PEAR Articles

  Home arrow PEAR Articles arrow Page 3 - Listing Articles for a PEAR Content Ma...
PEAR ARTICLES

Listing Articles for a PEAR Content Management System
By: David Web
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 1
    2008-11-19

    Table of Contents:
  • Listing Articles for a PEAR Content Management System
  • Code Explained
  • Table with Articles
  • After the Query is Run

  •  
     

    SEARCH CODEWALKERS

    TOOLS YOU CAN USE

    advertisement

    Listing Articles for a PEAR Content Management System - Table with Articles


    (Page 3 of 4 )

    After the navigation panel is constructed, a static HTML table is built that will host a list of articles written by an author. The table will have both dynamic and static parts. The dynamic parts of the table will be created through the PHP code, while the static parts will be created by the HTML page itself:


    <!-- InstanceEndEditable --></td>

    <td width="95%" valign="top"><!-- InstanceBeginEditable name="EditRegion3" -->

    <table width="100%" border="1">

    <?php

    include 'db.php';

    include 'connx.php';


    This script receives a query string number from the authors page and then uses that number to retrieve data from the database tables. Because the aid or author_ID value comes from outside our application, we have to filter it. We know one thing about the author_ID, and that is that it has to be a number, otherwise it is invalid. PHP provides us with a function that evaluates a given parameter to see if it is numerical. In the code below, we use that function to see if the author_ID that has been provided is numerical. If it is not, it will crash our query and possibly create a security vulnerability.

    First the code checks to see if an author_ID is sent and that it has a value, then the value is evaluated by the is_numeric() function. If it passes both tests, the value is transferred to a new variable, and at the same time filtered by the mysql_real_escape_string() function, before being used in the SQL query.

    The query itself is very easy to understand. The stories table has a foreign key that links an author to a story. So if an author with an ID number three has written six articles, then all of the articles that have the number three as a foreign key will be retrieved and displayed here:


    if(isset($_GET['aid'])){

    if(is_numeric($_GET['aid'])){

    $aid=mysql_real_escape_string($_GET['aid']);

    }else{

    echo "Invalid format";

    }

    $sql = "SELECT * FROM stories WHERE author='".$aid."'";

    More PEAR Articles Articles
    More By David Web

    blog comments powered by Disqus

    PEAR ARTICLES ARTICLES

    - Installing PEAR
    - PEAR: an Introduction
    - Managing robots.txt using PHP: Generating Dy...
    - Deleting Authors from a PEAR Content Managem...
    - PEAR CMS: Index and Delete Scripts
    - Listing Articles for a PEAR Content Manageme...
    - Building an Authors Page for a PEAR CMS
    - Building the View Details Page in a PEAR CMS
    - Creating the Main Pages of a PEAR CMS
    - Completing the Login Script for a PEAR CMS
    - User Authentication for a PEAR CMS
    - A PEAR CMS: Examining the Code
    - Building a Content Management System with PE...
    - Installing a PEAR Package
    - My PEAR: The Beginning


    © 2003-2012 by Developer Shed. All rights reserved. DS Cluster 9 - Follow our Sitemap