6 replies to this topic

[nygorn]

Well, the thing is i got a tutorial cms and i've posted a tutorial and database and everything is working so far except the display part.
A test tutorial is added, and sql runs fine.

<?php  

//Getting the file db.php which includes our database settings.    
define( 'DB_PATH'  , "./" );  
require DB_PATH."config.php";  


//Setting up a variable to request the category which is in the URL  
$request_cat = $_REQUEST['category']; 
$id = $_REQUEST['id'];  


//Displaying an actual tutorial  
if ($id != '') {  

// Updating the views, and grabbing a tutorial based on what id it has.  
$update = mysql_query("UPDATE $mysql_table SET views = views + 1    
WHERE id='$id'");  
$result = mysql_query("SELECT * FROM $mysql_table   
WHERE id='$id'");  
while($row = mysql_fetch_array($result)){  
    
  // Template for the tutorial   
  echo "  
  <table width='400' border='0' cellspacing='0' cellpadding='0'>  
<tr>  
  <td width='400'>  
<table width='400' border='0' cellspacing='0' cellpadding='0'>  
<tr>  
<td><table width='400' border='0' cellspacing='0' cellpadding='0'>  
    <tr>  
      <td width='275'><div align='left'><strong>  
<a href='tutorials.php?category=".$row['category']."&id=".$row['id']."  
'>".$row['title']."</a>  
</strong></div></td>  
      <td width='125'><div align='right'>  
[ Views: ".$row['views']." ]</div></td>  
    </tr>  
      </table></td>  
    </tr>  
<tr>  
<td><div align='left'>Description: ".$row['description']."</div></td>  
    </tr>  
<tr>  
<td><div align='left'>".$row['content']."</div></td>  
    </tr>  
<tr>  
<td><div align='left'>  
    <table width='400' border='0' cellspacing='0' cellpadding='0'>  
      <tr>  
      <td width='150'><div align='left'>Added: ".$row['date']."</div>  
</td>  
  <td><div align='right'>Author:   
<a href='mailto:".$row['email']."'  
>".$row['author']."</a> </div></td>  
      </tr>  
    </table>  
      </div></td>  
    </tr>  
<tr>  
  <td><div align='left'>Category:   
<a href='tutorials.php?category=".$row['category']."  
>".$row['category']."</a> </div></td>  
    </tr>  
  </table></td>  
    </tr>  
  </table>    
  "; // End of template of tutorial  
} // End of grabbing data  
  exit(); // Stopping anything below from interfearing with this sectiom  
} // End of Displaying an actual tutorial  

//Grabbing information from the database. 

$result = mysql_query("SELECT * from $mysql_table   
where category = '$request_cat' ORDER BY ID DESC");  

while($row = mysql_fetch_array($result)) {  

  //Template for the tutorials in a category.  
  echo "  
  <table width='400'  border='0' cellspacing='0' cellpadding='0'>  
<tr>  
  <td width='100' align='center' valign='middle'><div align='center'>  
<a href='tutorials.php?category=".$row['category']."&id=".$row['id']."'>  
<img src='".$row['avatar']."' alt='".$row['title']."'  title='".$row['title']."'   
width='90' height='60' border='0'></a>  
</div></td>  
  <td width='300'>  
<table width='100%'  border='0' cellspacing='0' cellpadding='0'>  
    <tr>  
<td>  
<div align='center'><strong>".$row['title']."</strong></div></td>  
    </tr>  
    <tr>  
<td>  
<div align='left'>Description: ".$row['description']."</div></td>  
    </tr>  
    <tr>  
<td>  
<table width='100%'  border='0' cellspacing='0' cellpadding='0'>  
  <tr>  
    <td><div align='left'>Added: ".$row['date']."</div></td>  
    <td><div align='left'>Category:   
<a href='tutorials.php?category=".$row['category']."  
>".$row['category']."</a></div></td>  
    </tr>  
    </table></td>  
    </tr>  
    <tr>  
<td><table width='100%'  border='0' cellspacing='0' cellpadding='0'>  
  <tr>  
    <td width='175'><div align='left'>Author:   
<a href='mailto:".$row['email']."'>".$row['author']."</a></div></td>  
    <td width='100'><div align='left'>Views: ".$row['views']."</div></td>  
      </tr>  
    </table></td>  
    </tr>  
  </table></td>  
    </tr>  
  </table><br>  
  "; // End of Template for the tutorials in a category.  
} // End of grabbing information from database.  


// Main Tutorial page.  This is where all your categories will be listed.    
if ($request_cat == '') {  

//This makes a list of all the cateogries that are in the database!  No need to make the links yourself!  
$result = mysql_query("SELECT DISTINCT category from $mysql_table ");  
while($row = mysql_fetch_array($result)) {  
    
  // Showing all the categories  
  echo "  
  <a href='tutorials.php?category=".$row['category']."'  
>".$row['category']."</a><br>  
  "; // End of showing all the categories  
} // End of grabbing unique categories in database  
}// End of main tutorial page  

?>

The config file i dont care to post since that part works fine.
So when i open tutorials.php i get nada. Same when i tries open tutorials.php?category=Photoshop or tutorials.php?category=Photoshop&id=1

Please i'm begging you. help me "/
Thanks in advance & have a nice day

[Demonslay]

Before I even look in-depth with it, I need to point out probably the most basic security practices I find myself repeating to people, over and over.

• Don't use $_REQUEST, use $_GET or $_POST so you actually know where your data is coming from
  
• Clean your data before using it with SQL, see this article on SQL Injection
  
• Use mysql_error() on the end of every mysql_query() so you know when an error goes wrong

Example of point #3.

$query = mysql_query($sql) or die(mysql_error());

Also, in order to display a tutorial, don't compare an unset variable to an empty string. Use isset() or see if it is greater than zero.

if($id > 0){ // Display tutorial

On a second glance, I also see what could be wrong. You should use strtolower() on your $request_cat, as the WHERE clause in SQL is case-sensitive, I believe, and thus if you have a category in the database 'photoshop', searching for 'Photoshop' won't yield any results.
You should make it dynamic with adding of the WHERE clause, so that it only adds it if it is set. In other words, if you aren't searching for a category, show all results. If the variable isn't set, then you are looking for rows where the category column is set to an empty string (''), which of course, won't yield any results if you have a category for every tutorial.

Edited by Demonslay, 14 July 2007 - 06:58 PM.

[nygorn]

Could you please help me and change the errors in the code?
I haven't written it and dont know a jack of php.
I'm just using it for photoshop, Sony vegas and css tutorials.
I would appriciate it but if you dont want to or dont have time its fine by me
Have a nice day

[jold101]

//Getting the file db.php which includes our database settings.
define( 'DB_PATH' , "./" );
require DB_PATH."config.php";

Under that, add

$category = $_GET['category'];
$id = $_GET['id'];

See how that works.

I will explain what that is if you want me too.

Edited by jold101, 15 July 2007 - 04:33 AM.

[nygorn]

still doesnt work :S
still getting nada "/
can demonslay look at it ?

Edited by nygorn, 16 July 2007 - 05:09 PM.

[Demonslay]

We fixed this over MSN.

Apart from fixing some of the code, there was a really odd error that prevented anything to be echoed, even with error_reporting set to the highest setting; it would exit the script without anything as soon as it tried to require a file.

The required file was nothing but a simple MySQL connect file, but I cleaned up the extra whitespace and a few new lines inside of function calls, and suddenly everything worked...

[nygorn]

lol, you wont belive this...
in the last part of the system that would echo out the tutorial in tutorials.php?category=Photoshop&id=1 fucks up the whole html interface. But the category works just fine.