1 - read the charter and remove your URL
2 - how good are you at php? most of these scripts are not hard to write
3 - ip banning you can easily add to a script by checking server variables against a database of banned IPs - write one checking script, and include() it into the top of your other scripts

Sorry but what do you mean by "1 - read the charter and remove your URL"?

The only place my url is is in my email, and wheres the charter?

Also I am learning php. I know how to edit it mainly, add a template, change some variables (basic ones) but thats mainly it. Once the script would be set-up, I would mess with it over time and get used to it.

THANKS!

Hi, and welcome to WebmasterWorld! [webmasterworld.com]

>url

We all do it ;) My first post was snipped and so is most everyone elses. There's a nice chap called Jatar_k that will more than likely introduce you to the "my first post was edited" club. All the big kids are members ;)

>charter

Under the forum title of each forum. Also tells you who the moderator is.

Sorry I can't reply to your PHP questions, but I felt those above where within my scope ;-)

Nick

Free For All Links Script Tutorial

Disclaimer:
Use of this script without reading forum3 about FFA links pages and Google may be particularly foolhardy

right, am hoping you are not too lazy to learn - so i wrote you a starting point:

will start with the easiest, the FFA links script:

Advanced PHP Links page (FFAL) that allows guests to add a link to a database of links.

required mysql database structure (minimum):
1 table "links"
2 columns "url" "linktext", make them varchar 255 size

now, let's make this links page all one page - so we first have the links, then the form for adding a new one at the bottom.

first - connect to your database, remember to set the values to your database:

mysql_connect($host, $user, $pass);
mysql_select_db($db);

now we need to list the existing links, so we get a handle to a database query, which allows us to read the same info again and again. The sql statement is pretty easy to understand how it works "where 1" means everything, as 1=true:

$handle=mysql_query("SELECT url,linktext FROM links WHERE 1;");

the next step is to use this handle to get the data out and put it on the page. for this we read a row from database, fiddle with the results, then output the results. we will use mysql_fetch_row() here, not fetch_array, as it is easier for you to understand at this point.:

$row=mysql_fetch_row($dh);

now, $row has two parts to it, $row[0], and $row[1]. each of these represents one of the values in your original SELECT query...

SELECT url,linktext FROM

so, $row[0] is the url, and $row[1] is the linktext. to output this we can use:

echo "<a href=\"$row[0]\">$row[1]</a><br>";

notice we use \" instead of " within the echo statement - this is because otherwise php will think the " is closing the echo string. the extra \ is removed as it is output into the HTML.

the next question on your mind must be how to make it do more than one row? and how to make it stop at the end? for this, we use the fact that the result of $row=mysql_fetch_row($handle) will be false if there are no more rows to get:

while($row=mysql_fetch_row($handle))
{
echo "<a href=\"$row[0]\">$row[1]</a><br>";
}

so now, we know how to output all current links in the database. the next step is to let people add links. as you probably expect, we will use a standard html form:

<FORM METHOD=POST ACTION=\"\">
URL<INPUT TYPE=\"text\" NAME=\"url\"><br>
Linktext<INPUT TYPE=\"text\" NAME=\"linktext\"><br>
<INPUT TYPE=\"submit\">
</FORM>

this will send the result straight back to the links script, easy huh?

as should be obvious, we have one thing missing - how to get the form result into the database. to do this we got to know how to access the form result. notice the values of NAME= in the form, and we can access those values by eg:

$url=$_REQUEST['url'];
$linktext=$_REQUEST['linktext'];

now, basically we want to:

mysql_query("INSERT INTO links (url,linkstext) VALUES ('$url','$linktext')");

which works just like the SELECT before... that's the job done! now just put the bits together in this order:

<?php
mysql_connect($host, $user, $pass);
mysql_select_db($db);
$url=$_REQUEST['url'];
$linktext=$_REQUEST['linktext'];
if (($url)&&($linktext)) mysql_query("INSERT INTO links (url,linktext) VALUES ('$url','$linktext')");
$handle=mysql_query("SELECT url,linktext FROM links WHERE 1;");
while($row=mysql_fetch_row($handle))
{
echo "<a href=\"$row[0]\">$row[1]</a><br>";
}
echo
"
<FORM METHOD=POST ACTION=\"\">
URL<INPUT TYPE=\"text\" NAME=\"url\"><br>
Linktext<INPUT TYPE=\"text\" NAME=\"linktext\"><br>
<INPUT TYPE=\"submit\">
</FORM>
";
?>

things to add as required:
0 - <html><head>...</head><body>blahblahbalh</body> etc. bits
1 - your database parameters (needed)
2 - check for a valid linktext and url
3 - some kind of security / flood protection
4 - quash any bugs

Great primer - vincevincevince;

As regards security; anybody using the above code should use mysql-escape-string() [uk.php.net] to ward off any SQL injection attacks and htmlentities() [uk.php.net] when rendering the output to protect against HTML injection idiots.

Wow, I didn't know about that function!

So, what's the difference between addslashes() and mysql_escape_string()?

Nick

thanks dmorison - those are very important points you raised.

"... what's the difference between addslashes() and mysql_escape_string()..."

Here is a quote from a post to the online php manual page:

If you're wondering what's the difference between mysql_escape_string() and AddSlashes(), I found this from looking at the source code of MySQL 3.23.32 and PHP 4.0.6:

- mysql_escape_string calls MySQL's library function of the same name, which prepends slashes to the following characters: NUL (\x00), \n, \r, \, ', " and \x1a.

- AddSlashes escapes NUL, ', " and \.

While mysql_escape_string seems safer, my experience shows that escaping strings with AddSlashes (which is also done automatically if magic_quotes_gpc is on) is sufficient, so it seems you can pick whichever you wish.

Shawn

rather than calling htmlentities() at output (intensive), it may be better just to chang < to &gt; and > to &lt; before entering into the database;

There are many cheap hosting plans that come with Fantastico auto-installer (Page-Zone is one). This program will automatically install about 20 different PHP scripts. It's kind of nice to be able to demo the scripts with the click of a button.

automatically install about 20 different PHP scripts

how are they licensed? and are they easy to edit?

<edit><edit removed></edit>

[edited by: vincevincevince at 3:56 pm (utc) on June 29, 2003]

"...rather than calling htmlentities() at output (intensive), it may be better just to chang < to &gt; and > to &lt; before entering into the database;..."

I agree it is better to make the changes before storing (i.e. once when the post is made) rather than at output (i.e. multiple times, whenever the page is called.

Just changing the < and > will prevent idiots from putting <script> tags in your html... ;) But it won't help if their post includes things like '&' or quotes, etc which would invalidate your page and might make it render improperly. mysql-escape-string() will prevent quotes causing a problem with the database integrity, but won't stop a problem when someone enters their url as:

www.domain.com" style="...." target="_top

So, I'd suggest use the htmlentities() function before entering in the database

Shawn

PS Great tutorial, vincevincevince!

[edited by: ShawnR at 4:02 pm (utc) on June 29, 2003]

Here is a full list vincevincevince:

Portals
PHP-Nuke
Post-Nuke
phpWebsite
Xoops

Blogs
b2
pMachine Free

Customer Relationship
CS Live Help
PHP Support Tickets
Support Services Manager

Discussion Boards
phpBB2
Invision Board

Other Scripts
OS Commerce
PHPauction
PHProjekt
phpLinks
Moodle
Noahs Classifieds
PHPlist
WebCalendar

In general i'm against storing entity encoded "information" in a database - simply because at the database level it is just that - "information".

You may in the future find other uses for your data other than spitting out HTML (an XML import of your links perhaps - or allowing your users to edit their data) and kick yourself when you have to write a routine to go through your entire dataset and de-entity'ise it before continuing.

I'm not saying don't do it; on simple projects with a limited amount of data it's just not going to be an issue.

Considering what's been said above (in particular ChrisR's point about doing it once instead of every time you render the page) an alternative might be to store linktext in both plain and entity encoded text.

"...store linktext in both plain and entity encoded [i]text...."
I take your point about future uses of the data. As a rule, though, I'd suggest not to duplicate data. This is one of the cardinal rules of normalisation, and is there to prevent maintenance headaches and data becoming inconsistant. So I'd say choose one or the other.

Shawn

Back on subject -

Can someone make me those scripts?

You're right, therczone, off-topic discussion is not really favoured around here. But on the other hand, the idea of these forums is to provide a place to teach and learn.

So if you want to learn how to do it yourself, just follow the instructions in the thread, starting with vincevincevince's 'tutorial' post, and post back when you hit a stumbling block and someone will be glad to help. The discussions which look off-topic to you are really bang on topic... They are discussing improvements/refinements to what vincevincevince posted.

On the other hand, if you want to get someone to do it for you, you could try post to the Commercial Exchange forum, here: [webmasterworld.com...]

Shawn