php script

[andrewjs18]

any php gurus willing to write me a simple php script? sorry, but I'm still a noob in php. =(

I'm trying to basically get a script so that I can enter data, send it to my database then output it into a table to display it. Also and option to delete/edit the rows would be nice, too.

I created a database with the following fields:
date,
price,
year,
condition,
silver,
gold,
weight

maybe have the table output the same data as the fields in my database.

I'm thankful for anyone who is willing to help out.

[Gaijin]

I can do that, but until I finsih the script... Please read this tutorial....
http://www.supportforums.net/showthread.php?tid=4506

Edit:
could you give me the SQL query string, that was generated when you created the Table...

[andrewjs18]

I can do that, but until I finsih the script... Please read this tutorial....
http://www.supportforums.net/showthread.php?tid=4506

Edit:
could you give me the SQL query string, that was generated when you created the Table...

how do I go back in and get it? I made it like an hour ago.

[Gaijin]

Enter the database you have created your Table in, and the at the top press Export... then just OK and you will get a String...

If you still can find it, just tell me what field which type has, like;
date - DATETIME
price - INT and so on...

[andrewjs18]

Enter the database you have created your Table in, and the at the top press Export... then just OK and you will get a String...

If you still can find it, just tell me what field which type has, like;
date - DATETIME
price - INT and so on...

-- Table structure for table `coin_info`
--

CREATE TABLE IF NOT EXISTS `coin_info` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`date` varchar(100) NOT NULL,
`price` varchar(100) NOT NULL,
`condition` varchar(100) NOT NULL,
`year` varchar(100) NOT NULL,
`silver` varchar(100) NOT NULL,
`gold` varchar(100) NOT NULL,
`weight` varchar(100) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

[Gaijin]

Here you go, there are 3 files;
coin.php, connect.php and list.php

files (Click to View)

connect.php

Code:

<?php

$db = array(
    "host" => "localhost", # host
    "user" => "root", # login username
    "pass" => "", # login password
    "base" => "tut" # database name
);

if(!$connect = @mysql_connect($db['host'], $db['user'], $db['pass'])) {
    # echo mysql_error(), "<br />"; # mysql error
    die("Not Connected!");
}elseif(!$database = @mysql_select_db($db['base'])) {
    # echo mysql_error(), "<br />"; # mysql error
    die("Database {$db['base']} can not be found!");
}


?>

list.php

Code:

<?php

$sql = "SELECT * FROM `coin_info`;";
$sql = mysql_real_escape_string(trim($sql));

if(!$query = mysql_query($sql)) {
    # echo mysql_error(), "<br />";
    die("SQL Query failed!");
}

echo <<<TABLE
<table border="1">
    <tr>
        <td>&nbsp;</td><td>ID</td><td>DATE</td><td>PRICE</td><td>CONDITION</td>
        <td>YEAR</td><td>SILVER</td><td>GOLD</td><td>WEIGHT</td>
    </tr>
TABLE;

while($row = mysql_fetch_array($query)) {
    echo "<tr>";
    
    echo "<td><a href=\"t.php?edit={$row['id']}\">Edit</a> | <a href=\"t.php?del={$row['id']}\">Delete</a>";
    echo "<td>{$row['id']}</td><td>{$row['date']}</td><td>{$row['price']}</td><td>{$row['condition']}</td>";
    echo "<td>{$row['year']}</td><td>{$row['silver']}</td><td>{$row['gold']}</td><td>{$row['weight']}</td>";
    
    echo "</tr>";
}

mysql_free_result($query);

echo <<<TABLE
</table><hr /><hr />
TABLE;

?>

coin.php

Code:

<?php

require_once "connect.php";

$id = NULL;
$submit = "add";

if(isset($_POST['add'])) {

    $id = NULL;
    $date = trim($_POST['date']);
    $price = trim($_POST['price']);
    $condition = trim($_POST['condition']);
    $year = trim($_POST['year']);
    $silver = trim($_POST['silver']);
    $gold = trim($_POST['gold']);
    $weight = trim($_POST['weight']);

