Us      Links


WebHatchers will design & develop your site for you.
_______________________

Website Menu Heaven: menus, buttons, etc.
_______________________

Send us your questions.
_______________________

site search by freefind
_______________________

HOME
SEO, Google, Privacy
   and Anonymity
Browser Insanity
JavaScript
Popups and Tooltips
Free Website Search
HTML Form Creator
Animation
Buttons and Menus
Counters
Captchas
Image Uploading
CSS and HTML
PHP
AJAX
XPATH
Website Poll
IM and Texting
Databases—MySQL
   or Not MySQL
Personal Status Boards
Content Management
   Systems
Article Content
   Management Systems
Website Directory
   CMS Systems
Photo Gallery CMS
Forum CMS
Blog CMS
Customer Records
   Management CMS
Address Book CMS
Private Messaging CMS
Chat Room CMS
JavaScript Charts
   and Graphs




Free Personal Status Boards (PSB™)

Free Standard Free PSB

Free PSB Pro Version

Free Social PSB

Free Social PSB Plus (with Email)

Free Business PSB

Free Business PSB Plus (with Email)

PSB demo

Social PSB demo

Business PSB demo

So what's all this PSB stuff about?

Chart comparing business status boards

PSB hosting diagram

PSB Licence Agreement



Copyright © 2002 -
MCS Investments, Inc. sitemap

PSBs, social networking, social evolution, microcommunities, personal status boards
PSBs, social networking, business personal status boards
website design, ecommerce solutions
website menus, buttons, image rotators
Ez-Architect, home design software
the magic carpet and the cement wall, children's adventure book
the squirrel valley railroad, model railroad videos, model train dvds
the deep rock railroad, model railroad videos, model train dvds

PHP Code for Add Topic to Blog Database

Content Management System: Blogs


The blog's topic adding page whose code is on this web page allows you to sanitize input from the topic creation page—which is a different app page. The topic adding page's only goal is to let you sanitize topic data and put it into the MySQL table blog_question, the topics table.

On to the PHP code. As usual, we start with config.php, since without it, the MySQL-based blog would not be viable. You cannot relate to a db without knowing the magic words. Next, the security of the page is dealt with by ensuring the page visitor has the administrator's username. Note that the various pages on our blog app use both forms and URL query strings to transfer data between pages, so both POST and GET are checked for username, and if neither works, the visitor is sent to the login script. Not only is the username checked to ensure it is the administrator's username, the username is checked to make sure it has only 6 to 20 letters, numbers or underscore in it and no other characters—otherwise, it's off to the login script. If a hacker has put something nasty in the query string, he'll end up at the login script. All our blog app scripts have this same (almost) username checker at the top of the PHP section—except for the login script. We say "almost" because most pages (like this one) only allow the administrator access because most pages are about adding, deleting, or editing topics, replies, or categories. So, seeing if the username is the administrator's is in the user checker on most of these blog app pages.

The administrator's username is a bit silly, as you see. Feel free to change it (to AfDqC_1f3_DkI3j5k9N_ for example) when you register the administrator username and password, but you must use search and replace on ALL blog app pages searching for our silly name and replacing it with your not-as-silly name or you'll have more problems than a pregnant nun.

If your username matches the administrator's username, the topic inputting is checked and sanitized, using strip_tags(), htmlspecialchars(), preg_match(), preg_replace(), and mysql_real_escape_string() and some regular expressions. The data limits need to be followed like the instructions on the cms-create-blog-topic.php page say. If the data is too long or short or contains illegal characters, you get sent back to cms-create-blog-topic.php to do it right. If you're curious, the 047 and 057 in the preg_replace() function are single quote and forward slash. If the input is good, the topics table gets the data using the SQL command INSERT INTO. You get informed of the success or failure of your operation.

SAVE THIS PAGE AS: cms-add-blog-topic.php

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>Add Blog Topic—Content Management System (CMS)</TITLE>
<meta name="description" content="Add Blog Topic—Content Management System (CMS)">
<meta name="keywords" content="Blogs,Blog,Content Management System,Content Management System Articles,php,CMS,javascript, dhtml, DHTML">
</head>
<body>

<?php
include_once"config.php";

$U=$_POST['username'];if (!isset($U)){$U=$_GET['username'];}
if (isset($U)&&preg_match("/[A-Za-z0-9_]{6,20}$/",$U)){if($U<>"DIRTY_dog_DROPPINGS_"){unset($U);}}else{unset($U);}
if (!isset($U)){echo '<script language="javascript">alert("You are not the Administrator. Go login again but you can only add replies or just read topics.");window.location="blog-login.php"; </script>';}

$tbl_name="blog_question";

$topic=mysql_real_escape_string(substr($_POST['topic'],0,255));
$detail=substr($_POST['detail'],0,10000);
$name=mysql_real_escape_string(substr($_POST['name'],0,65));
$email=mysql_real_escape_string(substr($_POST['email'],0,65));
$C=mysql_real_escape_string($_POST['category']);

$datetime=date("d/m/y h:i:s");

$name = strip_tags($name);
$name = htmlspecialchars($name, ENT_QUOTES);
if (!preg_match("/[A-Za-z0-9_ ]{6,20}$/",$name)) {
echo '<script language="javascript">alert("Please enter 6 to 20 letters, space, numbers and underline for name."); window.location = "cms-create-blog-topic.php?id='.$id.'&username='.$U.'"; </script>';}

$topic = strip_tags($topic);
$topic = htmlspecialchars($topic, ENT_QUOTES);
if (!preg_match("/[A-Za-z0-9! \:\;\.\?\,_-]{6,255}$/",$topic)) {
echo '<script language="javascript">alert("Please enter 6 to 255 letters, numbers, hyphen, space, question mark, exclamation mark, semicolon, colon, comma and underline for the topic."); window.location = "cms-create-blog-topic.php?id='.$id.'&username='.$U.'"; </script>';}

$detail = strip_tags($detail);
$pattern2 = '/[^a-zA-Z0-9\\s\\.\\,\\!\\;\\-\\_\\"\\?\\047\\:\\(\\)\\057]/i';
$detail=preg_replace($pattern2, "", $detail);
$detail=mysql_real_escape_string($detail);
if (strlen($detail)<6) {
echo '<script language="javascript">alert("Please enter 6 to 10000 characters for details."); window.location = "cms-create-blog-topic.php?id='.$id.'&username='.$U.'"; </script>';}

$email = strip_tags($email);
$email = htmlspecialchars($email, ENT_QUOTES);
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email)) {
echo '<script language="javascript">alert("That email address is not valid."); window.location = "cms-create-blog-topic.php?id='.$id.'&username='.$U.'"; </script>';

}else{

$sql="INSERT INTO $tbl_name(topic, detail, name, email, datetime, category, open, topics_username)VALUES('$topic', '$detail', '$name', '$email', '$datetime', '$C', '1', '$U')";
$result=mysql_query($sql);

if($result){echo '<script language="javascript">window.location = "cms-blog.php?username='.$U.'"; </script>';

}else{
echo '<script language="javascript">alert("ERROR updating database tables"); window.location = "cms-blog.php?username='.$U.'"; </script>';}
}

mysql_close();
?>

</body>
</html>