ansaurus

Question

'Edit' function for forum posts and such

Answer 1

A:

I'm not sure I understood what you said. If you want a way to edit things in place, you can use this jQuery plugin: Jeditable (with Ajax).

CrociDB 2010-07-27 09:34:13

Yeah, sorry for not mentioning; but what I want it to do is update the changed value inside of a MySQL table. For example if someone edits a field called 'Title' on the page, and clicks the update button, I want it to update the 'Title' field in the table.

Nisto 2010-07-27 09:45:50

"UPDATE Table SET field='value', another_field='another_value'WHERE id=2" - About SQL UPDATE: http://www.w3schools.com/sql/sql_update.asp

CrociDB 2010-07-27 09:49:46

Yeah, I know about the UPDATE command, but what I don't understand is how I 'detect' what's been changed and how to update that. Or could I just use the UPDATE command and simply update everything, even if only one field was changed?

Nisto 2010-07-27 09:53:18

You can do just like Daniel Bingham said and then update everything in the database.

CrociDB 2010-07-27 10:04:17

Answer 2

A:

If you just need an idea how to create a basic edit form in PhP, that's easy enough. When they click the edit button take them to a new form. Pull the content from the database, using whatever database accessing api you are, and then initialize the field with it. For example, where $content has the content of the field:

echo '<textarea name="content">'.htmlspecialchars($content).'</textarea>';

When they submit the form, take whats now in the field and use it to update the table. It's the same as the original insert script, except that you use update statements instead of insert.

Daniel Bingham 2010-07-27 09:42:46

This gave me some ideas, sort of explained it. Thanks for your answer!

Nisto 2010-07-27 09:55:19

edited your code a bit

Col. Shrapnel 2010-07-27 10:19:49

@Col. Shrapnel Cheers.

Daniel Bingham 2010-07-27 10:20:39

Answer 3

+1 A:

You need 2 PHP files to do this. You could use a single file but the concept is easier to explain this way.

A form that will load the database content into the fields where users can then edit the values and then submit them for change by pressing a button once done.
A file that receives the changed information and updates the database.

Here is a code example for the first file:

<?php 
// connect to SQL
$dbcnx = @mysql_connect("localhost", "db_name", "password");
if (!$dbcnx) {
  echo( "<P>Unable to connect to the database server at this time.</P>" );
  exit();
}
// connect to database
$dbcon = @mysql_select_db("db_table", $dbcnx);
if (!$dbcon) {
  echo( "<P>Unable to locate DB table at this time.</P>" );
  exit();
}

#data preparation for the query
$id = intval($_GET["id"]);

# selects title and description fields from database
$sql = "SELECT * FROM table_name WHERE id=$id";
$result = mysql_query($sql) or die(mysql_error());        
# retrieved by using $row['col_name']
$row = mysql_fetch_array($result);

?>

<h3>Edit</h3>
<form action="save_edit.php" enctype="multipart/form-data" method="post" name="myForm" />
  <table>
    <tr>
      <td><b>Title</b></td>
      <td><input type="text" size="70" maxlength="100" name="title" value="<?php echo $row['title'] ?>"></td>
    </tr>
    <tr>
      <td><b>Description</b></td>
      <td><textarea cols="80" rows="18" name="description"><?php echo $row['description']; ?></textarea></td>
    </tr>
  </table>
  <input type="hidden" name="id" value="<?php echo $id; ?>" />
  <input name="enter" type="submit" value="Edit">
</form>

<?php 
mysql_close($dbcnx);
?>

And here is an example of code for the second file where it receives the changes made by the user and updates the database.

<?php
// connect to SQL
$dbcnx = @mysql_connect("localhost", "db_name", "password");
if (!$dbcnx) {
  echo( "<P>Unable to connect to the database server at this time.</P>" );
  exit();
}
// connect to database
$dbcon = @mysql_select_db("db_table", $dbcnx);
if (!$dbcon) {
  echo( "<P>Unable to locate DB table at this time.</P>" );
  exit();
}

#data preparation for the query
$id = intval($_POST["id"]);
foreach ($_POST as $key => $value) $_POST[$key] = mysql_real_escape_string($value);

$sql = "UPDATE table_name SET 
        title='$_POST[title]', 
        description='$_POST[description]', 
        WHERE id=$id";

if (!mysql_query($sql,$dbcnx)) {
  die('Error: ' . mysql_error());
}

mysql_close($dbcnx);
header ("location: http://www.domain.com/url_to_go_to_after_update");
?>

Martin 2010-07-27 10:10:57

edited your code a bit

Col. Shrapnel 2010-07-27 10:18:53

Thanks a lot! Really helpful. Will try this out. Accepting this answer.

Nisto 2010-07-27 10:25:30

Thanks Col. that helps to stop SQL injection attacks - mysql_real_escape_string($value)

Martin 2010-07-27 10:29:21

Not really. mysql_real_escape_string itself stops nothing. *combined with quotes* it stops syntax errors. What stops injections - that's `intval` thing.

Col. Shrapnel 2010-07-27 10:41:34

I wish I was remove also these terrible error messages "Cannot locate blah-blah". There must be 503 http error and some excuses. And nothing more. While the real error should be triggered and logged.

Col. Shrapnel 2010-07-27 10:55:40

Answer 4

A:

To extend Daniel's code a bit

<?php

$filename = "file.txt";

if ($_SERVER['REQUEST_METHOD'] == 'POST']) {
  file_put_contents($filename, $_POST['content']);
  header("Location: ".$_SERVER['PHP_SELF']);
  exit;
}
$content = htmlspecialchars(file_get_contents($filename));
?>
<form method="POST">
<textarea name="content"><?php echo $content?></textarea><br>
<input type="submit">
</form>

Col. Shrapnel 2010-07-27 10:26:16

ansaurus

tags:

views:

answers:

'Edit' function for forum posts and such

related questions