Putting it all Together
Now we look at taking all the different pieces and putting them together.
The template (using the process of importing external files) should include links for people to view your guestbook as well as add new entries, and email you directly, both of which require you to connect to the database which you designed and created.
We've also seen how to create password protected pages, however, now we need to look at how to implement the update and delete information from the database pages.
Creating the Admin Page(s)
The admin section is actually made up of several pages. It may have as many, or even more, pages than the public facing part of the website.
In our case, we need to start with a page which lists our guest book entries, then allows the admin to edit or delete them.
We'll start by creating our file, and importing our password protection, header and footer external files, like such:
<?php
include('./includes/login-config.php');
include('./includes/header.php');
?>
<?php include('./includes/footer.php'); ?>
Then we will recreate the basic SQL statement, view the guestbook, and display in the content section of the page, like such:
$sql = 'SELECT `id`, `name`, `entry`, DATE_FORMAT(`entered`, "%M %e, %Y") AS formated_date '
.'FROM guestbook';
$result = mysql_query($sql, $db_connection) or die('Error: ' .mysql_error());
while($row = mysql_fetch_assoc($result)) {
}
You may want to notice the added selection of the id.
What is going to change, is how we modify the section inside of the while loop - we want to display links to edit or remove a guestbook entry.
echo '<div class="gbentry"><p>' .stripslashes($row['entry']) .'</p>' .'<p class="gbauthor">' .$row['name'] .' on: ' .$row['formated_date'] .'</p>' .'<div class="gbedit">' .'<a href="admin-edit.php?id=' . stripslashes($row['id']) .'">edit</a> ' .'<a href="admin-delete.php?id=' . stripslashes($row['id']) .'">remove</a> </div>' .'</div>';
The PHP Explained
This should be familiar to the display page used by everyone. What is different is that we've created an extra div to contain a couple of links for editing. We pass the unique identifier (the primary key) within the link. This is the same as using a form with a method of "get". This is because after the file name, we add a question mark (?) then give a name value pair. ('...id=' . stripslashes($row['id']))
The admin-edit.php, and admin-delete.php files look for a $_GET['id'] to determine what the id value is that is being passed into the file. Those files will work based upon the update and delete commands respectively.