Okay, in my first tutorial, you learned about creating an install script for your blog as well as the entry form that will add your blogs.

In this tutorial, I’ll teach you how to parse the data out for your audience and how to edit your entries.

/* LET'S GET STARTED! */

Show off your stuff!

Haha, let’s get into how to show your blog posts to your readers. First, we need some pagination. Search for some scripts or tutorials on google and see if you can find anything. We all like different styles of pagination, and I’m not particularly awesome in custom paginating. If you can’t find anything good, use the code I use, just don’t use the styles, you can create your own.

If you’re using the script I do, or some other one that’s similar, you won’t have any trouble following this tutorial. Actually, you won’t have any trouble doing that anyways. Just make sure that the last MySQL query before the while() loop looks something like this:

$sql = "SELECT * FROM $tbl_name ORDER BY id DESC LIMIT $start, $limit";

The important part of the query that we’re looking for is that “ORDER BY id DESC” part, it tells mysql to place the highest id in the front and the lowest in the back ie. the most recent posts will show at the beginning. The rest is up to the actual pagination script. If it doesn’t use limits, don’t worry about it. If you’re experiencing MySQL errors because of this, place the command elsewhere in the query, it should be close to the table_name selector.

Let’s move onto the while() loop. Every paginating script should ask you for the while loop, so let’s show them what we’ve got:

	while($row = mysql_fetch_row($result)) {
		$content = stripslashes($row[3]);
		echo "<h1>$row[1]</h1>";
		echo "<h2>$row[2]</h2>";
		echo "<p>.".$content."</p>";
		echo "<br />";

	}

Simple enough? Let me explain it. The stuff inside the {} curly braces will repeat WHILE the stuff inside the () is true. Basically as long as there’s data present, what happens inside the curly braces will loop over and over. The insides of () basically mean that we’re storing data in the $row variable that corresponds to the $result from the previous $sql query. The function mysql_fetch_row just fetches the data and in the process puts it in the $row variable.

Do you remember our install script? This is what it looked like for our blog table:

$query = "CREATE TABLE blog
(
id int NOT NULL auto_increment primary key,
title blob NOT NULL,
date blob NOT NULL ,
content text NOT NULL
)";

Now, since in the computer language we start counting with 0 and not 1, it makes things a bit confusing. So column zero is id, column one is title etc. The inside of the while loop tells us to put column one as a title between <h1> tags, column two is the date and goes into <h2>tags, and column three is the content and goes into the <p> tags.

Now, I’ll assume that in my previous tutorial, you used the function mysql_real_escape_string() for escaping dangerous characters with the “\” backslash. Here’s where a problem arises. If you didn’t use the stripslashes() function you’d end up with something like this (example):

Here\’s the title

18-01-2010

Here\’s the content of the blog. Aren\’t you excited? \:\)

Okay, I don’t really think the smiley would be escaped like that but it could be! I don’t even bother with the rules anymore because it’s a lot easier to get it escaped with the function. The stripslashes() function is the opposite of the mysql_real_escape_string() function because all it does is take out the backslashes so the content looks proper. Remember that! It’s really important because you’ll be escaping A TON of strings!

But that’s it, give it some styling and you’ll have a lovely blog!

Editing your Entries

So, you can write and post blogs. Now what? Well, it’d be nice if you could edit those blogs just in case you made mistake, right?
Well, let’s get on that. First, you’ll need to use the pagination script you used above in the SAME WAY, except with a different while() loop and some html before the loop. You can add this to the previous blog admin page where you added entries to the blog. It’s what I did.

Okay, so add the pagination script and this is what the while loop and the surrounding area looks like:

<?php
	echo "<table cellpadding=10 border=1>";
	echo "<tr>";
	echo "<td>Id </td>";
	echo "<td>Title</td>";
	echo "<td>Date</td>";
	echo "<td>Delete</td>";
	echo "<td>Edit</td>";
	echo "</tr>";

	while($row = mysql_fetch_row($result)) {
		$id = $row[0];
		echo "<tr>";
        echo "<td>$row[0]</td>";
        echo "<td>$row[1]</td>";
        echo "<td>$row[2]</td>";
		echo "<td><a href=\"".$_SERVER['PHP_SELF']."?cmd=delete&id=".$id."\">Delete</a></td>";
		echo "<td><a href=\"blogedit.php?id=".$id."\">Edit</a></td>";
		echo "</tr>";

	}
	echo "</table>";
?>

Alright, what this basically does is create a table with the headings: id, title, date, delete, and edit. To that correspond the correct rows. Notice that I did not use stripslashes() on the entries, why? Because I honestly don’t care. You can use them, but for me, I just need to know the correct blog title, date, etc.

