R
E
S
O
U
R
C
E
S
       Home      Products & Services      Contact Us      Links


WebHatchers will design & develop your site for you.
_______________________

Website Menu Heaven: menus, buttons, etc.
_______________________

Send us your questions.
_______________________

site search by freefind
_______________________

HOME
SEO, Google, Privacy
   and Anonymity
Browser Insanity
JavaScript
Popups and Tooltips
Free Website Search
HTML Form Creator
Animation
Buttons and Menus
Counters
Captchas
Image Uploading
CSS and HTML
PHP
AJAX
XPATH
Website Poll
IM and Texting
Databases—MySQL
   or Not MySQL
Personal Status Boards
Content Management
   Systems
Article Content
   Management Systems
Website Directory
   CMS Systems
Photo Gallery CMS
Forum CMS
Blog CMS
Customer Records
   Management CMS
Address Book CMS
Private Messaging CMS
Chat Room CMS
JavaScript Charts
   and Graphs




Free Personal Status Boards (PSB™)

Free Standard Free PSB

Free PSB Pro Version

Free Social PSB

Free Social PSB Plus (with Email)

Free Business PSB

Free Business PSB Plus (with Email)

PSB demo

Social PSB demo

Business PSB demo

So what's all this PSB stuff about?

Chart comparing business status boards

PSB hosting diagram

PSB Licence Agreement



Copyright © 2002 -
MCS Investments, Inc. sitemap

PSBs, social networking, social evolution, microcommunities, personal status boards
PSBs, social networking, business personal status boards
website design, ecommerce solutions
website menus, buttons, image rotators
Ez-Architect, home design software
the magic carpet and the cement wall, children's adventure book
the squirrel valley railroad, model railroad videos, model train dvds
the deep rock railroad, model railroad videos, model train dvds

PHP Code for Edit Topic in Database

Content Management System: Blogs


The blog's topic editing page whose code is on this web page has a sidebar with info on what is allowed in editing topics, and only topics can be edited on this page. You're allowed to have bold, underscore, italics, links, email links, pictures, videos, and audios in either topics or replies. The only limitation is that you must use our tag system when typing in new topics and/or replies. Only the selected topic's detail and category fields are displayed on this page for editing and you may feel free to enter the custom tags for bold, underscore, italics, links, email links, pictures, videos, and audios in the details field. (You may edit the category field here as well—simply choose a category from the dropdown menu.) The details field is displayed in a textarea box for editing convenience, and whatever changes you make will go into the db when you submit the form. And here are the custom tags you will use in your text:

No single or double quotes or Enter/Return allowed in topic titles. Use letters, numbers, spaces and these: , . ) ? : ( ; _ - ! / in title and content. In content only, you may use single or double quotes or Enter/Return. Use Returns for new paragraphs. For italics, starting and ending tags are (i-) and (ii-). For bold, use (b-) and (bb-). Underline is (u-) and (uu-). For links, use (l-) then domain without http://, then (ll-) then link text, then (lll-). For emails, use (e-) then email address with (ee-) instead of @, then (eee-) then subject, then (eeee-) then link text, then (eeeee-).

For pictures, use (p-) as start tag, then the complete picture URL with .jpg or .png or .gif or .bmp extension, then (pp-) as end tag. If the picture somehow is on the blog server near the blog folder but is in a higher level folder than the subfolder your Content Management System is in, put 2 dots before the name and just make sure you use the picture name only, not a URL path, for this special case. If it's in a subfolder like "images", then move it to the higher level folder or the subfolder your Content Management System is in. If the image is wider than 580 pixels, resave it to 580.

For YouTube video, use (v-) as start tag, then the letter code after http://www.youtube.com/v/ and before &hl=en_US&fs=1& in your video's YouTube Embed code, then (vv-), then the same letter code again, then (vvv-) as end tag. If the video you want to use is not on YouTube, upload it there before proceeding.

