6.3. Modifying admin.php to Save Page Associations
Saving the page an entry is associated with is as easy as adding another input to your form. However, there are a couple reasons you don't want to require the user to fill out the page an entry belongs on. First, it's inconvenient for the user; second, it increases the risk of typos or confusion.
Fortunately, HTML forms allow you to insert hidden inputs, which contain a value that is passed in the $_POST superglobal, but isn't displayed to the user. In your admin.php script (full path: /xampp/htdocs/simple_blog/admin.php), add a hidden input to your form by inserting the lines in bold:
<?php
if(isset($_GET['page']))
{
$page = htmlentities(strip_tags($_GET['page']));
}
else
{
$page = 'blog';
}
?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type"
content="text/html;charset=utf-8" />
<link rel="stylesheet"
href="/simple_blog/css/default.css" type="text/css" />
<title> Simple Blog </title>
</head>
<body>
<h1> Simple Blog Application </h1>
<form method="post" action="/simple_blog/inc/update.inc.php">
<fieldset>
<legend>New Entry Submission</legend>
<label>Title
<input type="text" name="title" maxlength="150" />
</label>
<label>Entry
<textarea name="entry" cols="45" rows="10"></textarea>
</label><input type="hidden" name="page"
value="<?php echo $page ?>" />
<input type="submit" name="submit" value="Save Entry" />
<input type="submit" name="submit" value="Cancel" />
</fieldset>
</form>
</body>
</html>In the first line of this script, you retrieve the page variable, which will be passed in the URL. To make sure a variable was passed, you use the ternary operator (a shortcut syntax for the if else statement) to check whether $_GET['page'] is set. If so, you perform basic sanitization by removing any HTML tags from the string, then encoding any special characters that could cause problems in your script. If not, you provide a default page, blog, to avoid any unexpected behavior.
Then, in the form itself, you insert a hidden input with the name of "page" and a value that contains the sanitized value from the URL.
This means that creating an entry with an associated page requires that you access admin.php using a path that includes a page variable:
http://localhost/simple_blog/admin.php?page=about
This means that you need to make some adjustments to index.php to ensure that a page variable is passed when a user clicks the link to create a new entry.
In index.php, starting at line 100, modify the link to create a new entry as follows:
<p class="backlink">
<a href="/simple_blog/admin.php?page=<?php echo $page ?>">
Post a New Entry
</a>
</p>This entry takes the $page variable you stored at the beginning of the script and uses it to make a link for posting a new entry pass to the page. You can test this by navigating to http://localhost/simple_blog/?page=about; this URL lets you use your browser to look at the page value stored in the "Post a New Entry" link (see Figure 6-4).
|
Figure 6.4. The source code of http://localhost/simple_blog/?page=about
Next, you need to make sure that you're storing the page in the hidden input properly. Click the "Post a New Entry" link on http://localhost/simple_blog/?page=about, which should direct you to http://localhost/simple_blog/admin.php?page=about. There, you can see your form as usual, but looking at the source code should reveal that the hidden input now contains the "about" value that was passed in the URL (see Figure 6-5).
Figure 6.5. The source of http://localhost/simple_blog/admin.php?page=about
Now you know that the page will be passed to the form. This means that you have access, via the $_POST superglobal, to whatever page the entry is associated with after the new entry is submitted.
However, bear in mind that the page association won't be saved until you make some adjustments to update.inc.php to handle this new information.