Onto, delete. Notice the URL, you’ll be adding “cmd=delete&id=$id” to your original URL. What that is is basically manually adding GET information. Why do I do it this way? It’s easier than creating a complicated form with hidden values just for a pretty “delete” submit button. Next, you’ll notice that I’m doing the same thing with the GET but this time I am redirecting my page to a separate blogedit.php with the id information.

Let’s see how we can use that delete link first. I’m going to add a script at the beginning of the file that will DELETE this specific entry from the database.

if ($_GET['cmd'] == "delete")
{
	$id = $_GET['id'];
	$sql = "DELETE FROM blog WHERE id=".$id;
    $result = mysql_query($sql);
    echo "Blog ".$id." deleted!";
}

What this says is basically that if the “cmd” $_GET variable is equal to “delete” then execute the loop. Inside the loop I defined the $id variable and used an SQL query that delete the entry. Notice that I did not mysql_real_escape_string() the $id variable. Once again, I am hoping that you know what you’re doing and that you won’t be purposely SQL injecting and messing up your database.

If you want more assurance that this got done (ie. the blog post got delete), you can make a separate if statement inside:

if (isset($result)) {
     echo "Blog ".$id." deleted!";
}
else {
   echo "Blog post: ".$id." not deleted!";
}

Let’s move onto blogedit.php. Don’t forget to include the connection.php file.

This part should be pretty easy. Let’s start with a loop asking if you’re even on the right page (with the right information) and processing the data.

if (isset($_GET['id'])){
		$id = mysql_real_escape_string($_GET['id']);
		$sql = "SELECT * FROM blog WHERE id = '$id'";
		$result = mysql_query($sql) or die ("Error in query: $query. ".mysql_error());
		$row = mysql_fetch_row($result);
		}

This bit takes care of all the information. So yay! We’ve already executed the SQL to get the data and fetched it and stored inside the $row variable. I’ve mysql_real_escape_string() this one, but once again, it’s all up to you as to what you escape and what you don’t.With this done, we can move on to parse out the information in an editable form.

I want to be able to edit the blog the same way I edit in wordpress, or the way I add the blog. I just want the information to show up inside the appropriate fields!

Well, here’s how you do it:

   <h2>ID = <?php echo $row[0];?></h2>
    <h2>DATE = <?php echo $row[2];?></h2>
    <form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
    <input type="text" name="title" value="<?php echo $row[1]; ?>" size="100" / ><br />
    <textarea rows="25" cols="125" name="content"><?php echo stripslashes($row[3]);?></textarea>
    <input type="hidden" name="id" value="<?php echo $row[0];?>" />
    <br />
    <input type="submit" name="update" value="Update" />
    </form>

Okay, first things first. I want the blog ID and Date. Echo it out, done! Next, we’ll create a form with a self action and with the post method (just like in the first tutorial, we don’t want long URLs because of GET requests). Next, we’ll use the same form we did for the blog entry form but, we add the corresponding values. Notice that I used stripslashes() for the content again. You don’t want to get everything double slashed in the end, you’d have to double stripslashes() for your readers. Anyways, i think the rest is self-explanatory. The data will show up in the appropriate fields, you can add it and press “update” to get everything done.

NEXT! The loop that will make ALL of this happen:

if (isset($_POST['update'])) {
		$id = mysql_real_escape_string($_POST['id']);
		$title = mysql_real_escape_string($_POST['title']);
		$content = mysql_real_escape_string($_POST['content']);
		$sql = "UPDATE blog SET title = '$title', content = '$content' WHERE id = '$id'";
		$result = mysql_query($sql) or die ("Error in query: $query. ".mysql_error());

		if ($result) {
			echo "Blog id = $id updated";
		}

}

Yep, whenever you press that pretty “update” button, this will take place. The blog gets update with everything escaped as it should be. And, look! I finally have that $result loop there! It looks like even I learned something from this tutorial

What’s up next?

Well, in my next tutorial. I will FINALLY cover the login system and authorization stuff. It’s pretty easy but I want everyone to digest this info and ask away if you need anything!

STUFF TO REMEMBER

• Put include(connection.php); at the beginning of every SQL using file!
• The while() loop puts all that data from your database to use!
• MySQL columns are marked starting with ZERO, NOT ONE!
• Use the stripslashes() function to counteract mysql_real_escape_string() function!
• The ?id=23&cmd=edit blah blah stuff is manually inserted GET variable information
• Put all of the loops that do the hard work at the BEGINNING of the page!