As Rimu says it should be fine. I would not however place the word good and wordpress in the same sentence. Don't replicate any of the wordpress codebase it is just awful.
On 6 November 2010 20:25, Rimu Atkinson <[email protected]> wrote: > Yes, a column called 'visibility' should be fine. > > Bigger picture: there are already many open source CMSs which you could be > using, rather than building your own (unless this is for study/practice, in > which case go right ahead!). Wordpress, Modx, Silverstripe and Drupal are > all good examples. > > Rimu > > On 06/11/10 12:48, Shay wrote: > > Hi, who's inside coding on a sunny day like this? > > Here is a update_dj.php file for a CMS I am building that is part of > an admin area (below): > I need to find a way of showing/hiding by id in update_dj.php. I think > I have an idea how to do it with tiny int 0 being off 1 being on; > adding a field in the database named 'visibility'. > > ANY SUGGESTIONS ON HOW TO turn items on and off if my admin user > doesn't want something displayed? > > Here is the admin side of it just to give you a context: > > <?php session_start(); > /** > * update_djs.php > * Author: Design-Jedi > * Date: 28-10-10 > * Overall plan for this script is connecting to a database and > running an update query for dj_references.php > > 1) Connect to the database and extract the original data for the > record which is to be updated. > if(isset($_GET['id']) && is_numeric($_GET[id])){ > $id = $_GET['id']; > $query = "SELECT id, comment, name, pic, latest_post > FROM tbl_comments > WHERE id= $id"; > > 2) Write those into the value attributes of the appropriate form > field > NB. The id of the record should be put into a hidden field because > you will need that when the form has been submitted to identify that > record again > > after the form has been submitted > > 3) in a section of code isolated with an if($_POST['submit']) > condition > a) Sanitise and validate the incoming data > b) Escape the data > c) Write a query incorporating this cleaned up data > d) Run the query > e) Send the user to the next destination > */ > > ################################ ESSENTIAL > ######################################## > require_once('../assets/config.php'); > require_once('../classes/database.class.php'); > require_once('../classes/security.class.php'); > > ################################ PREPARATION > ######################################## > > > // Connect to the database > $dbms = new database_class($database_connection); > > if(isset($_GET['id']) && is_numeric($_GET['id'])){ > > $id = $_GET['id']; > > // query the databse > $str_query = "SELECT dj_id, > dj_name, > dj_bio, > dj_pic > > *** add visibility field here? > > FROM tbl_djs > WHERE dj_id= $id"; > > $arr_output = $dbms->get_row_assoc($str_query); > > // instantiate new security class > $obj_security = new validator($database_connection); > > //collect the values for that record into variable > $values_filter = $obj_security- > > ss_filter_form_data_array($arr_output); > > // filter all input > $get_db_row = $obj_security->get_row_assoc($str_query); > $values_filter['dj_id'] = $get_db_row ['dj_id']; > $values_filter['dj_name'] = $get_db_row ['dj_name']; > $values_filter['dj_bio'] = $get_db_row ['dj_bio']; > $values_filter['dj_pic'] = $get_db_row ['dj_pic']; > > /* debug > echo '<pre>'; > print_r($get_db_row); exit; > echo '</pre>'; > */ > } // end if(isset($_GET['id']) > > > > > > $str_title =''; > $str_title .= 'ADMIN AREA | Edit DJ profiles: '. > $arr_output['dj_name'].')'; > > > > //check for post submit data > if(isset($_POST['submit'])){ > // instantiate new security class > $obj_db = new validator($database_connection); security_class > > // filter all output > $values_filter = $obj_db->ss_filter_form_data_array($_POST); > $arr_test['dj_id'] = $obj_db- > > check_is_field_full($values_filter['dj_id']); > > $arr_test['dj_name'] = $obj_db- > > check_is_field_full($values_filter['dj_name']); > > $arr_test['dj_bio'] = $obj_db- > > check_is_field_full($values_filter['dj_bio']); > > $arr_test['dj_pic'] = $obj_db- > > check_is_field_full($values_filter['dj_pic']); > > //print_r($arr_test); exit; > > // saving either good or bad depending on the test being true or > faulse re-write messages for true or false in ternary function > $arr_message['dj_id'] = ($arr_test['dj_id'])?'Good':'Bad'; > $arr_message['dj_name'] = ($arr_test['dj_name'])?'Good':'Bad'; > $arr_message['dj_bio'] = ($arr_test['dj_bio'])?'Good':'Bad'; > $arr_message['dj_pic'] = ($arr_test['dj_pic'])?'Good':'Bad'; > > //print_r($arr_message); exit; > > // if(no errors) escape the data, write the query and run it > if(!in_array(false, $arr_test)){ > > // escape all data > $clean = array(); > $clean = $obj_db->escape_all_array($values_filter); > //print_r($clean); exit; > > // write query to populate form data (filtered) > $str_update_query = "UPDATE tbl_djs > SET dj_id = > '".$clean['dj_id']."', > dj_name = > '".$clean['dj_name']."', > dj_bio = > '".$clean['dj_bio']."', > dj_pic = > '".$clean['dj_pic']."' > > > WHERE dj_id = > ".$clean['dj_id'].""; > > > // run the query and change $error_message accordingly > if($obj_db->query($str_update_query)){ > > header('Location: admin.php?success'); > > }else{ > $error_message = 'Sorry, try again'; > } > > > } // end of if(!in_array(false, $arr_test)) > else{ > // do we need to do anything here? > $error_message = 'Sorry, data is not valid'; > } > > } // end if($_POST['submit']) > > > > ################################## PRESENTATION > ############################################# > require_once('../includes/admin_template_top.php'); > ?> > > <div id="admin_content_box"> > > <div id="forms"> > > Location: <a href="admin.php">Admin</a> > <a > href="dj_list.php">Edit > DJ profiles</a> > <?php echo $arr_output['dj_name']; ?> > <br /><br /> > > <?php echo $error_message; ?> > > > <form name="update_dj_form" method="post" action="<?php > $SERVER[SCRIPT_NAME]; ?>"> > > <fieldset> > > <label for="name">DJ Name</label><br /> > <input name="dj_name" value="<?php echo > $arr_output['dj_name']; ? > > " /><br /><br /> > > <label for="dj_bio">DJ Bio:</label><br /> > <textarea name="dj_bio"rows="2" cols="50" > value="" /><?php echo > $arr_output['dj_bio']; ?></textarea><br /><br /> > <label for="dj_pic">DJ Pic:</label><br /> > <input name="dj_pic" value="<?php echo > $arr_output['dj_pic']; ? > > " /><br /><br /> > > <input type="hidden" name="dj_id" value="<?php > echo > $arr_output['dj_id']; ?>" /> > <input type="submit" name="submit" > value="Update Now" /> > > </fieldset> > > </form> > > </div> <!-- end of forms --> > > </div> <!-- end of admin_content_box --> > > <?php > include('../includes/admin_template_bottom.php'); > ?> > > > > > -- > Phone (04) 381 4827 or 021 823 129 > Skype rimu123 > Web http://rimu.geek.nz/ > > -- > NZ PHP Users Group: http://groups.google.com/group/nzphpug > To post, send email to [email protected] > To unsubscribe, send email to > [email protected]<nzphpug%[email protected]> -- Simon Holywell http://www.simonholywell.com -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected]
