Edit button on a php/html page

There are no possibilities in PHP, only challenges. ;)

First of all, it depends how you are with PHP? Are you able to write login scripts and use sessions/cookies? Are you able to use databases?

Just some basic information of your page structure would help.

Most websites store their articles in a database, and then they have a dynamic webpage which pulls the article from the database. Now, the nifty thing with databases is you can easily edit the information in the database - something that you're looking for?

If you're using a database it will make things much, much easier.

Regards.

Well I have wrote a simple login script, where every page starts with
[PHP]session_start() ;
if(!session_is_ registered(user name)){
header("locatio n:main_login.ph p");
}[/PHP]

And have done a little programming that allows user to registrate there self as users. The info is registarted in a simple mysql databse
[PHP]
<html>
<body>
<?php
include('config .php');

// table name
$tbl_name=temp_ members;

// values sent from form
$username=$_POS T['username'];
$password=$_POS T['password'];
$email=$_POST['email'];

$checkuser = mysql_query("SE LECT username FROM members WHERE username='$user name'");
$username_exist = mysql_num_rows( $checkuser);
if($username_ex ist > 0){
echo "I'm sorry but the username you specified has already been taken. Please pick another one.";
unset($username );
include 'signup.php';
exit();
}

// Insert data into database
$sql="INSERT INTO temp_members(co nfirm_code, username, password, email)VALUES('$ confirm_code', '$username', '$password', '$email')";
$result=mysql_q uery($sql);
if($result){
echo "Please login";
?>
<br>click<a href="index.php ">here</a>
</body>
</html>
[/PHP]

Here is the link I used


If you need more info, please tell me..

Skuer

Sorry for the late reply, mate - i've been a tad busy!

Anyway, to the problem at hand:

When you say 'edit the text on the page', what do you mean?

If you have a page which pulls data out of a database, say an article, you could have a link which takes you to articleedit.php and also the article id in the url to locate the article articleedit.php ?art_id=8763

Then you'd supply the text into a textarea and allow someone to modify it, then save it.

I suggest you have a good read through some tutorials on mysql as it will make things a hell of alot easier

Sorry about the late reply again!
Also, i have been pretty vague about how i can help but we have a policy for not just supplying code - we like you to learn while you're at it!

Regards.

Just as a tip, you may want to consider adding something to code such as this, see my comment in your code below:

As an example, imagine if I could guess my way to the name of your database table "members", and then supply this string to the username input field:

XYZ'; delete from members;'

Your query would then look like this:

mysql_query("SE LECT username FROM members WHERE
username='XYZ'; delete from members;' '

This is syntactically correct and contains 3 queries, the last one being just empty. I don't think you want the second one to happen, which will empty out your table.

Always check or clean up inputs from users before using them in executable code.

Adding to this: mysql provides a nice fundtion for cleansing input: mysql_real_esca pe_string()

:)

correction on the previous post by coolsti: the 3-in-1 query will not work in a mysql_query() command, it will return a syntax error.

However, you are still open to other attacks like when you enter that will generate 1 command meaning that the query always returns a result and you could be logged in.

Ronald

Thanks for all the help..

I'll try my best to find my answer..

And i hope I'll still get mye questions answered if i hit a wall, and can't find the door..

Skuer

:)

I stand corrected and thanks for the fine example of what could go wrong, Ron!