...

View Full Version : PHP script for text inserted generating a new page.



dominickm
06-08-2007, 02:09 AM
First and foremost I am a complete novice to php but I try.
Second thank you in advance to all that try to help.

I will try my hardest to explain what I am looking for.

Is there a script available that one can use to accept text in a text area or box for instance and then whatever text is inserted will be added to a newly generated page and saved to a SQL database upon submission?

I am looking to create a page that will allow people to insert as much text as they wish and then submit it to create a new page that will exist on my site with the information they have submitted redirected to the newly generated page which gives the link for this page in short form with my dot com name attached.

Kind of like the tinyurl site where a user can submit a long link and then another page is generated with a smaller link for convenience purposes instead the page will not consist of the tinyurl but the user inputted text at a newly generated page on my server with the data stored in mySQL database.

I hope I have been clear and if not I apologize.

Thank you.

Coastal Web
06-08-2007, 02:48 AM
Hello dominickm,

I'm more than willing to help you. However l got lost in the description of what you're looking to do.

So the user has a form..

the put in some text; and submits.

The script creates a new file on your server, and places the text into it; and also inserts the text into a database as well?

dominickm
06-08-2007, 02:54 AM
Yes exactly. The new page is generated with the the text inserted and submitted by the user and is stored in the database. The new page created would have a short name. If my server is www.johndoe.com the new page created would be at www.johndoe.com/23efg.php.

I hope I haven't been confusing again and thank you greatly.

Coastal Web
06-08-2007, 03:25 AM
I hope I haven't been confusing again and thank you greatly.

No not at all....
here's something.. (see comments to understand what's going on..)

Few notes...
1.) let's assume that you already have the database, and table set up that you'll be dropping this info into..
And let's assume that the table only has 2 columns in it.
>"id", and "content"

2.) This script *DOES NOT* sanitize the user input at all. First you need to decide what you want to allow users to post to your files, and database. Just plain old text, just html, php??? and then you need to build a *strong* filtering function to run the value of $content through before it gets written to the *.php file, or placed into the database....


<?php
/*connect to database*/
$Host = "localhost";
$dbname = "DB_NAME";
$User = "DB_USER";
$Password = "DB_USER_PASS";
$table_name = "TABLE_NAME"; // name of the table were data is stored...


$link = mysql_connect($Host, $User, $Password);
mysql_db_query($dbname, $sql, $link);

//////////////////////
//
// here is a little function that will randomly create file names 6 digits in length
function createSalt() {
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '' ;

while ($i <= 5) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$salt = $salt . $tmp;
$i++;
}
return $salt;
}
//done with createSalt() function...
/////////////////////

$content = $_POST[content];
$submit = $_POST[submit];

if(isSet($submit) && !empty($content)){

//first we'll use the createSalt() function to randomly create a file name...
$newFile = createSalt() . '.php';


//////////////////////
// THIS SCRIPT DOES NOT SANTIZE THE USER INPUT IT IS VERY IMPORTANT THAT YOU DO SO!!!!
//////////////////////


//create a new file
$fh = fopen($newFile, 'w') or die("Could not create file for writing.");
fwrite($fh, $content);
fclose($fh);


// here we change ' to '' to prevent sql injections and/or sql error messages
$content = str_replace("'", "''", $content);

//next inject the information into the database...
$sql = <<<end
INSERT INTO `". $table_name ."` ( `id` , `content` )
VALUES (
NULL , '". $content . "'
);
end;
$result = mysql_query($sql) or die('SQL Problem: '.mysql_error ());


//output success...
echo <<<EoC

Congratulations your file has been created.
<br />
<a herf="$newFile">$newFile</a>

EoC;

//close sql connection
@mysql_close();
}else{
//user has not submitted the form yet...
//show them the form...

echo <<<EoC

<form method="post" aciton="$PHP_SELF">
Content:
<br />
<textarea rows="20" cols="90"></textarea>
<br />
<input type="submit" name="submit" value="Save Page" />
</form>

EoC;

}

?>

dominickm
06-08-2007, 03:33 AM
I sent you a PM.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum