Mobile Linux
App Generation ROI
IBM® developerWorks

Download TestComplete
Forums Sitemap
Weekly Newsletter

Developer Updates
Free Website Content

Articles

Forums

All Feeds

Write For Us Get Paid

Request Media Kit

Site Map

Privacy Policy
Support

USERNAME

PASSWORD

>>> SIGN UP!

Lost Password?

PEAR ARTICLES

RSS

Listing Articles for a PEAR Content Management System

By: David Web	Search For More Articles! Disclaimer Author Terms
Rating: / 1
2008-11-19

Table of Contents:

Listing Articles for a PEAR Content Management System

Code Explained

Table with Articles

After the Query is Run

	ADD THIS ARTICLE TO:
	Del.ici.ous	Digg
	Blink	Simpy
	Google	Spurl
	Y! MyWeb	Furl

Email Me Similar Content When Posted

Add Developer Shed Article Feed To Your Site

Email Article To Friend

Print Version Of Article

PDF Version Of Article

Listing Articles for a PEAR Content Management System - Table with Articles

(Page 3 of 4 )

After the navigation panel is constructed, a static HTML table is built that will host a list of articles written by an author. The table will have both dynamic and static parts. The dynamic parts of the table will be created through the PHP code, while the static parts will be created by the HTML page itself:

</td>

<?php

include 'db.php';

include 'connx.php';

This script receives a query string number from the authors page and then uses that number to retrieve data from the database tables. Because the aid or author_ID value comes from outside our application, we have to filter it. We know one thing about the author_ID, and that is that it has to be a number, otherwise it is invalid. PHP provides us with a function that evaluates a given parameter to see if it is numerical. In the code below, we use that function to see if the author_ID that has been provided is numerical. If it is not, it will crash our query and possibly create a security vulnerability.

First the code checks to see if an author_ID is sent and that it has a value, then the value is evaluated by the is_numeric() function. If it passes both tests, the value is transferred to a new variable, and at the same time filtered by the mysql_real_escape_string() function, before being used in the SQL query.

The query itself is very easy to understand. The stories table has a foreign key that links an author to a story. So if an author with an ID number three has written six articles, then all of the articles that have the number three as a foreign key will be retrieved and displayed here:

if(isset($_GET['aid'])){

if(is_numeric($_GET['aid'])){

$aid=mysql_real_escape_string($_GET['aid']);

}else{

echo "Invalid format";

}

$sql = "SELECT * FROM stories WHERE author='".$aid."'";

Next: After the Query is Run >>

More PEAR Articles Articles
More By David Web

Comments On: Listing Articles for a PEAR Content Management System

>>> Be the FIRST to comment on this article!

PEAR ARTICLES ARTICLES

- Deleting Authors from a PEAR Content Managem...
- PEAR CMS: Index and Delete Scripts
- Listing Articles for a PEAR Content Manageme...
- Building an Authors Page for a PEAR CMS
- Building the View Details Page in a PEAR CMS
- Creating the Main Pages of a PEAR CMS
- Completing the Login Script for a PEAR CMS
- User Authentication for a PEAR CMS
- A PEAR CMS: Examining the Code
- Building a Content Management System with PE...
- Installing a PEAR Package
- My PEAR: The Beginning
- Using XML_RPC2 with PEAR
- Using Web Service APIs (Amazon and Yahoo!) w...
- Database Abstraction with MDB2 from PEAR
Find More PEAR Articles Articles