text versioning system using PHP MySQL

Question

I am trying to create a system where a user can enter some text and another user can edit that input and another can edit the input that the second user has entered. This is the code that I have so far; it only works as a reply system to a post at the moment:

<?php
    include 'includes/connection.php';

    $query = "SELECT * FROM branches";  
    $result1 = mysql_query($query) or die(mysql_error());

    while($person = mysql_fetch_array($result1)) {  //As long as there is data, output the data
        $id = $person['ID'];
        $query2 = "SELECT * FROM branchesedit WHERE (parent_id = '$id' )";
        $result2 =  mysql_query($query2) or die(mysql_error());

        echo "<h3>" . $person['Names'] . "</h3>";
        echo "<p>" . $person['Lyrics'] . "</p>";
        echo "<a href=\"modify.php?id=" . $person['ID'] . "\">Modify Song</a>";
        echo "<span> </span>";
        echo "<a href=\"delete.php?id=" . $person['ID'] . "\">Delete Song</a>"; 

        while($row2 = mysql_fetch_array($result2)){
            echo "<h3>" . $row2['Name'] . "</h3>";
            echo "<p>" . $row2['LyricUpdate'] . "</p>";
        }
    }
?>

modify.php

<?php
    if(isset($_POST['submit'])) {
        $query = "SELECT ID FROM branches WHERE ID = $_GET[id]";

        mysql_query("INSERT into branchesedit(`IDs`, `Name`, `LyricUpdate`, `parent_id`)
            VALUES ('','$_POST[inputName]', '$_POST[ta]', '$_POST[id]')") or die(mysql_error());

        echo "Song has been modified";
        header("Location: index.php");  
    }
?>

there isn't an error in this code but I'm looking for a way to implement this: — Tomiwa Olorunfunmi, Apr 10 '15 at 03:37
Your modify.php is using an `isset()` function, but in your (assuming) index.php, has no `
` or ` — Logan Wayne, Apr 10 '15 at 03:40

score 0 · Answer 1 · edited May 23 '17 at 12:22

Note:

You are using an isset() function on your modify.php where in your first given code (guessing your index.php) does not have a submit button. Only has a link that will redirect users to modify.php.
Better include a connection in your modify.php to establish connection so you can run your query.
You should consider using mysqli_* prepared statement rather than the deprecated mysql_* functions to prevent SQL injections.

Your modify.php in prepared statement:

<?php
    /* INCLUDE HERE YOUR CONNECTION */
    if(!empty($_GET['id'])) {

      if($stmt = $con->prepare("SELECT IDs, Name, LyricUpdate FROM branchesedit WHERE parent_id = ? ORDER BY IDs DESC")){
        $stmt->bind_param("i",$_GET["id"]);
        $stmt->execute();
        $stmt->store_result();
        $stmt->bind_result($id,$name,$lyricupdate);
        $stmt->fetch();
        ?>
          <h1>Modified by: <?php echo $name; ?></h1>
          <form action="modify.php" method="POST">
            <input type="hidden" name="id" value="<?php echo $_GET["id"]; ?>">
            <input type="text" name="inputName" value="<?php echo $name; ?>"><br>
            <textarea name="ta"><?php echo $lyricupdate; ?>"></textarea><br>
            <input type="submit" name="submit">
          </form>
        <?php
        $stmt->close();
      } /* END OF PREPARED STATEMENT */
    } /* END OF NOT EMPTY ID */

    if(isset($_POST["submit"])){

      if($stmt = $con->prepare("INSERT into branchesedit (`Name`, `LyricUpdate`, `parent_id`)
        VALUES (?,?,?)")){
        $stmt->bind_param("ssi",$_POST["inputName"],$_POST["ta"],$_POST["id"]);
        $stmt->execute();
        $stmt->close();
      } /* END OF INSERT PREPARED STATEMENT */

      echo "Song has been modified";
      header("LOCATION: index.php");  
    } /* END OF ISSET SUBMIT */
?>

Summary:

When a user clicks on Modify Song link, user will be redirected to modify.php and then runs a query that will select the latest edit from your table branchesedit based from the ID being passed from the link.
User will see a form that is already filled up based from the last edit.
When submitted, it will still be in the modify.php and then runs an insert query.
After the insert query, it will redirect back to index.php
Replace the necessary connection variable I used in the prepared statement:

Example of your connection to be included in your queries (connection.php):

$con = new mysqli("Yourhost", "Yourusername", "Yourpassword", "Yourdatabase");

/* CHECK CONNECTION */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

text versioning system using PHP MySQL

1 Answers1

Note: