need help making an edit scipt

what do you need to edit.

hey kkeith29, helping me out again I see.

ok what I want is an 'edit' link in the bottom right-hand corner of all three displayed rows, which will allow the user to edit the row clicked on.

I need the following fields to be editted:
today
author
content

if theres anything else you need to know let me know

i made this code for you. i didn't have time to test it so I am not sure if there are any errors. let me know if it works or not.

<?php

$thispage = $_SERVER['PHP_SELF'];

$username="";
$password="";
$database="";

$con = mysql_connect('localhost',$username,$password) or die('Error: ' . mysql_error());
mysql_select_db($database) or die('Error: ' . mysql_error());

if (isset($_POST['submit'])) {
	$id      = $_GET['edit'];
	$author  = $_GET['author'];
	$content = $_GET['content'];
	$today   = $_GET['today'];
	$sql = "UPDATE `blog` SET `author` = '" . $author . "', `content` = '" . $content . "', `today` = '" . $today . "' WHERE `id` = '" . $id . "'";
	$query = mysql_query($sql);
	header('Location: ' . $thispage);
}

$colNum = 1;

$sql = "SELECT * FROM `blog` ORDER BY `id` DESC LIMIT 0, 3";
$query = mysql_query($sql,$con) or die('Error: ' . mysql_error());
$table = '<table border="0" width="100%" cellpadding="0" cellspacing="5">';
$table .= '<tr>';
$num = 1;
while ($r = mysql_fetch_array($query)) {
	$id=$r['id'];
	$author=$r['author'];
	$content=$r['content'];
	$today=$r['today'];
	if (isset($_GET['edit']) && $_GET['edit'] == $id) {
$table .=<<<HTML
<td>
<form action="$thispage?edit=$id" method="post">
<table border=1 width=100% cellpadding=2 cellspacing=0>
	<tr width=100%>
		<td width=100% bgcolor=000013>
			<center><b><FONT COLOR=BBFFFF><FONT FACE=Verdana,Arial,Times New I2><FONT SIZE=2><input type="text" name="today" value="$today" /></font></font></font></b><br /><B><FONT COLOR=BBFFFF><FONT FACE=Verdana,Arial,Times New I2><FONT SIZE=1>Written by: <input type="text" name="author" value="$author" /></font></font></font></b></center>
			<p align=left><FONT FACE=Verdana,Arial,Times New I2><FONT SIZE=2><FONT COLOR=BBFFFF><textarea cols="30" rows="12" name="content">$content</textarea></p>
			<p align="center"><input type="submit" name="submit" value="Save" /></p>
		</td>
	</tr>
</table>
</form>
</td>
HTML;
	}
	else {
$table .=<<<HTML
<td>
<table border=1 width=100% cellpadding=2 cellspacing=0>
	<tr width=100%>
		<td width=100% bgcolor=000013>
			<center><b><FONT COLOR=BBFFFF><FONT FACE=Verdana,Arial,Times New I2><FONT SIZE=2>$today:</font></font></font></b><br /><B><FONT COLOR=BBFFFF><FONT FACE=Verdana,Arial,Times New I2><FONT SIZE=1>Written by: $author</font></font></font></b></center>
			<p align=left><FONT FACE=Verdana,Arial,Times New I2><FONT SIZE=2><FONT COLOR=BBFFFF>$content</p>
		</td>
	</tr>
	<tr>
		<td width="100%" bgcolor="#000013" align="right"><a href="$thispage?edit=$id">Edit</a></td>
	</tr>
</table>
</td>
HTML;
	}
	if ($num == $colNum) {
		$table .= '</tr><tr>';
		$num = 0;
	}
$num++;
}
$table .= '</table>';

echo $table;

mysql_close($con);

?>

ok the script now takes me to an edit page, but when I click Save instead of updating the content it deletes it, also it refreshes back to the edit page, can you make it load to index.php.

I have also made some edits to the script that I would like included. One of which is the onClick="javascript:SubmitForm();" which i've added to the save button, though this doesnt seem to work (it works for the actual input form) what it does is stop the form being sent if the any fields are wrong or the password is incorrect it tells you this in an alert, though for this form the alert pops up but the form isnt stopped from being sent, is there anyway you can make it work?

<?
	  
	  $thispage = $_SERVER['PHP_SELF'];

$username="";
$password="";
$database="";

$con = mysql_connect('localhost',$username,$password) or die('Error: ' . mysql_error());
mysql_select_db($database) or die('Error: ' . mysql_error());

if (isset($_POST['submit'])) {
	$id      = $_GET['edit'];
	$author  = $_GET['author'];
	$content = $_GET['content'];
	$today   = $_GET['today'];
	$sql = "UPDATE `blog` SET `author` = '" . $author . "', `content` = '" . $content . "', `today` = '" . $today . "' WHERE `id` = '" . $id . "'";
	$query = mysql_query($sql);
	header('Location: ' . $thispage);
}

$colNum = 1;

$sql = "SELECT * FROM `blog` ORDER BY `id` DESC LIMIT 0, 3";
$query = mysql_query($sql,$con) or die('Error: ' . mysql_error());
$table = '<table border="0" width="100%" cellpadding="0" cellspacing="5">';
$table .= '<tr>';
$num = 1;
while ($r = mysql_fetch_array($query)) {
	$id=$r['id'];
	$author=$r['author'];
	$content=$r['content'];
	$today=$r['today'];
	if (isset($_GET['edit']) && $_GET['edit'] == $id) {
$table .=<<<HTML
<td>
<form action="$thispage?edit=$id" name="submitform" method="post">
<table border=1 width=100% cellpadding=2 cellspacing=0>
	<tr width=100%>
		<td width=44% valign=top bgcolor=000000><B><FONT COLOR=BBFFFF><FONT FACE=Verdana,Arial,Times New I2><FONT SIZE=2>Time/Date</FONT></FONT></FONT></B></td>
			<td width=56% bgcolor=000000><p align=left><b><FONT COLOR=BBFFFF><FONT FACE=Verdana,Arial,Times New I2><FONT SIZE=2><input type="text" name="today" value="$today" /></font></font></font></b><br /><B></p></tr>
			<tr><td bgcolor="#000000"><b><font color="#BBFFFF"><font face="Verdana,Arial,Times New I2"><font size="2">Author</font></font></font></b></td>
             <td width="56%" bgcolor="#000000"><input type="text" name="author" value="$author" /></font></font></font></b></td></tr>
			 <tr><td valign="top" bgcolor="#000000"><p><B><FONT COLOR="#BBFFFF"><FONT FACE="Verdana,Arial,Times New I2"><FONT SIZE="2">Content <br>
             (click on the forms to copy codes)</FONT></FONT></FONT></B></p>
<p><b><font color="#BBFFFF" size="2" face="Verdana,Arial,Times New I2">Heading Code:<br>
                   <textarea name="header" id="header" cols="35" rows="2" onClick='highlight(this);'><U><B><FONT FACE="Verdana,Arial,Times New I2"><FONT SIZE="2"><FONT COLOR="#FF8000">Heading</font></font></font></b></u><br /><br /></textarea>
                     <br>
                     <br>
               At the end of every paragraph, besides your last, use this code:<br>
                     <input name="new_para" type="text" id="new_para" value="&lt;br /&gt;&lt;br /&gt;" size="38" onClick='highlight(this);'>
               </font></b></p>
<p><b><font color="#BBFFFF" size="2" face="Verdana,Arial,Times New I2">Link Code:<br>
                     <label></label>
               </font><font color="#BBFFFF" size="2" face="Verdana,Arial,Times New I2">
                 <label></label>
                 <input name="link" type="text" id="link" value="&lt;a href=&quot;link&quot;&gt;text&lt;/a&gt;" size="38" onClick='highlight(this);'>
               </font></b></p>
               <p><b><font color="#BBFFFF" size="2" face="Verdana,Arial,Times New I2">Image Code:<br>
                     <input name="image" type="text" id="image" value="&lt;img src=&quot;link&quot; border=&quot;0&quot;&gt;" size="38" onClick='highlight(this);'>
               </font></b></p></td>
			   <td bgcolor="#000000">
			<p align=left><FONT FACE=Verdana,Arial,Times New I2><FONT SIZE=2><FONT COLOR=BBFFFF><textarea cols="30" rows="12" name="content">$content</textarea></p></td></tr>
			<tr>
             <td valign="top" bgcolor="#000000"><b><font color="#BBFFFF" size="2" face="Verdana,Arial,Times New I2">Password</font></b></td>
           <td bgcolor="#000000"><label>
               <input type="password" name="password" id="password">
             </label></td>
      </tr>
			<tr><p align="center"><input type="submit" name="submit" value="Save" onClick="javascript:SubmitForm();"/></p></tr>
		</td>
	</tr>
</table>
</form>
</td>
HTML;
	}
	else {
$table .=<<<HTML
<td>
<table border=1 width=100% cellpadding=2 cellspacing=0>
	<tr width=100%>
		<td width=100% bgcolor=000013>
			<center><b><FONT COLOR=BBFFFF><FONT FACE=Verdana,Arial,Times New I2><FONT SIZE=2>$today:</font></font></font></b><br /><B><FONT COLOR=BBFFFF><FONT FACE=Verdana,Arial,Times New I2><FONT SIZE=1>Written by: $author</font></font></font></b></center>
			<p align=left><FONT FACE=Verdana,Arial,Times New I2><FONT SIZE=2><FONT COLOR=BBFFFF>$content</p>
			<p align="right"><a href="$thispage?edit=$id">Edit</a></p>
		</td>
	</tr>
</table>
</td>
HTML;
	}
	if ($num == $colNum) {
		$table .= '</tr><tr>';
		$num = 0;
	}
$num++;
}
$table .= '</table>';

