Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Building a blog from scratch using PHP

0 views
Skip to first unread message

JT

unread,
Jul 10, 2008, 3:00:20 PM7/10/08
to
I am new to PHP, and have been working my way through creating a blog
from scratch. Thus far I have learned a great deal, although from
reading articles on the web I know eventually I should work toward an
MVC model rather than mixing PHP snippets in with my HTML.

In any case, I am having an issue validating request URLs, and
matching that with what is present in my database. So here is how I
have setup my blog to work:

I have a MySQL database setup with the following tables and rows:

TABLE categories
id tinyint not null auto_increment
cat varchar(20)
primary key (id)

TABLE entries
id int auto_increment
cat_id tinyint
dateposted datetime
subject varchar(50)
body text
PRIMARY KEY (id)

TABLE comments
id int auto_increment
blog_id int
dateposted datetime
name varchar(50)
comment text
PRIMARY KEY (id)

TABLE login
id tinyint auto_increment
username varchar(10)
password varchar(10)
PRIMARY KEY (id)


Now, I have an index.php page that has my home page layout, and
displays the 5 most recent blog posts. Each blog entry title is a
link, and when you click that you go to a page
http://www.myblog.com/blog/viewentry.php?id=<blog entry id>. The
viewentry.php page displays that full blog posting, as well as any
comments, and provides the option for the reader to post a comment.

As part of the viewentry.php page, I have it do a validation check,
that stores the result in the variable $validentry. My logic is this:

The isset() function checks to see if the GET variable exists. If it
does, isset() returns TRUE; if not, $validentry is set to 0. If a
variable is being passed to GET, I run a check to make sure the value
is numeric using the is_numeric() function. If the result is false,
$error is set to 1. Next, if $error has been set to 1, I use the
header() command to redirect back to my main page.

What I want is to do the URL validation like I just describe, but I
also want it to compare whether the input matches an actual database
entry, and if not return a 404 error. Right now, for some reason if
you type in http://www.myblog.com/blog/viewentry.php?id=500, and I
only have 3 rows in my database, it doesnt return an error, it
displays the viewentry page thats blank with my post footer displaying
a bogus date.

My validation code is below. I appreciate any help. Let me know if
you need more information.

<?php
// Validate GET input
require("config/config.php");

if(isset($_GET['id']) == TRUE) {
if(is_numeric($_GET['id']) == FALSE) {
$error = 1;
}
if($error == 1) {
header("Location: " . $config_basedir);
}
else {
$validentry = $_GET['id'];
}
}
else {
$validentry = 0;
}
?>

<?php

require("header.php");

if($validentry == 0) {

$sql = "SELECT entries.*, categories.cat FROM entries, categories
WHERE entries.cat_id = categories.id ORDER BY dateposted DESC LIMIT
1;";

}

else {

$sql = "SELECT entries.*, categories.cat FROM entries, categories
WHERE entries.cat_id = categories.id AND entries.id = " .
$validentry . " ORDER BY dateposted DESC LIMIT 1;";

}

$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
?>

// Display data

P.S. If you know any good blog tutorials, please feel free to let me
know.

Thanks
JT

Jerry Stuckle

unread,
Jul 10, 2008, 5:30:05 PM7/10/08
to

http://us.php.net/header

>
> P.S. If you know any good blog tutorials, please feel free to let me
> know.
>
> Thanks
> JT
>

There's more to blogs than just entries in the database. Blogs, for
instance, typically have RSS feeds available.

I don't know of any blog tutorials, but I'm sure there are some. I just
use pre-written blog software. Why reinvent the wheel? :-)


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstu...@attglobal.net
==================

Peter D.

unread,
Jul 11, 2008, 10:21:31 AM7/11/08
to
> link, and when you click that you go to a pagehttp://www.myblog.com/blog/viewentry.php?id=<blog entry id>.  The

> viewentry.php page displays that full blog posting, as well as any
> comments, and provides the option for the reader to post a comment.
>
> As part of the viewentry.php page, I have it do a validation check,
> that stores the result in the variable $validentry.  My logic is this:
>
> The isset() function checks to see if the GET variable exists. If it
> does, isset() returns TRUE; if not, $validentry is set to 0.  If a
> variable is being passed to GET, I run a check to make sure the value
> is numeric using the is_numeric() function.  If the result is false,
> $error is set to 1.  Next, if $error has been set to 1, I use the
> header() command to redirect back to my main page.
>
> What I want is to do the URL validation like I just describe, but I
> also want it to compare whether the input matches an actual database
> entry, and if not return a 404 error.  Right now, for some reason if
> you type inhttp://www.myblog.com/blog/viewentry.php?id=500, and I

Why don't you just validate the information you get back from the
database. Or do a mysql_num_rows and if it returns 0 then there are no
rows matching your query. if mysql_num_rows == 0 go back to main page.

Maybe?

Sven

unread,
Jul 12, 2008, 6:17:05 AM7/12/08
to
On 2008-07-11 15:21:31 +0100, "Peter D." <pet...@gmail.com> said:

> On Jul 10, 3:00 pm, JT <tornet...@gmail.com> wrote:

>> <SNIP>


>>
>> What I want is to do the URL validation like I just describe, but I
>> also want it to compare whether the input matches an actual database
>> entry, and if not return a 404 error.  Right now, for some reason if
>> you type inhttp://www.myblog.com/blog/viewentry.php?id=500, and I
>> only have 3 rows in my database, it doesnt return an error, it
>> displays the viewentry page thats blank with my post footer displaying
>> a bogus date.
>>

>> <SNIP>


>>
>> Thanks
>> JT
>
> Why don't you just validate the information you get back from the
> database. Or do a mysql_num_rows and if it returns 0 then there are no
> rows matching your query. if mysql_num_rows == 0 go back to main page.
>
> Maybe?

That'd be the correct way of doing it.
You could even direct to the 404 page if the query result is empty.

Condiser changing:


if(is_numeric($_GET['id']) == FALSE) {
$error = 1;
}
if($error == 1) {
header("Location: " . $config_basedir);
}
else {
$validentry = $_GET['id'];
}

to:


if(is_numeric($_GET['id']) == FALSE) {

header("Location: " . $config_basedir);
}
else {
$validentry = $_GET['id'];
}


--
./Sven

JT

unread,
Jul 12, 2008, 10:25:27 AM7/12/08
to
On Jul 12, 6:17 am, Sven wrote:

Thanks everyone, I will try your suggestions using mysql_num_rows, and
I will also remove the $error variable. I'll let you know how it
turns out as soon as I get time to update my code.

JT

Jim Carlock

unread,
Jul 17, 2008, 10:09:17 AM7/17/08
to
<Sven> posted:
: Consider:
:
: if(is_numeric($_GET['id']) == FALSE) {

: header("Location: " . $config_basedir);
: } else {
: $validentry = $_GET['id'];
: }
:

Just curious, should that code read as:

if(is_numeric($_GET['id']) === FALSE) {
header("Location: " . $config_basedir);
exit();


} else {
$validentry = $_GET['id'];
}

Because what if id = 0. And should one not ALWAYS employ an
exit(); statement after a redirection? Is it now safe to use
redirection without the exit();?

--
JC
Natural Cure For Pink-Eye (Conjunctivitis)
http://www.associatedcontent.com/article/381336/saliva_a_natural_cure_for_conjunctivitis.html


0 new messages