Yes, a column called 'visibility' should be fine.
Bigger picture: there are already many open source CMSs which you could
be using, rather than building your own (unless this is for
study/practice, in which case go right ahead!). Wordpress, Modx,
Silverstripe and Drupal are all good examples.
Rimu
On 06/11/10 12:48, Shay wrote:
Hi, who's inside coding on a sunny day like this?
Here is a update_dj.php file for a CMS I am building that is part of
an admin area (below):
I need to find a way of showing/hiding by id in update_dj.php. I think
I have an idea how to do it with tiny int 0 being off 1 being on;
adding a field in the database named 'visibility'.
ANY SUGGESTIONS ON HOW TO turn items on and off if my admin user
doesn't want something displayed?
Here is the admin side of it just to give you a context:
<?php session_start();
/**
* update_djs.php
* Author: Design-Jedi
* Date: 28-10-10
* Overall plan for this script is connecting to a database and
running an update query for dj_references.php
1) Connect to the database and extract the original data for the
record which is to be updated.
if(isset($_GET['id'])&& is_numeric($_GET[id])){
$id = $_GET['id'];
$query = "SELECT id, comment, name, pic, latest_post
FROM tbl_comments
WHERE id= $id";
2) Write those into the value attributes of the appropriate form
field
NB. The id of the record should be put into a hidden field because
you will need that when the form has been submitted to identify that
record again
after the form has been submitted
3) in a section of code isolated with an if($_POST['submit'])
condition
a) Sanitise and validate the incoming data
b) Escape the data
c) Write a query incorporating this cleaned up data
d) Run the query
e) Send the user to the next destination
*/
################################ ESSENTIAL
########################################
require_once('../assets/config.php');
require_once('../classes/database.class.php');
require_once('../classes/security.class.php');
################################ PREPARATION
########################################
// Connect to the database
$dbms = new database_class($database_connection);
if(isset($_GET['id'])&& is_numeric($_GET['id'])){
$id = $_GET['id'];
// query the databse
$str_query = "SELECT dj_id,
dj_name,
dj_bio,
dj_pic
*** add visibility field here?
FROM tbl_djs
WHERE dj_id= $id";
$arr_output = $dbms->get_row_assoc($str_query);
// instantiate new security class
$obj_security = new validator($database_connection);
//collect the values for that record into variable
$values_filter = $obj_security-
ss_filter_form_data_array($arr_output);
// filter all input
$get_db_row = $obj_security->get_row_assoc($str_query);
$values_filter['dj_id'] = $get_db_row ['dj_id'];
$values_filter['dj_name'] = $get_db_row ['dj_name'];
$values_filter['dj_bio'] = $get_db_row ['dj_bio'];
$values_filter['dj_pic'] = $get_db_row ['dj_pic'];
/* debug
echo '<pre>';
print_r($get_db_row); exit;
echo '</pre>';
*/
} // end if(isset($_GET['id'])
$str_title ='';
$str_title .= 'ADMIN AREA | Edit DJ profiles: '.
$arr_output['dj_name'].')';
//check for post submit data
if(isset($_POST['submit'])){
// instantiate new security class
$obj_db = new validator($database_connection); security_class
// filter all output
$values_filter = $obj_db->ss_filter_form_data_array($_POST);
$arr_test['dj_id'] = $obj_db-
check_is_field_full($values_filter['dj_id']);
$arr_test['dj_name'] = $obj_db-
check_is_field_full($values_filter['dj_name']);
$arr_test['dj_bio'] = $obj_db-
check_is_field_full($values_filter['dj_bio']);
$arr_test['dj_pic'] = $obj_db-
check_is_field_full($values_filter['dj_pic']);
//print_r($arr_test); exit;
// saving either good or bad depending on the test being true or
faulse re-write messages for true or false in ternary function
$arr_message['dj_id'] = ($arr_test['dj_id'])?'Good':'Bad';
$arr_message['dj_name'] = ($arr_test['dj_name'])?'Good':'Bad';
$arr_message['dj_bio'] = ($arr_test['dj_bio'])?'Good':'Bad';
$arr_message['dj_pic'] = ($arr_test['dj_pic'])?'Good':'Bad';
//print_r($arr_message); exit;
// if(no errors) escape the data, write the query and run it
if(!in_array(false, $arr_test)){
// escape all data
$clean = array();
$clean = $obj_db->escape_all_array($values_filter);
//print_r($clean); exit;
// write query to populate form data (filtered)
$str_update_query = "UPDATE tbl_djs
SET dj_id =
'".$clean['dj_id']."',
dj_name =
'".$clean['dj_name']."',
dj_bio =
'".$clean['dj_bio']."',
dj_pic =
'".$clean['dj_pic']."'
WHERE dj_id =
".$clean['dj_id']."";
// run the query and change $error_message accordingly
if($obj_db->query($str_update_query)){
header('Location: admin.php?success');
}else{
$error_message = 'Sorry, try again';
}
} // end of if(!in_array(false, $arr_test))
else{
// do we need to do anything here?
$error_message = 'Sorry, data is not valid';
}
} // end if($_POST['submit'])
################################## PRESENTATION
#############################################
require_once('../includes/admin_template_top.php');
?>
<div id="admin_content_box">
<div id="forms">
Location:<a href="admin.php">Admin</a> > <a
href="dj_list.php">Edit
DJ profiles</a> > <?php echo $arr_output['dj_name']; ?>
<br /><br />
<?php echo $error_message; ?>
<form name="update_dj_form" method="post" action="<?php
$SERVER[SCRIPT_NAME]; ?>">
<fieldset>
<label for="name">DJ Name</label><br />
<input name="dj_name" value="<?php echo
$arr_output['dj_name']; ?
" /><br /><br />
<label for="dj_bio">DJ Bio:</label><br />
<textarea name="dj_bio"rows="2" cols="50" value=""
/><?php echo
$arr_output['dj_bio']; ?></textarea><br /><br />
<label for="dj_pic">DJ Pic:</label><br />
<input name="dj_pic" value="<?php echo
$arr_output['dj_pic']; ?
" /><br /><br />
<input type="hidden" name="dj_id" value="<?php
echo
$arr_output['dj_id']; ?>" />
<input type="submit" name="submit" value="Update
Now" />
</fieldset>
</form>
</div> <!-- end of forms -->
</div> <!-- end of admin_content_box -->
<?php
include('../includes/admin_template_bottom.php');
?>
--
Phone (04) 381 4827 or 021 823 129
Skype rimu123
Web http://rimu.geek.nz/
--
NZ PHP Users Group: http://groups.google.com/group/nzphpug
To post, send email to [email protected]
To unsubscribe, send email to
[email protected]
