Howdy,

Is there a way to edit the contents of a PHP database without telneting in?[nbsp][nbsp]i.e. maybe a windows based gui that would allow me to delete entries, etc.?

I am trying to find an easier way to delete entries on my classified ad board which you can see here:

http://www.lease2purchase.com/php/classifieds/class.php

Thanks in advance for any help.

Jeff

Or you could just use PHPMyAdmin.[nbsp][nbsp]http://www.phpwizard.net/projects/phpMyAdmin/

It's worth the install, and can give you pretty much all the control you need over your databases from a web-based interface.[nbsp][nbsp]Just make sure to put it in a secure directory.

Jeff,

You can create your own GUI with a 3-page set like this:

Create a form in a page called searchadtodrop.php3 with a search field where you can enter all or part of the listing you want to drop:

searchadtodrop.php3
<pre>
<form action=&quot;dropad.php3&quot;>
Drop this ad: <input type=&quot;text&quot; name=&quot;adname&quot; size=&quot;40&quot;>
<input type=&quot;submit&quot; value=&quot;Drop It!&quot;>
</form>
</pre>

Typing in the search field and hitting the Drop It! button sends the variable $adname (or whatever you choose to call it) to the page dropad.php3. If what you typed matches no row or more than one row in the database, the page warns that you have no precise match and sends you back to searchadtodrop.php3. If what you typed matches only one row, the page runs a MySQL query that pulls up the ad name and id associated with that row and asks you to confirm the drop.

dropad.php3
<pre>
<form action=&quot;postdrop.php3&quot; method=&quot;POST&quot; >
Confirm Drop
[nbsp][nbsp][nbsp][nbsp][nbsp][nbsp][nbsp]
<?
[nbsp][nbsp][nbsp][nbsp][nbsp]mysql_connect(&quot;$Host&quot;, &quot;$User&quot;, &quot;$Pass&quot;);
[nbsp][nbsp][nbsp][nbsp][nbsp]mysql_select_db(&quot;$DB&quot;);
[nbsp][nbsp][nbsp][nbsp][nbsp]$query = &quot; SELECT COUNT(id) as id from adtable WHERE ad like '%$adname%' &quot;;
$mysql_result = mysql_query($query);
while($row = mysql_fetch_row($mysql_result))
{
[nbsp][nbsp][nbsp][nbsp][nbsp]IF($row[0] !=1)
[nbsp][nbsp][nbsp][nbsp][nbsp]{
[nbsp][nbsp][nbsp][nbsp][nbsp]print(&quot;No precise match. Return to the <a href=searchadtodrop.php3>Drop Form</a> and try again.\n&quot;);
[nbsp][nbsp][nbsp][nbsp][nbsp]}
[nbsp][nbsp][nbsp][nbsp][nbsp]Else
[nbsp][nbsp][nbsp][nbsp][nbsp]{
[nbsp][nbsp][nbsp][nbsp][nbsp]$query = &quot; SELECT id, ad, adstatus FROM adtable WHERE ad like '%$adname%' &quot; ;
[nbsp][nbsp][nbsp][nbsp][nbsp]$mysql_result = mysql_query($query);
[nbsp][nbsp][nbsp][nbsp][nbsp]while($row = mysql_fetch_row($mysql_result))
[nbsp][nbsp][nbsp][nbsp][nbsp]{
[nbsp][nbsp][nbsp][nbsp][nbsp]print(&quot;<input type=hidden name=this_id value=&quot; . $row[0] . &quot;>Change the status of &quot; . $row[1] . &quot; from &quot; . $row[2] . &quot; to Dropped?

<input type=submit[nbsp][nbsp]value=Submit>[nbsp][nbsp] <a href=searchadtodrop.php3>Back to Form</a>
\n&quot;);
[nbsp][nbsp][nbsp][nbsp][nbsp]}
[nbsp][nbsp][nbsp][nbsp][nbsp]}
}
[nbsp][nbsp][nbsp][nbsp][nbsp]mysql_close();
?>
</form>
</pre>

Confirming the drop sends you to postdrop.php3, which executes a MySQL query that changes the status of the ad to &quot;Dropped.&quot; Or - infinitely more dangerous - you could change the query to delete the row. In either case, the action is limited to the row defined by the experession WHERE id='$this_id', fetched in the previous query and passed along to postdrop.php3 as a hidden variable.

postdrop.php3
<pre>
<?

[nbsp][nbsp][nbsp][nbsp][nbsp]mysql_connect(&quot;$Host&quot;, &quot;$User&quot;, &quot;$Password&quot;);
[nbsp][nbsp][nbsp][nbsp][nbsp]mysql_select_db(&quot;$DB&quot;);
[nbsp][nbsp][nbsp][nbsp][nbsp]$query = &quot; SELECT id, adname FROM adtable WHERE id='$this_id' &quot; ;
[nbsp][nbsp][nbsp][nbsp][nbsp]$mysql_result = mysql_query($query);
[nbsp][nbsp][nbsp][nbsp][nbsp]while($row = mysql_fetch_row($mysql_result))
[nbsp][nbsp][nbsp][nbsp][nbsp]{
[nbsp][nbsp][nbsp][nbsp][nbsp]print(&quot;Sayonara,[nbsp][nbsp]&quot; . $row[1] . &quot;!\n&quot;);
[nbsp][nbsp][nbsp][nbsp][nbsp]}
[nbsp][nbsp][nbsp][nbsp][nbsp]$query = &quot; UPDATE adtable SET adstatus='Dropped' WHERE id='$this_id' &quot; ;
[nbsp][nbsp][nbsp][nbsp][nbsp]$mysql_result = mysql_query($query);

[nbsp][nbsp][nbsp][nbsp][nbsp]mysql_close();
?>
</pre>

There may be a typo or two here as I stripped out a lot of formatting for the sake of clarity.

Be sure to put these forms in a secure directory.

Wayne

Shalazar,

The docs for PHPMyAdmin recommend using advanced authentication rather than using basic in conjuction with an .htaccess where multiple users have telnet access to a server. Not sure how this advice applies to my site on Dexter. (I don't have multiple users with access to my site, but obviously there are lots of people with telnet access to Dexter. Basic in a secure directory would be more like what I'm used to. Is that sufficient?

Thanks,

Wayne Harris

I've had no problems using it at all.[nbsp][nbsp]I just have it sitting in a .htaccess secured directory.

That warning is because you're putting your connection information in an include file.[nbsp][nbsp]And if people can telnet around to other people's directories on the server, there's a possibility (if the server is poorly setup) that people can read your plain text password in your include file.

Thanks to FutureQuest, you only have telnet access to your own account.[nbsp][nbsp]If you try to go up to the main directory, and enter someone else's directory, you are denied.[nbsp][nbsp]So I don't believe you have to worry about people accessing your directory and any information you have stored in it..

And if you're worried about access from the web, make sure to configure it so you can have your config-include outside your www directory.

Thanks, Shalazar. That's pretty much what I thought but wanted to be sure.

PHPMyAdmin is pretty impressive. Thanks for the motivating me to give it a try.

Wayne