norsemanGrey Skrevet 10. februar 2010 Del Skrevet 10. februar 2010 Heisann, driver å jobber med en script for å kunne lage poster/news/blogs etc. som lagres til MySQL og så kan vises på en side på nettsteded. Det skal være mulig å opprette nye poster og editere eksisterende poster. Er ganske ny med PHP og kunne trengt en liten gjennomgang av skriptet for å se om det er ting som kan gjøre enklere eller på en bedre måte etc. Noen som kunne tatt seg tiden til å skumme igjennom? Hadde satt stor pris på det! Skripet fungerer slik som det er, men man kan alltid gjøre ting bedre add_publication.txt Btw: Ikke tenk på noe som har med noe annet en PHP delen å gjøre. Har ikke kommet til stylinge osv enda <?php // Include Session Script (DB Connection and Login Check) include("include/session.php"); if (!$session->logged_in){ mysql_close(); die('You are not authorized to view this page'); } //Include Files include('include/constants.php'); include('delete_publication.php'); // This function checks and validates the Date/Time field function checkDateField() { // Check if any date/time element is entered if (!$_POST['year'] && !$_POST['month'] && !$_POST['day'] && !$_POST['hour'] && !$_POST['minute']){ return 1; } // Check if only some date/time elements is entered if (!$_POST['year'] || !$_POST['month'] || !$_POST['day'] || !$_POST['hour'] || !$_POST['minute']){ return 0; } // Stip date/time strings from HTML tags $_POST['year'] = strip_tags($_POST['year']); $_POST['month'] = strip_tags($_POST['month']); $_POST['day'] = strip_tags($_POST['day']); $_POST['hour'] = strip_tags($_POST['hour']); $_POST['minute'] = strip_tags($_POST['minute']); // Check if a valid date is entered if (!checkdate($_POST['month'], $_POST['day'], $_POST['year'])){ return 0; } // Validate year element if ($_POST['year'] < strftime("%Y")){ return 0; } // Validate time elements if (($_POST['hour'] >= 00) && ($_POST['hour'] <= 23) && ($_POST['minute'] >= 00) && ($_POST['minute'] <= 59)){ return 2; }else{ return 0; } } $a = $_GET['a']; if (isset($a) && ($a == 'edit')){ if (!$save_values){ $print_db = 1; } $artid = $_GET['artid']; $query = "SELECT title, content, writer, timestamp, artimg FROM " . TBL_PUBLICATIONS . " WHERE id = '$artid'"; $result = mysql_query($query); if (!$result){ mysql_close(); die('Error in selection of news'); }else{ $row = mysql_fetch_object($result); } } if (isset($_POST['save'])){ if( ($_FILES['artimg']['size'] > 0) && (!isset($_POST['currentimg'])) ) { // Get image file parameters $fileName = $_FILES['artimg']['name']; $tmpName = $_FILES['artimg']['tmp_name']; $fileSize = $_FILES['artimg']['size']; $fileType = $_FILES['artimg']['type']; // Check the image file type if (($fileType != "image/jpeg") && ($fileType != "image/gif") && ($fileType != "image/png")) { die('The image file must be of the type jpeg/gif/png!'); } // Set target folder for image uploads $target = "upload/publications/"; $target = $target . basename($fileName); // Move file to upload folder if(!move_uploaded_file($tmpName, $target)) { die('An error occurred when uploading the file'); } } // Check if the required fields are filled out if (!$_POST['title'] | !$_POST['content'] | !$_POST['writer']) { $output = 'Fill out the required fields'; $save_values = 1; } else { // Call the function that checks the date/time field $cdf = checkDateField(); // If fields are not filled out correctly inform user, else if ($cdf == 0) { $output = 'The date field has not been filled out correctly!'; $save_values = 1; } else { if ($cdf == 2){ $_POST['year'] = strip_tags($_POST['year']); $_POST['month'] = strip_tags($_POST['month']); $_POST['day'] = strip_tags($_POST['day']); $_POST['hour'] = strip_tags($_POST['hour']); $_POST['minute'] = strip_tags($_POST['minute']); } $_POST['title'] = strip_tags($_POST['title']); $_POST['content'] = strip_tags($_POST['content']); $_POST['writer'] = strip_tags($_POST['writer']); if (!get_magic_quotes_gpc()){ $_POST['title'] = addslashes($_POST['title']); $_POST['content'] = addslashes($_POST['content']); $_POST['writer'] = addslashes($_POST['writer']); if ($cdf == 2) { $_POST['year'] = addslashes($_POST['year']); $_POST['month'] = addslashes($_POST['month']); $_POST['day'] = addslashes($_POST['day']); $_POST['hour'] = addslashes($_POST['hour']); $_POST['minute'] = addslashes($_POST['minute']); } } //Ready for inserting if ($cdf == 2) { $ts = $_POST['year'].'