Okay, in my first tutorial, you learned about creating an install script for your blog as well as the entry form that will add your blogs.

In this tutorial, I’ll teach you how to parse the data out for your audience and how to edit your entries.

/* LET'S GET STARTED! */

Show off your stuff!

Haha, let’s get into how to show your blog posts to your readers. First, we need some pagination. Search for some scripts or tutorials on google and see if you can find anything. We all like different styles of pagination, and I’m not particularly awesome in custom paginating. If you can’t find anything good, use the code I use, just don’t use the styles, you can create your own.

If you’re using the script I do, or some other one that’s similar, you won’t have any trouble following this tutorial. Actually, you won’t have any trouble doing that anyways. Just make sure that the last MySQL query before the while() loop looks something like this:

$sql = "SELECT * FROM $tbl_name ORDER BY id DESC LIMIT $start, $limit";

The important part of the query that we’re looking for is that “ORDER BY id DESC” part, it tells mysql to place the highest id in the front and the lowest in the back ie. the most recent posts will show at the beginning. The rest is up to the actual pagination script. If it doesn’t use limits, don’t worry about it. If you’re experiencing MySQL errors because of this, place the command elsewhere in the query, it should be close to the table_name selector.

Let’s move onto the while() loop. Every paginating script should ask you for the while loop, so let’s show them what we’ve got:

	while($row = mysql_fetch_row($result)) {
		$content = stripslashes($row[3]);
		echo "<h1>$row[1]</h1>";
		echo "<h2>$row[2]</h2>";
		echo "<p>.".$content."</p>";
		echo "<br />";

	}

Simple enough? Let me explain it. The stuff inside the {} curly braces will repeat WHILE the stuff inside the () is true. Basically as long as there’s data present, what happens inside the curly braces will loop over and over. The insides of () basically mean that we’re storing data in the $row variable that corresponds to the $result from the previous $sql query. The function mysql_fetch_row just fetches the data and in the process puts it in the $row variable.

Do you remember our install script? This is what it looked like for our blog table:

$query = "CREATE TABLE blog
(
id int NOT NULL auto_increment primary key,
title blob NOT NULL,
date blob NOT NULL ,
content text NOT NULL
)";

Now, since in the computer language we start counting with 0 and not 1, it makes things a bit confusing. So column zero is id, column one is title etc. The inside of the while loop tells us to put column one as a title between <h1> tags, column two is the date and goes into <h2>tags, and column three is the content and goes into the <p> tags.

Now, I’ll assume that in my previous tutorial, you used the function mysql_real_escape_string() for escaping dangerous characters with the “\” backslash. Here’s where a problem arises. If you didn’t use the stripslashes() function you’d end up with something like this (example):

Here\’s the title

18-01-2010

Here\’s the content of the blog. Aren\’t you excited? \:\)

Okay, I don’t really think the smiley would be escaped like that but it could be! I don’t even bother with the rules anymore because it’s a lot easier to get it escaped with the function. The stripslashes() function is the opposite of the mysql_real_escape_string() function because all it does is take out the backslashes so the content looks proper. Remember that! It’s really important because you’ll be escaping A TON of strings!

But that’s it, give it some styling and you’ll have a lovely blog!

Editing your Entries

So, you can write and post blogs. Now what? Well, it’d be nice if you could edit those blogs just in case you made mistake, right?
Well, let’s get on that. First, you’ll need to use the pagination script you used above in the SAME WAY, except with a different while() loop and some html before the loop. You can add this to the previous blog admin page where you added entries to the blog. It’s what I did.

Okay, so add the pagination script and this is what the while loop and the surrounding area looks like:

<?php
	echo "<table cellpadding=10 border=1>";
	echo "<tr>";
	echo "<td>Id </td>";
	echo "<td>Title</td>";
	echo "<td>Date</td>";
	echo "<td>Delete</td>";
	echo "<td>Edit</td>";
	echo "</tr>";

	while($row = mysql_fetch_row($result)) {
		$id = $row[0];
		echo "<tr>";
        echo "<td>$row[0]</td>";
        echo "<td>$row[1]</td>";
        echo "<td>$row[2]</td>";
		echo "<td><a href=\"".$_SERVER['PHP_SELF']."?cmd=delete&id=".$id."\">Delete</a></td>";
		echo "<td><a href=\"blogedit.php?id=".$id."\">Edit</a></td>";
		echo "</tr>";

	}
	echo "</table>";
?>

Alright, what this basically does is create a table with the headings: id, title, date, delete, and edit. To that correspond the correct rows. Notice that I did not use stripslashes() on the entries, why? Because I honestly don’t care. You can use them, but for me, I just need to know the correct blog title, date, etc.

Onto, delete. Notice the URL, you’ll be adding “cmd=delete&id=$id” to your original URL. What that is is basically manually adding GET information. Why do I do it this way? It’s easier than creating a complicated form with hidden values just for a pretty “delete” submit button. Next, you’ll notice that I’m doing the same thing with the GET but this time I am redirecting my page to a separate blogedit.php with the id information.

