Hi. I'm writing a tutorial cms script and I need a category selector.

I would really like a drop-down box listing all the data in the category section of the mysql table.

It would go like this:

A drop-down box would list all the categories in the drop-down box. If desired category isn't there, the user would select "Add Category" and another box would appear beside the drop-down box. The userr would enter a word, such as PHP, and it would craete a new category.


I don't know if this will help, but here's the section of the admin.php file that creates a new tutorial:


// Page: admin.php?act=addnew
if ($act == addnew) {
echo "
<form name=\"form\" method=\"post\" action=\"admin.php?act=addnew\">
<table width=\"80%\" border=\"0\" cellspacing=\"3\" cellpadding=\"0\">
<tr>
<td width=\"20%\">Name:</td>
<td width=\"79%\"><input name=\"name\" type=\"text\" id=\"name\" size=\"40\"></td>
</tr>
<tr>
<td>Avatar:</td>
<td><input name=\"avatar\" type=\"text\" id=\"avatar\" value=\"http//\" size=\"40\"></td>
</tr>
<tr>



<td>Category:</td>
<td> <input name=\"category\" type=\"text\" id=\"category\" value=\"Will automatically make category or insert tutorial into existing category.\" size=\"40\"> // this is the catedory section I need the above impletemented.



</tr>
<tr>
<td>Description:</td>
<td><input name=\"description\" type=\"text\" id=\"description\" size=\"40\"></td>
</tr>
<tr>
<td>Author:</td>
<td><input name=\"author\" type=\"text\" id=\"author\" size=\"40\"></td>
</tr>
<tr>
<td>Email:</td>
<td><input name=\"email\" type=\"text\" id=\"email\" size=\"40\"></td>
</tr>
<tr>
<td>Content</td>
<td><textarea name=\"content\" cols=\"65\" rows=\"10\"></textarea></td>
</tr>
<tr>
<td><input name=\"submit\" type=\"image\" src=\"images/button/submit.jpg\" onclick=\"submit()\">
<input name=\"reset\" type=\"image\" src=\"images/button/submit.jpg\" onclick=\"reset()\"></td>
</tr>
</table>
</form>";

if ($_POST['submit']) {

$name = $_POST['name'];
$avatar = $_POST['avatar'];
$category = $_POST['category'];
$description = $_POST['description'];
$author = $_POST['author'];
$email = $_POST['email'];
$content = $_POST['content'];
$date = date('m-d-Y');

if (!$name || !$avatar || !$category || !$description || !$author || !$email || !$content) {
die ('<font size=1 face=red>Sorry, a field was left blank. Check all fields again!</font>');
}
else {
mysql_query("INSERT INTO $mysql_table(id,title,avatar,date,category,description,author,email,content,
views) VALUES('','$name','$avatar','$date','$category','$description','$author','$email','$content','')") or die('Sorry, it failed');
echo "<br /><br /><font color=green size=1>Success!</font> You have added the tutorial <strong>$name</strong> to the category <strong>$category.</strong><br><br><br><input style=\"width:134; background-color: #F3F3F3;\" value=' Home... ' onClick=\"self.location='admin.php'\">";
}
}
}

ethereality

There are two ways I can think of doing this. The first being when you select "Add new category" from the drop down menu use JavaScript to display a text field (Which would be hidden to start).

When the user hits submit for the tutorial check to see if the new category text field contains a value. If it does then first add the category to the database and then use the new category ID when you add the new tutorial.

That would be the simplest. Alternatively you could use XML HTTP Request which would allow for you to add the new category and for the drop down menu to be repopulated without having to refresh the page - nifty 'eh?

Have a think about what you want to do, the first would be more browser compliant (and easier) than the latter but the latter would be "cooler".

If you need any more details just let me know.

On another note you may also want to look into SQL injection prevention. This URL will help you understand and prevent it from happening: SQL Injection (http://www.dislexik.com/thread320.html)

Thank you DislexiK.

You're SQL Injection thread was certainly helpful. Would the hacker be able to attempt any of that if I encrypt it, say with Zend or IonCube?

I've never heard of XML HTTP Request before, but it looks quite interesting. Mabey I'll try and implement it to my script, seeing as how I've just realized that I can be a whole lot easier on myself with most of the coding. I've also figures out that late-night coding is not a good idea.

P.S.

I like the little infobar on your forums... very tricky, I actually thought it was the SP2 infobar, but they I looked at the source.

