Location: PHPKode > projects > BlueBoy What's New > admin/bb_news_admin.php3
<?php

///////////////////////////////////////////////////////////////////////////////////
//                                                                               //
//  BlueBoy Whats New Admin                                                      //
//                                                                               //
//  by Mike Norton                                                               //
//  http://www.blueboymultimedia.com                                             //
//                                                                               //
//-------------------------------------------------------------------------------//
//                                                                               //
// First we check to see if this is the actualle add to database routeen.        //
// If it is not it will display the input form.  Feel free to rearange the form  //
// as you wish.                                                                  //
//                                                                               //
// Once you input entries in the add form it submits the data to itself with the //
// flag $action="add" set, which causes the database insert to happen.              //
//                                                                               //
//-------------------------------------------------------------------------------//
//                                                                               //
// Future features:                                                              //
//  1. Filter illegal characters so they add to database without errors.         //
//  2. Add a edit and delete option.                                             //
//  3. Possibly add non directory security.                                      //
//  4. What ever else needs to be added.  I figure this out as I go.             //
//                                                                               //
///////////////////////////////////////////////////////////////////////////////////

/////////////////////////////////////////////////
//
// Are we posting data from the form?
//
if ($action== "add"){ 

/////////////////////////////////////////////////
//
// If we are then insert the data into the database

	// Get database info from config.inc ///
	require ("../bb_news_config.inc");
	
	// protect sql syntax
	$author = addslashes($author);
	$news = addslashes($news);
	$link = addslashes($link);
	$subject = addslashes($subject);

	mysql_connect($bb_news_hostname,$bb_news_mysqluser,$bb_news_mysqlpassword)
	or die ("Problem connecting to DataBase");

	$query = "insert into news values ('$id','$subject','$news',now(),'$author','$link')";
	$result = mysql_db_query($bb_news_db, $query); 

	print "query result: \n <pre>$result</pre>\n";
	if($result != "1")
	{
	  $error = mysql_errno().": ".mysql_error();
	  print "There was an error inserting the data: <pre>$error</pre>\n";
	  print "use your back button and try again.\n";
	}
	else
	{
	  echo "Data inserted. new table:<br>";
	  ?><a href="bb_news_admin.php3">Press here to go back to the input page</a>"<?
	}
}
else if($action == "del")
{
  if($id == "")
  {
  	?>
			<h1>error</h1>
			Invlid ID
		<?
		exit;
  }

	require ("../bb_news_config.inc");

	mysql_connect($bb_news_hostname,$bb_news_mysqluser,$bb_news_mysqlpassword)
		or die("Unable to connect to SQL server");  // We do this to handle the errors
	$query = "delete from news where id = '$id'";   
	$news =  mysql_db_query($bb_news_db, $query) or die("Delete Failed!");
	print "news item $id deleted\n";
}
else if($action == "view")
{
  if($id == "")
  {
  	?>
			<h1>error</h1>
			Invlid ID
		<?
		exit;
  }

	require ("../bb_news_config.inc");

	mysql_connect($bb_news_hostname,$bb_news_mysqluser,$bb_news_mysqlpassword)
		or die("Unable to connect to SQL server");  // We do this to handle the errors
	$query = "select id, subject, news,  date_format(date, '%Y/%m/%d') as date, author, link from news
	where id = '$id'";   
	$news =  mysql_db_query($bb_news_db, $query) or die("Select Failed!");
	$row = mysql_fetch_array($news);
?>
<font face="Arial, Helvetica, sans-serif" size="2">
<font color="<? echo $bb_news_date_fn; ?> "><? echo $row['date']; ?></font> by <font color="<? echo $bb_news_author_fn; ?>"><? echo $row['author']; ?></font><br>
  <b><font color="<? echo $bb_news_subject_fn; ?>"><? echo $row['subject']; ?></font></b><br>
    <font color="<? echo $bb_news_text_fn; ?>">
    <? echo $row['news']; ?><br></font>
    <a href="<? echo $row['link']; ?>"><? echo $row['link']; ?></a></font> 
    </font><font face="Arial, Helvetica, sans-serif" size="2">
<hr>
<?
}
else if($action == "viewedit")
{

  require ("../bb_news_config.inc");

  mysql_connect($bb_news_hostname,$bb_news_mysqluser,$bb_news_mysqlpassword)
    or die("Unable to connect to SQL server");  // We do this to handle the errors
  $query = "select id, subject, news,  date_format(date, '%Y/%m/%d') as date, author, link from news
  where id = '$id'";   
  $news =  mysql_db_query($bb_news_db, $query) or die("Select Failed!");
  $row = mysql_fetch_array($news);

  $subject = htmlentities($row['subject']);
  $news = htmlentities($row['news']);
  $author = htmlentities($row['author']);
  $link = htmlentities($row['link']);

  ?>
    <font face="Arial, Helvetica, sans-serif" size="4"><b><font color="#0066FF">
    News Edit Form</font></b></font></p>

	<form method="post" name="form1" action="bb_news_admin.php3">
		<INPUT NAME="id" TYPE=Hidden Value="<? echo $id ?>" Size="">
		<INPUT NAME="date" TYPE=Hidden Value=" " Size="">
		<INPUT NAME="action" TYPE=Hidden Value="edit" Size="">
		<font face="Arial, Helvetica, sans-serif">Subject: 
		<input type="text" name="subject" value="<? echo $subject ?>">
         by: 
        <input type="text" name="author" value="<? echo $author ?>"><br>
         News:<br>
        <textarea name="news" rows=30 cols=85><? echo $news ?></textarea><br>
         Link 
        <input type="text" name="link" size="30" value="<? echo $link ?>"></font><br>
        <input type="submit" name="Submit" value="Submit">
        <input type="reset" name="Submit2" value="Reset">
        </form><P>
  <?

}
else if($action == "edit")
{

  require ("../bb_news_config.inc");

  mysql_connect($bb_news_hostname,$bb_news_mysqluser,$bb_news_mysqlpassword)
    or die ("Problem connecting to DataBase");

  // protect sql syntax
  $subject = addslashes($subject);
  $news = addslashes($news);
  $author = addslashes($author);
  $link = addslashes($link);

  $query = "update news set subject = '$subject', news = '$news', author = '$author',
            link = '$link' where id = '$id'";
  $result = mysql_db_query($bb_news_db, $query); 

  print "query result: \n <pre>$result</pre>\n";

  echo "Data updated. new table:<br>";
  ?><a href="bb_news_admin.php3">Press here to go back to the input page</a>"<?
}

//////////////////////////////////////////////////
//
// If not add then display the input form.
//
else
{ 
  echo ' 
  <font face="Arial, Helvetica, sans-serif" size="4"><b><font color="#0066FF">
News Entry Form</font></b></font>

	<form method="post" name="form1" action="bb_news_admin.php3">
		<INPUT NAME="id" TYPE=Hidden Value="0000" Size="">
		<INPUT NAME="date" TYPE=Hidden Value=" " Size="">
		<INPUT NAME="action" TYPE=Hidden Value="add" Size="">
		<font face="Arial, Helvetica, sans-serif">Subject: 
		<input type="text" name="subject">
         by: 
        <input type="text" name="author"><br>
         News:<br>
        <textarea name="news" rows=5 cols=75></textarea><br>
         Link 
        <input type="text" name="link" size="30" ></font><br>
        <input type="submit" name="Submit" value="Submit">
        <input type="reset" name="Submit2" value="Reset">
        </form><P>
  '; 

	// calculate the page offset
	if($page_number == "") { $page_number = 0; }
	$page_offset = $page_number * $max_hits;
	$prev_page_number = $page_number - 1;
	$next_page_number = $page_number + 1;

	require ("../bb_news_config.inc");
	mysql_connect($bb_news_hostname,$bb_news_mysqluser,$bb_news_mysqlpassword)
		or die("Unable to connect to SQL server");  // We do this to handle the errors

	$query = "select id, subject, news, date_format(date, '%Y/%m/%d') as date, author, link from news
		order by id desc limit $page_offset,$max_hits";   

	$news =  mysql_db_query($bb_news_db, $query) or die("Select Failed!");

	$human_pnum = $page_number + 1;
	print "Page $human_pnum of News<br>\n";
	echo "<hr>\n";

	while ($row = mysql_fetch_array($news)) {
	?>

		<font face="Arial, Helvetica, sans-serif" size="2">
		<font color="<? echo $bb_news_date_fn; ?> ">
		<? echo $row['date']; ?></font> by <font color="<? echo $bb_news_author_fn; ?>">
		<? echo $row['author']; ?></font><br>
			<b><font color="<? echo $bb_news_subject_fn; ?>"><? echo $row['subject']; ?></font></b><br>
				<a href=bb_news_admin.php3?action=view&id=<? echo $row['id'] ?>>view</a>
				<a href=bb_news_admin.php3?action=viewedit&id=<? echo $row['id'] ?>>edit</a>
				&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href=bb_news_admin.php3?action=del&id=<? echo $row['id'] ?>>delete</a></font>
				<font face="Arial, Helvetica, sans-serif" size="2">
		<hr>

	<?
	} 

	print "<font size=+1>\n";
	$qs = ereg_replace('\&page_number=[^&]*', '', $QUERY_STRING);
	if($prev_page_number > -1)
	{
	  print "<a href=\"$SCRIPT_NAME?$qs&page_number=$prev_page_number\">prev</a> \n";
	}
	else
	{
	  print "prev\n";
	}
	if(mysql_num_rows($news) == $max_hits)
	{
	  print "<a href=\"$SCRIPT_NAME?$qs&page_number=$next_page_number\">next</a> \n";
	}
	else
	{
	  print "next\n";
	}
	print "</font>\n";

	?>
	<p>
	view the real <a href=../>news</a> page
	</p>
	<?
} 

?> 
Return current item: BlueBoy What's New