Let’s see how we can use that delete link first. I’m going to add a script at the beginning of the file that will DELETE this specific entry from the database.

if ($_GET['cmd'] == "delete")
{
	$id = $_GET['id'];
	$sql = "DELETE FROM blog WHERE id=".$id;
    $result = mysql_query($sql);
    echo "Blog ".$id." deleted!";
}

What this says is basically that if the “cmd” $_GET variable is equal to “delete” then execute the loop. Inside the loop I defined the $id variable and used an SQL query that delete the entry. Notice that I did not mysql_real_escape_string() the $id variable. Once again, I am hoping that you know what you’re doing and that you won’t be purposely SQL injecting and messing up your database.

If you want more assurance that this got done (ie. the blog post got delete), you can make a separate if statement inside:

if (isset($result)) {
     echo "Blog ".$id." deleted!";
}
else {
   echo "Blog post: ".$id." not deleted!";
}

Let’s move onto blogedit.php. Don’t forget to include the connection.php file.

This part should be pretty easy. Let’s start with a loop asking if you’re even on the right page (with the right information) and processing the data.

if (isset($_GET['id'])){
		$id = mysql_real_escape_string($_GET['id']);
		$sql = "SELECT * FROM blog WHERE id = '$id'";
		$result = mysql_query($sql) or die ("Error in query: $query. ".mysql_error());
		$row = mysql_fetch_row($result);
		}

This bit takes care of all the information. So yay! We’ve already executed the SQL to get the data and fetched it and stored inside the $row variable. I’ve mysql_real_escape_string() this one, but once again, it’s all up to you as to what you escape and what you don’t.With this done, we can move on to parse out the information in an editable form.

I want to be able to edit the blog the same way I edit in wordpress, or the way I add the blog. I just want the information to show up inside the appropriate fields!

Well, here’s how you do it:

   <h2>ID = <?php echo $row[0];?></h2>
    <h2>DATE = <?php echo $row[2];?></h2>
    <form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
    <input type="text" name="title" value="<?php echo $row[1]; ?>" size="100" / ><br />
    <textarea rows="25" cols="125" name="content"><?php echo stripslashes($row[3]);?></textarea>
    <input type="hidden" name="id" value="<?php echo $row[0];?>" />
    <br />
    <input type="submit" name="update" value="Update" />
    </form>

Okay, first things first. I want the blog ID and Date. Echo it out, done! Next, we’ll create a form with a self action and with the post method (just like in the first tutorial, we don’t want long URLs because of GET requests). Next, we’ll use the same form we did for the blog entry form but, we add the corresponding values. Notice that I used stripslashes() for the content again. You don’t want to get everything double slashed in the end, you’d have to double stripslashes() for your readers. Anyways, i think the rest is self-explanatory. The data will show up in the appropriate fields, you can add it and press “update” to get everything done.

NEXT! The loop that will make ALL of this happen:

if (isset($_POST['update'])) {
		$id = mysql_real_escape_string($_POST['id']);
		$title = mysql_real_escape_string($_POST['title']);
		$content = mysql_real_escape_string($_POST['content']);
		$sql = "UPDATE blog SET title = '$title', content = '$content' WHERE id = '$id'";
		$result = mysql_query($sql) or die ("Error in query: $query. ".mysql_error());

		if ($result) {
			echo "Blog id = $id updated";
		}

}

Yep, whenever you press that pretty “update” button, this will take place. The blog gets update with everything escaped as it should be. And, look! I finally have that $result loop there! It looks like even I learned something from this tutorial

What’s up next?

Well, in my next tutorial. I will FINALLY cover the login system and authorization stuff. It’s pretty easy but I want everyone to digest this info and ask away if you need anything!

STUFF TO REMEMBER

• Put include(connection.php); at the beginning of every SQL using file!
• The while() loop puts all that data from your database to use!
• MySQL columns are marked starting with ZERO, NOT ONE!
• Use the stripslashes() function to counteract mysql_real_escape_string() function!
• The ?id=23&cmd=edit blah blah stuff is manually inserted GET variable information
• Put all of the loops that do the hard work at the BEGINNING of the page!

Some time ago (a couple weeks), I created my own blogging system. No one told me how to do it and I didn’t read any tutorials on how to do it either so there were a few things I learned the hard way. As you know, Blogs are database-based, they’re all entries in a table.

You have an entry for the id, date, the content, and miscellaneous other information such as tags, and description. In this tutorial, I’d like to teach you how to do all that.

/* LET'S GET STARTED!*/

Creating The Table

For this tutorial, you’ll have to have your own database, and username. Set up a home server, with WAMP, XAMPP or whatever else. Once you have that done, create that database, I’ll call mine “blog”.

I’m not going to get into how to do that, because if you’re doing this on a server online, you’ll need special instructions. Google it and set it up.

So, let’s create an INSTALL script. Make sure that when you use this script, delete it right after:

<?php

if (!isset($_POST['submit'])) {
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="submit" name="submit" value="Install">
</form>

<?php
}

This creates an installing button. This is only for convenience. I don’t like scripts that automatically add new tables and such without control.

else {
include ('connection.php');

This little bit will connect you to the database. Here’s what my connection.php looks like:

<?php
// MySQL variables
$host = 'localhost';
$user = 'username';
$pass = 'password';
$db = 'blog';

//connect
$connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!");
//database select
mysql_select_db($db) or die ("Unable to select database!");
?>

Great, now you’re in the system (btw, you’ll have to make your own username, password, database, and all that, just like I said you’d have to do. Let’s move on to creating your administration for your site:

//creating a user table
$query = "CREATE TABLE users
(
name varchar(15),
pass varchar(255)
)";

$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());

//making the user name
$password = md5('password you want to use');
$query="INSERT INTO users (name, pass)
VALUES
('admin', '$password')";

//query
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());

Great, now you have a database entry for your user (that’s you!), I won’t get into having multiple users, right now. So bear with me. I’m using a md5 hash to make the password a bit harder to crack. Also, I’m using the usual “admin” for username. Let’s move on to the blog table:

//creating a blog table
 $query = "CREATE TABLE blog
(
id int NOT NULL auto_increment primary key,
title blob NOT NULL,
date blob NOT NULL ,
content text NOT NULL
)";
    // execute query
    $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());

$query = "INSERT INTO blog (title, date, content) VALUES ('Welcome', 'May 5th', 'First blog entry! Aren\'t you excited?');
";
	// execute query
    $result = mysql_query($query) or die ("Error in query: $query. ".mysql_error());

mysql_close($connection);
echo "Done";

}

With this, we just created a simple blog table that will have a specific id, date, title, and content. We’ve also added a dummy entry (with a date format I won’t be using by the way).
If you’re wondering about the backslash in the word “Aren’t”, don’t wonder anymore. A backslash is used to “escape” characters that may hold a different meaning in the world of programming languages.
For example, if I did not escape that character, I would probably get an error where the MySQL wonders what the “t you excited?” is about since the entry ended at “aren’”.

Before we go on, I would like to seriously address this. The best way to avoid an error is to use a well-known php function mysql_real_escape_string(). This function will automatically add backslashes to all potentially problematic characters. Also, if you use this function, don’t add extra backslashes because the function will escape those as well. There’s only one problem with that function but I’ll show you the solution later on.

Coding the Entry

Now, you’ll notice that while coding the entry, I’m leaving the system open to vulnerabilities, but that’s okay. Why is it okay? Well, unless you’re logged in, you won’t be able to get into the system. So you should be the only one who gets in there and adds entries.

You can screw up your entries by dropping tables and whatnot if you want to, but I’ll assume you won’t be making any crazy MySQL stuff. Also, you’ll have the above-mentioned function to protect you from any unfortunate mistakes.

First add the connection.php file using the include() function. Second, let’s create the form:

<h2>Add Blog Post</h2>
     <form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
    <input type="text" name="title" size="50" / ><br />
    <textarea name="content" cols="150" rows="20"></textarea>
    <br />
    <input type="submit" name="addpost" value="Add Post!" />
    </form>

Place this in the body of your html file, I know it sounds redundant and you should know about this stuff but I’m just making sure. What this form will do is send some information using the “post” method (ie. no URL mumbo jumbo like this: ?dkjw=fsjklwe&fjskl=ewjk) No one wants a three thousand character URL up there (what browser would support that anyways?). You have two separate pieces of information: textarea (where your content goes) and input type=”text” (that’s the title). Anyways, put the next piece of code inside the <head> tag, or at least above the form.

if (isset($_POST['addpost'])) {
		$title = mysql_real_escape_string($_POST['title']);
		$content = mysql_real_escape_string($_POST['content']);
		$date = mysql_real_escape_string(date('m-d-Y'));
		$sql = "INSERT INTO blog (title, date, content) VALUES ('$title', '$date', '$content')";
		$result = mysql_query($sql) or die ("Error in query: $query. ".mysql_error());

		if ($result) {
			echo "Blog id = ".$id." updated";
		}

}

Well, that’s some good stuff. The submit button in the form sent the post variable name “addpost” with the value “Add Post!”. The loop above goes into motion right when that post variable is submitted. I escaped all the strings just in case. Oh, if you didn’t know, you can use html, css, and all that other stuff in your posts. It won’t screw up anything, I promise

Anyways, you can see I used a date function to specify the date the blog was submitted. Read up more about it if you want to use a different time stamp. This one looks like this “1-13-2010″. We then added all the values we needed into the database. And voila, we just added our first entry!

What’s next?

In my next tutorial, I’ll show you how to correctly show all that data! I’ll also get into how to protect your administration sites and how to create the login site too.

STUFF TO REMEMBER

• MySQL uses a lot of special characters. To avoid an error use the mysql_real_escape_string() which will sanitize your entries to some extent. There’s one small problem with the function, but I’ll address that in the next tutorial
• Use the include() function for your connection.php file for each site that connects to the MySQL database. It’s easier than rewriting the code numerous times (especially if you decide to change the user name and all that)
• Delete the install.php installation script after you’re done. You don’t want anyone messing with your scripts. It also creates a vulnerability if you leave it on the server. If you think you’ll forget, get on PHPmyAdmin and do all the querying manually.
• HAVE FUN!