echo $table;

mysql_close($con);

?>

my stupidity:

replace this:

if (isset($_POST['submit'])) {
	$id      = $_GET['edit'];
	$author  = $_GET['author'];
	$content = $_GET['content'];
	$today   = $_GET['today'];
	$sql = "UPDATE `blog` SET `author` = '" . $author . "', `content` = '" . $content . "', `today` = '" . $today . "' WHERE `id` = '" . $id . "'";
	$query = mysql_query($sql);	header('Location: ' . $thispage);
}

with this:

if (isset($_POST['submit'])) {
	$id      = $_GET['edit'];
	$author  = $_POST['author'];
	$content = $_POST['content'];
	$today   = $_POST['today'];
	$sql = "UPDATE `blog` SET `author` = '" . $author . "', `content` = '" . $content . "', `today` = '" . $today . "' WHERE `id` = '" . $id . "'";
	$query = mysql_query($sql);
	header('Location: index.php');
}

for the validation dont use javascript. use php to validate it. i don't have time right now to do this but its not hard.

Thanks heaps it works great now.

I've been looking on the internet how to do php validations and I can't find exactly what i'm looking for.

What I want is if the user inserts the wrong password in the password field it doesnt submit/update. It shouldnt be hard for you to make this should it? anyway if you do could you write where I have to place the password like 'place password here' and also tell me where I have to put it.

Thanks again +1 rep. :)

where is the password coming from?

a separate php file which I will call password.php also in this file could I set up maybe 10 usernames and passwords to go with them?

could you explain the way the system works, i am really confused.

ok let ne see if I can make this as clear as I can.

At the moment the edit script is openly accessable by anyone I just want to make it secure again your average person unless thy know the password. For the sake of an example we will make the password scottmandoo.

As you can see on my last script ive added an extra field I want to make it so that of a person uses this script and enters the wrong password, anything other than scottmandoo, the update won't work but if they enter scottmandoo in this new field it will update.

Get me?

Anyway if you need anymore info just let me know.

Btw I dont want to get the password from anywhere though if it will make it any secure then I guess I could make another php file called password.php with $password = 'what ever password I choose'

for security purposes never hardcode any passwords into files, ever. store them in a database.

to fix your problem, i would make them signup to a member of the site. giving you the ability to let them add, edit, and delete their tutorials. this is how you should do it to make the site more user friendly and secure.

it would take some time to code something like that, but its worth it.