For audio, use (a-) as start tag, then the sound's name, then (aa-), then the complete sound file URL ending in .mp3 or .wav, then (aaa-) as end tag. Make sure the site administrator has put the sound.js file in the folder your blog Content Management System is in, and do not try to put this JavaScript on the web page—it needs to be a separate file. Save the following code (exactly, without adding script tags or anything else!) as sound.js: function sound(s,q) {document.getElementById(q).innerHTML="<embed src='"+s+"' hidden=true autostart=true loop=false>"}

Depending on which topic's Edit Topic link is clicked on the blog home page or the topic and replies viewing page, its corresponding id number will be sent via query string (along with the username) to this blog topic editing page and only this topic's detail and category fields will be visible on this editing page. For other topics, you must return first to the topic and replies viewing page from a "Return to Topic—don't edit" link on this blog topic editing page, then from there use the "Return to Blog" link to get you to the home page where you can choose any topic.

On to the PHP code. As usual, we start with config.php, since without it, the MySQL-based blog would not be viable. You cannot relate to a db without knowing the magic words. Next, the security of the page is dealt with by ensuring the page visitor has the administrator's username. Note that the various pages on our blog app use both forms and URL query strings to transfer data between pages, so both POST and GET are checked for username, and if neither works, the visitor is sent to the login script. Not only is the username checked to ensure it is the administrator's username, the username is checked to make sure it has only 6 to 20 letters, numbers or underscore in it and no other characters—otherwise, it's off to the login script. If a hacker has put something nasty in the query string, he'll end up at the login script. All our blog app scripts have this same (almost) username checker at the top of the PHP section—except for the login script. We say "almost" because most pages (like this one) only allow the administrator access because most pages are about adding, deleting, or editing topics, replies, or categories. So, seeing if the username is the administrator's is in the user checker on most of these blog app pages.

The administrator's username is a bit silly, as you see. Feel free to change it (to AfDqC_1f3_DkI3j5k9N_ for example) when you register the administrator username and password, but you must use search and replace on ALL blog app pages searching for our silly name and replacing it with your not-as-silly name or you'll have more problems than a pregnant nun.

Next comes GETting the topic id gotten from the URL query string that brought us to this topic editing page. We also get the POSTed detail, category, and flag that the form on this page sent to this script during the submitting. Then we get the category that this topic has and put it into the $cg variable. Next we push all the category names in the blogcategories table into an array called $cat[]. Then we loop through these categories and find the element number of the one that matches the $cg variable that matches this topic's category and we put this in the $si variable.

Now we see if the $detail variable has gotten data POSTed to it yet by this page's form, and, if not, we dig the detail field from the topics table and use a JavaScript routine later in the script to put it in the form's textarea input box named detail. This same JavaScript uses the selectedIndex property to stick the $si variable's value into the form's select input box where categories get selected. This has the effect of having the initial value displayed in the select box dropdown list be the current value of the category field for this topic in the db's topics table.

Note that for displaying data, strip_tags(), preg_replace(), mysql_real_escape_string() and stripslashes() are all used to provide display security on this page—just in case the data has somehow gotten compromised. There's even a substr() function keeping the data under 10,000 characters. If you're curious, the 047 is a single quote and the 057 is a forward slash, in the preg_replace() regular expression replacement pattern. And later on, u=u.replace(/\\/g,''); and i=i.replace(/\\/g,''); are for backslash removal, and they are needed if the mysql_real_escape_string() or anything else adds slashes to ids or usernames. It happens.

Next comes the HTML input form in which a textarea box holds the current topic's detail field content to be edited and submitted. The category dropdown menu is next and it's a select box with each category an option. Note that the dropdown menu is echoed onto the page in PHP. The alternative would have been to use JavaScript and bring in the category array via JSON's json_encode() function and document.write() it to the screen, but why go through the fuss? Note there's a Javascript function textCounter() that runs off onKeyUp and onKeyDown events in the textarea box which displays to the user exactly how many characters there are left of the alloted 10,000.

