Forum Moderators: coopster
At the moment, my main.php page has this for the center content:
<?php
$content = $HTTP_GET_VARS['content'];
if (!$content ¦¦ $content == "" )
{ echo blog(); }
else if (function_exists( "$content" ))
{ echo $content();}
else
{ echo error(); }
?>
Basically, if the page is called without main.php?content= then it loads the last 5 blogs. If I ask it to load up some other content, then I can just add that content onto the end, like so:
[localhost...]
What I want to do is to be able to option to call up an individual blog, depending on it's id.
So if Iwanted to view blog 124, I'd call it such as this:
[localhost...]
But I don't know how to call this.
The current function to call an individual blog is
function entry($id) {
$sql = mysql_query("SELECT * FROM news WHERE id='$id' ORDER BY id DESC");
while($result = mysql_fetch_array($sql)){
$result[news] = icons($result[news]);
$addhits = $result['hits'] + '1';
$update = mysql_query( "UPDATE news hits SET hits='$addhits' WHERE id='$id'");
echo "<h1>$result[title]<br />";
echo date("l F j, Y",$result['date']);
echo "</h1><p>";
echo nl2br($result[news]);
echo "</p>";
echo "<div id=\"stats\"><p align=\"center\">";
echo "<img src=\"images/icons/readmore.gif\" /> <a href=\"main.php?content=post&id=$result[id]\">Read more</a> ¦ ";
echo "<img src=\"images/icons/read.gif\" /> Reads ($result[hits]) ¦ ";
echo "<img src=\"images/icons/comments.gif\" /> <a href=\"javascript:popUp('static/comments.php?id=$result[id]')\">Comments</a> (";
echo numcom($result['id']);
echo ")";
echo "</p></div>";
}
}
If anyone can advise how I can wrap both of these up together, so I can call a preset block of content, or the same content but narrowed down, I'd really, really appreciate it!
I've so far tried this:
<?php
$content = $HTTP_GET_VARS['content'];
$id = $HTTP_GET_VARS['id'];
if (!$content ¦¦ $content == "" )
{ echo blog(); }
else if (function_exists( "$content" ))
{ echo $content();}
else if (function_exists( "$content" ))
{ echo $content($id);}
else
{ echo error(); }
?>
But this produces the error:
Warning: Missing argument 1 for entry() in W:\www\kissrelease\config\config.php on line 70
Thoughts and ideas? I feel I'm close!
See the comments: //
<?php
$content = $HTTP_GET_VARS['content'];
$id = $HTTP_GET_VARS['id'];
if (!$content ¦¦ $content == "" )
{
echo blog();
}
else if (function_exists( "$content" ))
{
echo $content();
}
//else if (function_exists( "$content" )) // <-- you check only for $content
else if (function_exists( "$content" ) &&!empty($id)) // <-- check for $content and $id
{
echo $content($id);
}
else
{
echo error();
}
# you must too
function nameFunction ($id = null) // default value for $id
{
...
}
?>
One question regarding this part though
# you must too
function nameFunction ($id = null) // default value for $id
{
...
}
I don't understand where or what I should be doing with this?
# you must too (wrong phrase)
# you can do this too (this is what i want to say: can not must)
function nameFunction ($id = null) // default value for $id
{
...
}
I kept getting the "Warning" message until I changed my single blog from
function entry($id = null) {
$sql = mysql_query("SELECT * FROM news WHERE id='$id' ORDER BY id DESC");
. . . . . . .
to this
function entry($id = null) {
$id = $_GET['id'];
$sql = mysql_query("SELECT * FROM news WHERE id='$id' ORDER BY id DESC");
. . . . . . .
Worked first time, cheers for your help!
$id = $_GET['id']; ------> $id = mysql_real_escape_string($_GET['id']);
function entry($id = null)
{
$id = $_GET['id'];
...
this is correct, but do not make sense have the argument
$id = nullthe default argument null:
$id = nullWarning: Missing argument 1 for entry() in config.php on line 70It's convenient than you read this about "Default argument values".
[php.net...]
---
[edited by: NomikOS at 10:36 pm (utc) on Nov. 7, 2005]
$id = $_GET['id']; ------> $id = mysql_real_escape_string($_GET['id']);
Why is this a security problem?
skeddy search for: "SQL Injection Attacks"
---
The problem with that piece of the code is that you are aallowing input that can be sent by anyone to be sent to your database.
Some one could simply type in the url
hxxp://www.somesite.com/thepage.php?id=Some code to kill your database or worse
That wouldn't be a good thing. Not good at all.
Yup, read up on sql injections.
I am starting to learn this kind of thing myself so don't feel bad. :)
Later!
IamStang
always sanitize user input before inserting it into the DB :)