Once you have stored the password in the database there are two options:

$pass = mysql_real_escape_string(htmlspecialchars($_POST['password']));

$sql_a = "SELECT * FROM secure WHERE password = '$pass' LIMIT 1";

$result_a = mysql_query($sql_a);

$count_a = mysql_num_rows($result_a);

if($count_a == 1) { //if password is correct
	
	//Run your code to update database
	
} else { //if password is incorrect
	
	// Don't run code; use header to go back to index.php
}

-or-

$sql = "SELECT * FROM secure";

$result = mysql_query($sql);

$row = mysql_fetch_array($result);

$pass = mysql_real_escape_string(htmlspecialchars($_POST['password']));
$apass = $row['password'];

if ($pass == $apass) { // again if pass matches
    //run code to update
} else { // pass doesn't match
    //don't run code; use header to redirect to index.php
}

Hope that helps,

Sam

if (isset($_POST['submitbutton'])) {
	$id      = $_GET['edit'];
	$author  = $_POST['author'];
	$content = $_POST['content'];
	$today   = $_POST['today'];

	$sql = "UPDATE `blog` SET `author` = '" . $author . "', `content` = '" . $content . "', `today` = '" . $today . "' WHERE `id` = '" . $id . "'";
	$query = mysql_query($sql);
	header('Location: index.php');
}

Hey Helraizer, thanks for the codes though i'm having trouble implementing them into my code, above is the update code could you edit that to include your top code.

Thanks,
Scottmandoo

Oh and kkeith29 this isnt for my site this is for a friends site, though your idea would be good but i don't think im up for doing that much coding yet.

if(isset($_POST['submitbutton'])) {
$pass = mysql_real_escape_string(htmlspecialchars($_POST['password']));

$sql_a = "SELECT * FROM secure WHERE password = '$pass' LIMIT 1"; // change field and table names to suit your db

$result_a = mysql_query($sql_a);

$count_a = mysql_num_rows($result_a);

if($count_a == 1) { 
	
	$id      = $_GET['edit'];
	$author  = $_POST['author'];
	$content = $_POST['content'];
	$today   = $_POST['today'];

	$sql = "UPDATE `blog` SET `author` = '" . $author . "', `content` = '" . $content . "', `today` = '" . $today . "' WHERE `id` = '" . $id . "'";
	$query = mysql_query($sql);
	
	echo "Success!! Blog updated.";
	echo "Click <a href='index.php'>here</a> to return to index page.";

}

	
else { 

	header('Location: index.php');
	exit;	

  }
}

Untested, but it'll be something like that,

Hope that helps,
Sam

Ok im getting 2 errors with that code

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /www/10gbfreehost.com/b/l/a/blastburners/htdocs/index.php on line 516

Warning: Cannot modify header information - headers already sent by (output started at /www/10gbfreehost.com/b/l/a/blastburners/htdocs/index.php:5) in /www/10gbfreehost.com/b/l/a/blastburners/htdocs/index.php on line 531

The first one is this $count_a = mysql_num_rows($result_a); The second one is this header('Location: index.php');

Ok, try this

if(isset($_POST['submitbutton'])) {
$pass = mysql_real_escape_string(htmlspecialchars($_POST['password']));

$sql_a = "SELECT * FROM secure WHERE password = '$pass' LIMIT 0, 1"; // change field and table names to suit your db

$result_a = mysql_query($sql_a) or die("Error in SQLa :".mysql_error());

$count_a = mysql_num_rows($result_a);

if($count_a == 1) { 
	
	$id      = $_GET['edit'];
	$author  = $_POST['author'];
	$content = $_POST['content'];
	$today   = $_POST['today'];

	$sql = "UPDATE `blog` SET `author` = '" . $author . "', `content` = '" . $content . "', `today` = '" . $today . "' WHERE `id` = '" . $id . "'";
	$query = mysql_query($sql);
	
	echo "Success!! Blog updated.";
	echo "Click <a href='index.php'>here</a> to return to index page.";

}

	
else { 

	echo "Success!! Blog failed.";
	echo "Click <a href='index.php'>here</a> to return to index page.";


  }
}

You can only use header before echoing anything/displaying anything on the page; so if you had echo code on the page before the header it would give that error. And since it's on line 531, I'm guessing that's the case.

Sam

Thanks Heaps, it works now.

Thanks Heaps, it works now.

Cool, glad I could help! Perhaps change the last

"Success!! Blog failed!" To "Error!! Blog failed!"

Haha yeah I already changed that stuff, thanks again