-'.$_POST['month'].'-'.$_POST['day'].' '.$_POST['hour'].':'.$_POST['minute'].':00'; // Build query to update publication table with new values if the user is editing an existing entry if (isset($a) && ($a == 'edit')) { if (isset($target)) { $query = "UPDATE " . TBL_PUBLICATIONS . " SET title = '".$_POST['title']."', content = '".$_POST['content']."', writer = '".$_POST['writer']."', timestamp = '$ts', artimg = '$target' WHERE id = '$artid'"; } elseif(isset($_POST['currentimg'])) { $query = "UPDATE " . TBL_PUBLICATIONS . " SET title = '".$_POST['title']."', content = '".$_POST['content']."', writer = '".$_POST['writer']."', timestamp = '$ts' WHERE id = '$artid'"; } else { $query = "UPDATE " . TBL_PUBLICATIONS . " SET title = '".$_POST['title']."', content = '".$_POST['content']."', writer = '".$_POST['writer']."', timestamp = '$ts', artimg = NULL WHERE id = '$artid'"; } } // Build query to insert new entries in the publication table if user is saving a new publication else { if (isset($target)) { $query = "INSERT INTO " . TBL_PUBLICATIONS . " (title, content, writer, timestamp, artimg) VALUES ('".$_POST['title']."', '".$_POST['content']."', '".$_POST['writer']."', '$ts', '$target' )"; } elseif(isset($_POST['currentimg'])) { $query = "INSERT INTO " . TBL_PUBLICATIONS . " (title, content, writer, timestamp) VALUES ('".$_POST['title']."', '".$_POST['content']."', '".$_POST['writer']."', '$ts', )"; } else { $query = "INSERT INTO " . TBL_PUBLICATIONS . " (title, content, writer, timestamp, artimg) VALUES ('".$_POST['title']."', '".$_POST['content']."', '".$_POST['writer']."', '$ts', NULL )"; } } } else { // Build query to update publication table with new values if the user is editing an existing entry if (isset($a) && ($a == 'edit')) { if (isset($target)) { $query = "UPDATE " . TBL_PUBLICATIONS . " SET title = '".$_POST['title']."', content = '".$_POST['content']."', writer = '".$_POST['writer']."', timestamp = NOW(), artimg = '$target' WHERE id = '$artid'"; } elseif(isset($_POST['currentimg'])) { $query = "UPDATE " . TBL_PUBLICATIONS . " SET title = '".$_POST['title']."', content = '".$_POST['content']."', writer = '".$_POST['writer']."', timestamp = NOW() WHERE id = '$artid'"; } else { $query = "UPDATE " . TBL_PUBLICATIONS . " SET title = '".$_POST['title']."', content = '".$_POST['content']."', writer = '".$_POST['writer']."', timestamp = NOW(), artimg = NULL WHERE id = '$artid'"; } } else { // Build query to insert new entries in the publication table if user is saving a new publication if (isset($target)) { $query = "INSERT INTO " . TBL_PUBLICATIONS . " (title, content, writer, timestamp, artimg) VALUES ('".$_POST['title']."', '".$_POST['content']."', '".$_POST['writer']."', NOW(), '$target' )"; } elseif(isset($_POST['currentimg'])) { $query = "INSERT INTO " . TBL_PUBLICATIONS . " (title, content, writer, timestamp) VALUES ('".$_POST['title']."', '".$_POST['content']."', '".$_POST['writer']."', NOW() )"; } else { $query = "INSERT INTO " . TBL_PUBLICATIONS . " (title, content, writer, timestamp, artimg) VALUES ('".$_POST['title']."', '".$_POST['content']."', '".$_POST['writer']."', NOW(), NULL )"; } } } // Execute query $dbInsert = @mysql_query($query); // Check operation result if (!$dbInsert) { // Operation failed, inform user $output = 'An error accured while uploading to database!'; $save_values = 1; } else { if (isset($a) && ($a == 'edit') && (!isset($_POST['currentimg']))){ if ($row->artimg != NULL){ deleteNewsitemFromServer($row->artimg); } } mysql_close(); // Return to Main <----CHANGE!!! header('Location: main.php'); } } } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Hovedprosjekt</title> </head> <body> <table> <!-- TOP BAR --> <tr> <td height="50"><table width="800" height="50" align="center" border="0" cellspacing="0" cellpadding="0"> <tr> <td><p align="right" style="color:#FFFFFF"><a href="file:///G|/PERSONAL/WEBDESIGN/System Webside/index.php" class="link1">Home</a> | <?php if ($session->logged_in) { echo "You are logged in as: <b>$session->username</b> <br><br>" ."[<a href=\"userinfo.php?user=$session->username\">My Account</a>] " ."[<a href=\"useredit.php\">Edit Account</a>] "; if($session->isAdmin()){ echo "[<a href=\"admin/admin.php\">Admin Center</a>] "; } echo "[<a href=\"process.php\">Logout</a>]"; } else { echo "You are not logged in! <br><br>"; echo "[<a href=\"main.php\">Login</a>]"; } ?> </td> </tr> </table></td> </tr> <!-- MAIN --> <tr> <td width="532" valign="top"> <table> <tr> <td valign="top"> <?php // Determine header (edit or add new) if (isset($a) && ($a == 'edit')) { echo "<div>Edit News</div>"; } else { echo "<div>Add News</div>"; } ?> </td> </tr> <tr> <td> <form action="<?php if (isset($a) && ($a == 'edit')) { ?>add_publication.php?a=edit&artid=<?php echo $artid; } else { echo $_SERVER['PHP_SELF']; }?>" method="post" autocomplete="off" enctype="multipart/form-data"> Title: <br> <input type="text" name="title" value="<?php if ($save_values) { echo stripslashes(htmlspecialchars($_POST['title'])); } elseif (isset($print_db)) { echo htmlspecialchars($row->title); } ?>" style="width:200px" /> <br /><br /> Date/Time: (YYYY-MM-DD HH:MM) <br /> <input type="text" name="year" value="<?php if ($save_values) { echo $_POST['year']; } elseif (isset($print_db)) { echo (substr($row->timestamp,0,4)); } ?>" style="width:50px" /> - <input type="text" name="month" value="<?php if ($save_values) { echo $_POST['month']; } elseif (isset($print_db)) { echo (substr($row->timestamp,5,2)); } ?>" style="width:25px" /> - <input type="text" name="day" value="<?php if ($save_values) { echo $_POST['day']; } elseif (isset($print_db)) { echo (substr($row->timestamp,8,2)); } ?>" style="width:25px" /> <input type="text" name="hour" value="<?php if ($save_values) { echo $_POST['hour']; } elseif (isset($print_db)) { echo (substr($row->timestamp,11,2)); } ?>" style="width:25px" /> : <input type="text" name="minute" value="<?php if ($save_values) { echo $_POST['minute']; } elseif (isset($print_db)) { echo (substr($row->timestamp,14,2)); } ?>" style="width:25px" /> <br /> (Leave these fileds empty if you wish autogenerated datestample) <br /><br /> Content: <br> <textarea name="content" rows="20" cols="90"><?php if ($save_values) { echo stripslashes($_POST['content']); } elseif (isset($print_db)) { echo ($row->content); } ?></textarea> <br /><br /> Written by: <br> <input type="text" name="writer" value="<?php if ($save_values) { echo stripslashes(htmlspecialchars($_POST['writer'])); } elseif (isset($print_db)) { echo htmlspecialchars($row->writer); unset($print_db); } ?>" style="width:200px" /> <br /><br /> <?php if (isset($a) && ($a == 'edit')){ ?> Use uploaded image settings: <input type="checkbox" name="currentimg" value="on" CHECKED> <?php } ?> <input type="hidden" name="MAX_FILE_SIZE" value="2000000" /> Add an image/photo: <br /> <input name="artimg" type="file" /> <br /><br /> * Fill out this field </p> <input type="submit" name="save" value="Add News" /> </form> <?php echo $output; ?></p> <?php mysql_close(); ?> </td> </tr> </table> </td> </tr> </tr> </table> </body> </html> Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå