Hello.

I haven't made a tutorial for a while, so I decided to write a tutorial about the basic one that I coded around three weeks ago, I have heavily commented the code to help you understand but also I will explain while going along.

This CMS (Content Management System) will run off a MySQL Database and PHP so you will need:
PHP Enabled Server
MySQL Database
PHPMyAdmin
NotepadFirst of all open up cPanel and then go to your MySQL Database and set one up and then go into Phpmyadmin and run the following SQL code.


CREATE TABLE `newscms` (
`id` int(10) unsigned NOT NULL auto_increment,
`date` varchar(50) default NULL,
`title` varchar(50) NOT NULL default '',
`message` text NOT NULL,
`user` varchar(50) NOT NULL default '',
PRIMARY KEY (`id`),
KEY `date` (`date`)
);
That does not need to be changed at all especially if you are a novice to the PHP language so run that and it shows a field for each of them. We know need to start coding.

Database Connection

We will need to connect to the Database so we would use something like this: (I have commented the code. They appear as //)


<?
$username = "username";

// MySQL Database Username such as danwill_danwill

$password = "password";

// MySQL Database Password, don't choose an easy one to guess

$host = "localhost";

// MySQL Host it is usually LocalHost so keep that the same

$database = "database";

// MySQL Database name

// Don't Change Below Unless You Are Good At PHP!
mysql_connect($host,$username,$password) or die("Error connecting to Database! " . mysql_error());
mysql_select_db($database) or die("Cannot select database! " . mysql_error());
?>
So basically this establishes a conenction to the Database and we will call this databaseconnection.php.

Displaying The Data

When I write a PHP script I make sure I can display and output the Data from a Database so this comes next, again the code is heavily commented.



<?
include('databaseconnection.php');

// Includes Database Connection


$result = mysql_query("select * from newscms order by id desc limit 7");


// Selects The Table So Don't Change Apart From The 7 Which You Can.

while($r=mysql_fetch_array($result))
{
$id=$r["id"];
$title=$r["title"];
$date=$r["date"];
$user=$r["user"];
$message=$r["message"];

// Grabs All The Data From Your Database Table

echo "$title <br /> Posted on $date <br />Posted by: <b>$user</b><br>$message <br>";
}
?>
Anyway that basically grabs the data from your Database via the variables which are the names of the table fields and then echos them onto your webpage, know we will need somewhere too add the news.

Add News

This is NOT secure as I used HTAccess so you willl need to add some kind of security precautions such as a password.

Again the code is heavily commented.




<?

include('databaseconnection.php');

// Database Connection Again

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<head>
<title>Add News Panel</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<style type="text/css">
<!--
body{
font-family: verdana;
font-size: 12px;
color: #000000;
}

.container{
width: 400px;
background-color: #ffffff;
margin-left: auto;
margin-right: auto;
margin-top: 15px;
}

.addnews{
width: 380px;
padding-left: 10px;
padding-right: 10px;
}
--!>
</style>
</head>
<body>
<div class="container">
<div class="addnews">
<form action="addnews.php" method="post">
<br />Title:
<br /><input name="title" type="text" value="Title">
<br />Author:
<br /><input name="user" type="text" value="Name">
<br />Date:
<br /><input name="date" type="text" value="<?php print date("F j Y"); ?>">
<br />Message:
<br /><textarea name="message" cols="40" rows="6" value="Message"> </textarea>
<?php

$title = addslashes(strip_tags($_POST['title']));

// Title

$user = addslashes(strip_tags($_POST['user']));

// User

$message = $_POST['message'];

// Message

$date = addslashes(strip_tags($_POST['date']));

// Date

$sql = "INSERT INTO newscms SET title='$title', user='$user', message='$message', date='$date'";
if (mysql_query($sql)) {
echo("Your news has been added.");
} else {
echo("Error adding entry: " . mysql_error() . "");
}
}
?>

//SQL and Finished
Don't change anything on Add News as it's important unless you know what you are doing.

Hope you understood and enjoyed this, don't forget it would be easily got past without HTAccess.

Thanks
Encryptions

Closed by Kardan (Forum Moderator): Bumped, thread closed.

Nice tut :)
Although instead of using this line of code:


$title = addslashes(strip_tags($_POST['title']));

// Title

$user = addslashes(strip_tags($_POST['user']));

// User

$message = $_POST['message'];

// Message

$date = addslashes(strip_tags($_POST['date']));

you could just as easily use this:


foreach($_POST as $key => $val) {
$_POST[$key] = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES)));
}

Nice tut :)
Although instead of using this line of code:


$title = addslashes(strip_tags($_POST['title']));

// Title

$user = addslashes(strip_tags($_POST['user']));

// User

$message = $_POST['message'];

// Message

$date = addslashes(strip_tags($_POST['date']));
you could just as easily use this:


foreach($_POST as $key => $val) {
$_POST[$key] = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES)));
}

Hello.

Yes but that would be a bit more advanced and just doing it my way would help newcomers to get to grasps with editing the code without going into too much detail. I may write a whole new one tomorrow if I have the time.

Thanks,
Encryptions

Nice tut +rep

Nice tut :)
Although instead of using this line of code:


$title = addslashes(strip_tags($_POST['title']));

// Title

$user = addslashes(strip_tags($_POST['user']));

// User

$message = $_POST['message'];

// Message

$date = addslashes(strip_tags($_POST['date']));

you could just as easily use this:


foreach($_POST as $key => $val) {
$_POST[$key] = stripslashes(strip_tags(htmlspecialchars($val, ENT_QUOTES)));
}

Clever piece of code none the less. However it forces all POST variables to be stripped of tags and this is not always required. In-fact the code will strip tags from the 'message' variable which in good company needs to be there for simple HTML formatting.

Is it me or isn't the submit button missing from the form? (on the add news page)

Is it me or isn't the submit button missing from the form? (on the add news page)
It's missing lol.. ;)

Good find tom.

well i can turn it into a DJ says witha login and **** so well done :)

Umm... This threads like 7 months old. Don't bump old threads.

There is not much posting in this forum so It does not matter

That could be MySQL Injected.I would recomend doing what splinter said.

All information that is entered into the database should be filtered with mysql_real_escape_string(). Otherwise it is vulnerable to SQL injection.

Submit is missing LOL

If you read the previous posts you'd know that.

Wd on bumping old thread though.

good tutorial

Do you have edit or delete news script for this?

Edited by Kardan (Forum Moderator): Please do not bump old threads.

Do you have edit or delete news script for this?
Don't you think this was a little too old of a thread to bump? ;)

Do you have edit or delete news script for this?

Instead of bumping it would of been easier to PM the user or request someone to make it. :)