Once the editing is done, the data is submitted to this same editing script page with new catagory and/or detail POSTed in and stuck in the MySQL db table by UPDATEing those fields, but not before input validation occurs using the aforementioned security functions. There is a JavaScript later on the page that sticks the username and current topic id into hidden fields in the HTML form. There's also a hidden field with the name flag that has a 1 in it. Note that no UPDATEing will occur unless the form has been submitted (and the POSTed username is found to be the administrator's) since that flag gets POSTed to the PHP script where it ends up in the $flag variable, which gets checked prior to updating.

At the bottom of the script is the code for the sidebar with info on what is allowed in editing the detail field in a topic. You're told you are allowed to have bold, underscore, italics, links, email links, pictures, videos, and audios, and the custom tags you will need are explained.

SAVE THIS PAGE AS: cms-edit-blog-topic.php

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>Edit Blog Topic—Content Management System (CMS)</TITLE>
<meta name="description" content="Edit Blog Topic—Content Management System (CMS)">
<meta name="keywords" content="blogs,blog,Content Management System,Content Management System Articles,php,CMS,javascript, dhtml, DHTML">
<style type="text/css">
BODY {margin-left:0; margin-right:0; margin-top:0;text-align:left;background-color:#ccc}
p, li {font:13px Verdana; color:black;text-align:left}
h1 {font:bold 28px Verdana; color:black;text-align:center}
h2 {font:bold 24px Verdana;text-align:center}
td {font:normal 13px Verdana;text-align:left;background-color:#eee}
.topic {text-align:left;background-color:#fff}
.mid {text-align:center;background-color:#aaa}
.right {text-align:right;}
.form {position:absolute;top:19px;left:240px;width:704px;border:1px solid blue;padding:6px;background-color:#eee}
.info {position:absolute;top:19px;left:2px;width:188px;border:1px solid blue;padding:6px;background-color:#bbb;word-wrap:break-word}
</style>
<script type="text/javascript">
function textCounter(field, countfield, maxlimit) {
if (field.value.length > maxlimit){field.value = field.value.substring(0, maxlimit);}
else{countfield.value = maxlimit - field.value.length;}}
</script>
</head>
<body>

<?php
include_once"config.php";

$U=$_POST['username'];if (!isset($U)){$U=$_GET['username'];}
if (isset($U)&&preg_match("/[A-Za-z0-9_]{6,20}$/",$U)){if($U<>"DIRTY_dog_DROPPINGS_"){unset($U);}}else{unset($U);}
if (!isset($U)){echo '<script language="javascript">alert("You are not the Administrator. Go login again but you can only add replies or just read topics.");window.location="blog-login.php"; </script>';}

$flag=$_POST['flag'];

$detail=$_POST['detail'];

$C=$_POST['category'];

$tbl_name="blog_question";

$id=mysql_real_escape_string($_GET['id']);

$res=mysql_query("SELECT category FROM blog_question WHERE id = '$id'") or die(mysql_error());
$row = mysql_fetch_array($res);$cg=$row['category'];

$cat=array();

$res = mysql_query("SELECT category FROM blogcategories order by category") or die(mysql_error());
while ($row = mysql_fetch_row($res)) {
array_push ($cat, $row[0]);
}

$num_cats_in_table=mysql_num_rows($res);

for ($i=0;$i<$num_cats_in_table;$i++) {if($cat[$i]==$cg){$si=$i;}}

if(!isset($detail)){$check_user_data=mysql_query("SELECT detail FROM $tbl_name WHERE id='$id'") or die(mysql_error());$row = mysql_fetch_array($check_user_data);$detail=strip_tags($row['detail']);$detail=stripslashes($detail);}

?>

<div class='form'>
<form id="form1" name="form1" method="post" action="cms-edit-blog-topic.php?id=<? echo stripslashes($id); ?>&username=<? echo stripslashes($U); ?>">
<table width="700" border="1" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCC">
<tr>
<td valign="top" class='mid'><b>Detail</b></td>
<td><textarea name="detail" cols="60" rows="25" id="detail" onKeyDown="textCounter(this.form.detail,this.form.remLen,10000);" onKeyUp="textCounter(this.form.detail,this.form.remLen,10000);"></textarea> 6 to 10000 characters
<br>
<input readonly type=text name=remLen size=5 maxlength=5 value="10000"> characters left
</td><input type="hidden" name="flag" value="1"><input type="hidden" name="username" value=" "><input type="hidden" name="id" value=" ">
</tr>
<tr>
<td><b>Category</b></td>
<td>

<?php
echo "<select name='category'>";
for ($i=0;$i<$num_cats_in_table;$i++) {
echo "<option value='".$cat[$i]."'>".$cat[$i]."</option>";}
echo "</select>";
?>

</td>
</tr>
<tr><td><input type="submit" name="submit" value="submit"></td>       <td class='mid' colspan=2><b><a href="cms-view-blog-topic.php?username=<? echo stripslashes($U); ?>&id=<? echo stripslashes($id); ?>">Return to Topic—don't edit</a></b></td></tr>
</table>
</form>
</div>

<script language="javascript">

var si = <?php echo json_encode($si); ?>;
document.form1.category.selectedIndex = si;

var c = <?php echo json_encode($detail); ?>;
if (c != null && c!=""){document.form1.detail.value=c;}

</script>

<?php

if(isset($detail)){
$detail=substr($detail,0,10000);
$detail = strip_tags($detail);
$pattern2 = '/[^a-zA-Z0-9\\s\\.\\,\\!\\;\\-\\_\\"\\?\\047\\:\\(\\)\\057]/i';
$detail=preg_replace($pattern2, "", $detail);
$detail=mysql_real_escape_string($detail);
if (strlen($detail)<6) {
echo '<script language="javascript">alert("Please enter 6 to 10000 characters for details."); window.location = "cms-view-blog-topic.php?id='.$id.'&username='.$U.'"; </script>';

}else{

$datetime=date("d/m/y H:i:s");

if($flag=="1"){
mysql_query("UPDATE $tbl_name SET detail = '$detail', category = '$C', datetime = '$datetime' WHERE id='$id'") or die('Error ,saving failed');
$rc = mysql_affected_rows();
if ($rc>0){echo '<script language="javascript">alert("The editing was successfully accomplished.");window.location = "cms-view-blog-topic.php?id='.$id.'&username='.$U.'"; </script>';}
else{echo '<script language="javascript">alert("Editing failed.");window.location = "cms-view-blog-topic.php?id='.$id.'&username='.$U.'"; </script>';}
}
}
}

mysql_close();
?>

<script language="javascript">
var u = <?php echo json_encode($U); ?>;
u=u.replace(/\\/g,'');
document.form1.username.value=u;
var i = <?php echo json_encode($id); ?>;
i=i.replace(/\\/g,'');
document.form1.id.value=i;
</script>

<div class='info'>In Detail field, you may use single or double quotes or Enter/Return. Use Returns for new paragraphs. For italics, starting and ending tags are (i-) and (ii-). For bold, use (b-) and (bb-). Underline is (u-) and (uu-). For links, use (l-) then domain <i>without http://</i>, then (ll-) then link text, then (lll-). For emails, use (e-) then email address <i>with (ee-) instead of @</i>, then (eee-) then subject, then (eeee-) then link text, then (eeeee-). For pictures, use (p-) as start tag, then full URL path to picture, then (pp-) as end tag. If the image is wider than 580 pixels, resave it to 580. For YouTube video, use (v-) as start tag, then the letter code <I>after</I> <b>http://www.youtube.com/v/</b> and <I>before</I> <b>&hl=en_US&fs=1&</b> in your video's YouTube Embed code, then (vv-), then the same letter code again, then (vvv-) as end tag.<br><br>For audio, use (a-) as start tag, then the sound's name, then (aa-), then the sound's file name ending in .mp3 or .wav, then (aaa-) as end tag. Make sure the sound.js file is in the folder your Content Management System is in. Save the following code as sound.js:<BR><b>function sound(s,q) {document.getElementById(q).innerHTML="<embed src='"+s+"' hidden=true autostart=true loop=false>"}</div>

</body>
</html>