That's a very unqiue idea.. I've never seen it on any other website.

Encrypting PHP has no affect to how the PHP script will be processed.

When you encrypt a PHP file it has to be decrypted before it can be interpreted by the PHP interpreter and therefore the script is processed as normal.

I haven't any experience with XML HTTP Request but my work colleagues have. What I have seen them do is brilliant, I fell in love with it.

Take a good look at Gmail.com - oh the power is fantastic!

I thought it woudn't have any affect. I'm actually going back to beta version 1.3 (the version I had this question for was version 1.5) because I've made so many changes, and the only stable version I have is 1.3. So I'll try and implement the security stuff into my script as best as I can.

Okay, since 1.3 doesn't have a member system, I've implemented it. The only problem I'm having is the installation file.

Here's the logical order of the installation file:

1. Connect to the database
2. Install Tables
3. If the tables did not install properly, kill the script and display the error message
4. If the table did install properly, display a message.

I'm just having the trouble with #3.

Right now I'm using

or die( "Error, something is wrong. Please make sure all information is correct and try again." );


But I don't think that's right at all.

ethereality,

What's the error (If any) you're getting. The syntax your posted is correct.

Parse error: parse error, unexpected T_LOGICAL_OR in /home/dylan/public_html/projects/coretutorial/1.3beta/install.php on line 37

Line 37 is the line I posted in my last post.

OR die();

By any chance are you using this on a different line from the execution of the query? For example:

mysql_query("SELECT * FROM TABLE", $conn)
OR die(mysql_error);

The OR operator must be used on the same line as the statement you're executing, for example the above code should be:

mysql_query("SELECT * FROM TABLE", $conn) OR die(mysql_error);

Hope this helps.

So bascially


mysql_query("

//my sql stuff

");
or die( "Error, something is wrong. Please make sure all information is correct and try again." );


should be


mysql_query("

//my sql stuff

"); or die( "Error, something is wrong. Please make sure all information is correct and try again." );

Nope didn't do anything.. the error just changed from line 37 to line 36.

I guess I'll just post the entire coe (no MYSQL of course).


<?php

define( 'DB_PATH' , "./" );
require DB_PATH."config.php";
include("header.php");

mysql_query("

// the mysql information

"); or die( "Error, something is wrong. Please make sure all information is correct and try again." );

echo "Install Complete! All the tables have been installed, and you are all set! The file <b>install.php</b> has been deleted for security purposes. If not, please delete it manually.<br /><br />Please proceed and make the <a href=create_admin.php>administrator account</a>."; }

unlink('install.php');
include("footer.php");
?>

Try removing the spaces before and after the error message string within the die() function.

Nope.. I really don't know what's going on here.

If it helps I have PHP version 4.3.11

Post the entire script including the query please.

<?php

define( 'DB_PATH' , "./" );
require DB_PATH."config.php";
include("header.php");

mysql_query("
CREATE TABLE `$mysql_table` (
`id` tinyint(11) NOT NULL auto_increment,
`title` text NOT NULL,
`avatar` text NOT NULL,
`date` varchar(50) NOT NULL,
`category` varchar(25) NOT NULL default '',
`description` text NOT NULL,
`author` text NOT NULL,
`email` text NOT NULL,
`content` text NOT NULL,
`views` varchar( 30 ) NOT NULL default '0',
PRIMARY KEY (`ID`)
) TYPE=MyISAM AUTO_INCREMENT=1 ;

CREATE TABLE `membership` (
`id` int(5) NOT NULL auto_increment,
`name` varchar(30) NOT NULL default '',
`email` varchar(200) NOT NULL default '',
`password` varchar(10) NOT NULL default '',
`status` enum('N','Y') NOT NULL default 'N',
`code` char(6) NOT NULL default '',
`joindate` date NOT NULL default '0000-00-00',
`login` datetime NOT NULL default '0000-00-00 00:00:00',
PRIMARY KEY (`id`),
UNIQUE KEY `name` (`name`,`email`),
UNIQUE KEY `email` (`email`)
) TYPE=MyISAM AUTO_INCREMENT=1 ;

"); or die("Error, something is wrong. Please make sure all information is correct and try again.");

echo "Install Complete! All the tables have been installed, and you are all set! The file <b>install.php</b> has been deleted for security purposes. If not, please delete it manually.<br /><br />Please proceed and make the <a href=create_admin.php>administrator account</a>."; }

unlink('install.php');
include("footer.php");
?>

I don't think you can run two statements within a single query. In addition to this you must place the execution of the query within a variable as it returns a TRUE value if executed successfully and FALSE if not successfully executed. This value needs to be stored somewhere.

How would I implement that code into the installation file?

(I may just have to run the queries manually)

Try this:

<?php
define( 'DB_PATH' , "./" );
require DB_PATH."config.php";
include("header.php");

$query = mysql_query("CREATE TABLE `$mysql_table` (
`id` tinyint(11) NOT NULL auto_increment,
`title` text NOT NULL,
`avatar` text NOT NULL,
`date` varchar(50) NOT NULL,
`category` varchar(25) NOT NULL default '',
`description` text NOT NULL,
`author` text NOT NULL,
`email` text NOT NULL,
`content` text NOT NULL,
`views` varchar( 30 ) NOT NULL default '0',
PRIMARY KEY (`ID`)) TYPE=MyISAM AUTO_INCREMENT=1";

$queryMembership = "CREATE TABLE `membership` (
`id` int(5) NOT NULL auto_increment,
`name` varchar(30) NOT NULL default '',
`email` varchar(200) NOT NULL default '',
`password` varchar(10) NOT NULL default '',
`status` enum('N','Y') NOT NULL default 'N',
`code` char(6) NOT NULL default '',
`joindate` date NOT NULL default '0000-00-00',
`login` datetime NOT NULL default '0000-00-00 00:00:00',
PRIMARY KEY (`id`),
UNIQUE KEY `name` (`name`,`email`),
UNIQUE KEY `email` (`email`)
) TYPE=MyISAM AUTO_INCREMENT=1 ;");

if($query AND $queryMembership) {
echo "Install Complete! All the tables have been installed, and you are all set! The file <b>install.php</b> has been deleted for security purposes. If not, please delete it manually.<br /><br />Please proceed and make the <a href=create_admin.php>administrator account</a>.";
} else {
echo 'Something went wrong';
}

unlink('install.php');
include("footer.php");
?>

I also noticed you had a rogue '}' laying around after your final echo, that would have given you an error after you solved the first error.

Please note, I have not tested this script nor have I checked over the MySQL query as I am about to go to bed. If you still get errors let me know and I will take a look at the queries in the morning.

Good night.

Good night!

ethereality, how did it go?

Apropos XML HTTP Request. I did some search on google and found this -

link (http://www.prescientsoftware.com/JPX_WDDX/index.php?catid=1&subcatid=7)

Looks pretty promising...

Okay.. it went good the first time, but then I had to make a new layout for it (demensions went all wrong) so I re-uploaded install.php and now I'm getting this error:


Warning: mysql_connect(): Access denied for user: 'dylan_coretutorial@localhost' (Using password: YES) in /home/dylan/public_html/projects/coretutorial/personalbeta/config.php on line 20
Error connecting to Database! Please Try again. Access denied for user: 'dylan_coretutorial@localhost' (Using password: YES)


This is the config.php file:


<?php

// Basic Configuration

$title = "coreTutorial 1.5 (BETA)"; // title for all the pages

// MySQL Information

$mysql_host = "localhost"; // localhost should be fine

$mysql_user = "dylan_coretutorial"; // mysql username

$mysql_pass = "**************"; // mysql password

$mysql_data = "dylan_tut"; // mysql database

$mysql_table = "_personalbeta"; // your mysql table prefix. leave as is if this is a new install.

// do not edit below!
mysql_connect($mysql_host,$mysql_user,$mysql_pass) or die("Error connecting to Database! Please Try again.
" . mysql_error());
mysql_select_db($mysql_data) or die("Cannot select database! Please Try again.
" . mysql_error());




?>


P.S. That's for the XMLHttpRequest... But I don't think I'll be implementing it unless I get someone to do it for me. It seems kind of confusing.

Are you certain that your username and password are correct?

I'm certain. I even created a new username for it. Mabey it's just something wrong with my server.

nevermind. cpanel shortend my database name to dylan_cortutori.. it's fixed now

thank you for your help.

Oh, by the way... would AJAX be a good way to go about things for the dropdown box?

Yeah, XML HTTP Request uses AJAX as far as I know. It will be good for repopulating your drop down menu when you add a new category.

Thank you. I'm almost done with the script.