UGN Security
Posted By: §intå× Good source code to start in PHP/MySQL - 02/26/03 05:25 PM
So you want to start using PHP/MySQL hu? I myself learn best looking through some basic code. I read tuts and texts and still barely knew what PHP was. Then Scallion/http://www.scallion.spoofed.net offered me a search engine he wrote for rrfn. I went through the code with a fine toothed comb.

I finally got it. It all came together and made perfect sense. Below I am posting the code scallion gave to rrfn. I have made many changes and add ons since this version. But this will help any PHP/MySQL newb out. It covers all the basics.

Take a look at the code and post any questions you have. Good luck. I would like to offer this as a download(the newest version) and maybe get a bit of open source with it. I am most intrested to see what you guys do different from what I did.


Code
 <?php
$password = "YOUR PASSWORD HERE";
$username = "YOUR USER NAME HERE";
$db = "YOUR DATABASE NAME HERE";
mysql_connect("localhost", $username, $password);
mysql_select_db($db);
if($cmd == "create") {
   $dg = mysql_query("CREATE TABLE ###IN THIS SPOT NAME OF YOUR TABLE FOR YOUR LINKS### (linkname VARCHAR(255), linkurl VARCHAR(255), kw1 VARCHAR(255), kw2 VARCHAR(255), kw3 VARCHAR(255), kw4 VARCHAR(255), kw5 VARCHAR(255), category INT,id INT NOT NULL AUTO_INCREMENT, PRIMARY KEY (ID))");  
     if($dg) echo "mySQL CREATE TABLE Worked Properly.
";
     else echo "mySQL Error: ".mysql_error();
     $dg = mysql_query("CREATE table ###NAME OF YOUR TABLE FOR CATEGORIES### (name VARCHAR(255), id INT NOT NULL AUTO_INCREMENT, PRIMARY KEY (ID))");
     if($dg) echo "mySQL CREATE TABLE Worked Properly.
";
     else echo "mySQL Error: ".mysql_error();
}
else if(!$cmd) {
   ?>
Search 

<form action="###NAME OF PHP FILE THIS SCRIPT IS IN###?cmd=search" method=POST>
Keyword: <font size=1>(Only one please)</font> 
<input type="text" name="keyword"> 
<input type="submit" value="Search">
</form>
<hr>
Browse 

<?
   $dg = mysql_query("SELECT * FROM NAME OF YOUR CATEGORY TABLE");
        while($dg2 = mysql_fetch_array($dg)) {
               echo "<a href=\"rrfn_links.php?cmd=browse&id=".$dg2['id']."\">".$dg2['name']."</a>
";
            }
}
else if($cmd == "admin") {
   ?>
Add Category 

<form action="rrfn_links.php?cmd=addcat" method=POST>
Category Name: <input type="text" name="catname"> 

Password: <input type="password" name="cpas"> 

<input type="submit" value="Add Category">
</form>
<hr>
Add Link 

<form action="rrfn_links.php?cmd=addlink" method=POST>
Password: <input type="password" name="cpas"> 

Link Name: <input type="text" name="lname"> 

Link URL: <input type="text" name="lurl"> 

Keywords <font size=1>(Up to 5 keywords, no spaces, separated by commas)</font>: <input type="text" name="kws"> 

Category: <select name="category">
<?
$cats = mysql_query("SELECT * FROM rrfn_cats");
while($cats2 = mysql_fetch_array($cats)) {
echo "<option value=\"".$cats2['id']."\">".$cats2['name'];
}
?>
</option>


<input type="submit" value="Add Link">
</form>
     <?
}
else if($cmd == "addcat") {
     if($cpas == "YOUR PASSWORD HERE") {
      $dg = mysql_query("INSERT INTO rrfn_cats (name) VALUES ('$catname')");
        if($dg) echo "mySQL INSERT Worked Properly.";
            else echo "mySQL Error: ".mysql_error();
             echo "<a href=\"./rrfn_links.php?cmd=admin\">
 back to the admin page</a>";
     }
     else { echo "Password didn't work out. Sorry."; }
}
else if($cmd == "addlink") {
     if($cpas == "YOUR PASSWORD HERE") {
      $keywords = split(",", $kws, 5);
        $dg = mysql_query("INSERT INTO rrfn_links (linkname, linkurl, kw1, kw2, kw3, kw4, kw5, category) VALUES ('$lname', '$lurl', '$keywords[1]', '$keywords[2]', '$keywords[3]', '$keywords[4]', '$keywords[0]', '$category')"); 
             if($dg) echo "mySQL INSERT Worked Properly.";
             else echo "mySQL Error: ".mysql_error();
             echo "<a href=\"./rrfn_links.php?cmd=admin\">
 back to the admin page</a>";
     }
     else { echo "Password didn't work out. Sorry."; }
}
else if($cmd == "browse") {
   echo "Results: 
";
   $dg = mysql_query("SELECT * FROM rrfn_links WHERE category='$id'");
     while($dg2 = mysql_fetch_array($dg)) {
        echo "<a href=\"".$dg2['linkurl']."\">".$dg2['linkname']."</a>
\n";
     }
}
else if($cmd == "search") {
   echo "Results: 
";
     $quer = "SELECT * FROM rrfn_links WHERE (kw1 LIKE '%$keyword%') OR (kw2 LIKE '%$keyword%') OR (kw3 LIKE '%$keyword%') OR (kw4 LIKE '%$keyword%') OR (kw5 LIKE '%$keyword%')";
     echo $quer."
";
     $dg = mysql_query($quer);
     if(mysql_num_rows($dg) == 0) { echo "No results found.  Sorry, try again. 
"; }
     else {
         while($dg2 = mysql_fetch_array($dg)) {
             echo "<a href=\"".$dg2['linkurl']."\">".$dg2['linkname']."</a>
\n";
             }
     } 
}
else if($cmd == "all") {
echo "<table border=1>";
?>
<tr>
<td>name
<td>url
<td>kw1
<td>kw2
<td>kw3
<td>kw4
<td>kw5
<td>category
<td>id#
<?
$result = mysql_query("SELECT * FROM rrfn_links");
while($myrow = mysql_fetch_row($result))
 {
 print " <tr> ";
  for($x=0; $x <= count($myrow); $x++)
  {
   print "<td>".$myrow[$x]."</td>";
  }
 print "</tr>";
}
echo "</table>";
}
?>
Posted By: Gremelin Re: Good source code to start in PHP/MySQL - 02/27/03 01:28 AM
You should have bolded everything that they need to change :x...
Posted By: §intå× Re: Good source code to start in PHP/MySQL - 02/27/03 05:55 AM
&#91;b] and &#91;/b] do not work in side the code tags...

*shrugs*
Posted By: Gremelin Re: Good source code to start in PHP/MySQL - 02/27/03 06:10 AM
Ahh ok heh...
Posted By: §intå× Re: Good source code to start in PHP/MySQL - 03/03/03 11:59 AM
No one is going to take up this challenge?
© UGN Security Forum