    $sql = "INSERT INTO `coin_info` (";
    $sql .= "`id` ,`date` ,`price` ,`condition` ,`year` ,`silver` ,`gold` ,`weight`";
    $sql .= ")VALUES (";
    $sql .= "NULL , '{$date}', '{$price}', '{$condition}', '{$year}', '{$silver}', '{$gold}', '{$weight}');";
    
    if(!@mysql_query($sql)) {
        echo mysql_error(), "<br />"; # mysql error
        die("SQL Query failed!");
    }else{
        echo "Coin added!", "<br />";
    }


}elseif(isset($_GET['edit'])) {
    $id = $_GET['edit'];
    $submit = "edit";
    
    $sql = "SELECT * FROM `coin_info` WHERE `id` = '{$id}';";
    $sql = trim($sql);
    
    if(!$query = @mysql_query($sql)) {
        # echo mysql_error(), "<br />";
        die("Unkown ID");
    }else{
        echo "EDIT ID : {$id}!", "<br />";
    }
    
    mysql_free_result($query);
}elseif(isset($_POST['edit'])) {

    $edit_id = (int) $_POST['id'];
    $sql = "UPDATE `coin_info` SET `date` = '{$_POST['date']}',";
    $sql .= "`price` = '{$_POST['price']}',`condition` = '{$_POST['condition']}',`year` = '{$_POST['year']}',";
    $sql .= "`silver` = '{$_POST['silver']}',`gold` = '{$_POST['gold']}',`weight` = '{$_POST['weight']}' ";
    $sql .= "WHERE `id` = '{$edit_id}' LIMIT 1 ;";
    
    if(!@mysql_query($sql)) {
         echo mysql_error(), "<br />"; # mysql error
        die("Edit failed!");
    }else{
        echo "Edited {$edit_id}!", "<br />";
    }
}elseif(isset($_GET['del'])) {
    $del_id = trim($_GET['del']);
    
    $sql = "DELETE FROM `coin_info` WHERE `id` = '{$del_id}' LIMIT 1";
    if(!@mysql_query($sql)) {
        # echo mysql_error(), "<br />";
        die("Could not delete ID {$del_id}");
    }else{
        echo "Deleted ID ", $id, "<br />";
    }
}


echo <<<HTML
<form action="coin.php" method="post">
    <input type="text" name="id" value="{$id}" /><br />
    <input type="text" name="date" value="01.01.1257" /><br />
    <input type="text" name="price" value="13,001 $" /><br />
    <input type="text" name="condition" value="1" /><br />
    <input type="text" name="year" value="1567" /><br />
    <input type="text" name="silver" value="23" /><br />
    <input type="text" name="gold" value="100" /><br />
    <input type="text" name="weight" value="5" /><br />
    <input type="submit" name="{$submit}" value="Submit" />
</form>
HTML;


include "list.php";
mysql_close($connect);

Read the files and try to understand what they are doing...
If you have any question just ask....

also you can read more here;
http://www.supportforums.net/showthread.php?tid=1609
http://www.supportforums.net/showthread.php?tid=4506

[TheLifelessOne]

I hope you protected those against injections...

[Gaijin]

I hope you protected those against injections...

A Bit, I will support him, but I won't do the work for him...
Here are tutorials about security..

[andrewjs18]

thanks for the files. I'm getting this error when trying to access list.php:

Code:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'uglycars'@'localhost' (using password: NO) in /home/uglycars/public_html/andrewshemo/coins/list.php on line 4

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/uglycars/public_html/andrewshemo/coins/list.php on line 4

Warning: mysql_query() [function.mysql-query]: Access denied for user 'uglycars'@'localhost' (using password: NO) in /home/uglycars/public_html/andrewshemo/coins/list.php on line 6

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in /home/uglycars/public_html/andrewshemo/coins/list.php on line 6
SQL Query failed!

[Gaijin]

That is because the file was not meant for direct access, it requires a SQL connection...
The file is included at the bottom of coin.php and since the coin.php has established connection it works.
But if you try to access the list.php on it's own it fails, to solve that you put this at the beginning of the list.php

PHP Code:

if(!defined(@$connect)) {
    include "connect.php";
} 


It will include the connect.php if $connect wasn't declared.