[CMS][Tutorial] How to Fix the post News

[Reis]

Hello, I'm Lucas Reis, owner of:

You must be registered for see links

I've fixed the PHP to post the correct news without the HTML tags.

If you want this fixed, go to:

Your style > hk > news2.php

In the 66 line, remove the Filter tag in the ["longstory"], eg:

    mysql_query("INSERT INTO cms_news (title,shortstory,longstory,published,image,author, campaign, campaignimg) VALUES ('" . filter($_SESSION["title"]) . "', '" . filter($_SESSION["shortstory"]) . "', '" . ($_SESSION["longstory"]) . "', '" . time() . "', '" . filter($_POST["topstory"]) . "', '" . filter($author) . "', 0, 'default')") or die(mysql_error());

Save the document and test to post the news.

Or download:
Attached document.

This realy work.

Credits:
Kryptos - RevCms coder
Me - Fixing the post News

 

[dehan]

Thanks

 

[Gajeel]

Post it on Habbo turtials please, a moderator close thread -.-

OFT: Don't mini mod, lol. They'll move it, probably he is a "

New Member" ​

and got his first post? Chillax!

ONT: Nice tut, will help alot.

 

[habjamz]

EXCELLENT TY SO MUCH

 

[Peter Griffin]

Do you run the MySQL query because if I run it it comes as a error?

 

[Kryptos]

Yea but that'd make it exploitable...

Just change the filter tag with mysql_real_escape_string..

Like so,

mysql_query("INSERT INTO cms_news (title,shortstory,longstory,published,image,author, campaign, campaignimg) VALUES ('" . filter($_SESSION["title"]) . "', '" . filter($_SESSION["shortstory"]) . "', '" . mysql_real_escape_string($_SESSION["longstory"]) . "', '" . time() . "', '" . filter($_POST["topstory"]) . "', '" . filter($author) . "', 0, 'default')") or die(mysql_error());

USE MY QUERY ABOVE, NOT THE ONE IN THE THREAD.

 

[Peter Griffin]

Thanks christ for this i needed it them HTMl tages was annoying me!

 

[Online]

Er, what if that still doesnt fix it?
"Incorrect integer value: 'Codeh' for column 'author' at row 1"

 

[Kryptos]

Er, what if that still doesnt fix it?
"Incorrect integer value: 'Codeh' for column 'author' at row 1"

Go to PHPMyAdmin, and change the value of 'author' in the cms_news table from "int" to "varchar"

 

[Online]

Go to PHPMyAdmin, and change the value of 'value' in the cms_news table from "int" to "varchar"

Ah, thanks!

 

[Hayate-Kun]

How to change the value with Navicat?

 

[Bat]

How to change the value with Navicat?

go to cms_news and click design table

 

[Hayate-Kun]

go to cms_news and click design table

Thanks !

 

[Bullethotel]

Not working for me :l

 

[Bullethotel]

Downloaded your file & inserted didn't work.

 

[Landon]

This did not worked sadly

 

[Bullethotel]

Sure, didn't care to explain D:

 

[JeeCee]

Yea but that'd make it exploitable...

Just change the filter tag with mysql_real_escape_string..

Like so,

mysql_query("INSERT INTO cms_news (title,shortstory,longstory,published,image,author, campaign, campaignimg) VALUES ('" . filter($_SESSION["title"]) . "', '" . filter($_SESSION["shortstory"]) . "', '" . mysql_real_escape_string($_SESSION["longstory"]) . "', '" . time() . "', '" . filter($_POST["topstory"]) . "', '" . filter($author) . "', 0, 'default')") or die(mysql_error());

USE MY QUERY ABOVE, NOT THE ONE IN THE THREAD.

If I do that, and I post a news item, and I go to the news page to see that item, I still got the \r\n in the news item, instead of a black 'enter'

 

[Kryptos]

If I do that, and I post a news item, and I go to the news page to see that item, I still got the \r\n in the news item, instead of a black 'enter'

Try this, then:

It should act as a '<br>' wherever it says '\n' or '\r', etc.

mysql_query("INSERT INTO cms_news (title,shortstory,longstory,published,image,author, campaign, campaignimg) VALUES ('" . filter($_SESSION["title"]) . "', '" . filter($_SESSION["shortstory"]) . "', '" . nl2br(mysql_real_escape_string($_SESSION["longstory"])) . "', '" . time() . "', '" . filter($_POST["topstory"]) . "', '" . filter($author) . "', 0, 'default')") or die(mysql_error());

 

[JeeCee]

Try this, then:

It should act as a '<br>' wherever it says '\n' or '\r', etc.

mysql_query("INSERT INTO cms_news (title,shortstory,longstory,published,image,author, campaign, campaignimg) VALUES ('" . filter($_SESSION["title"]) . "', '" . filter($_SESSION["shortstory"]) . "', '" . nl2br(mysql_real_escape_string($_SESSION["longstory"])) . "', '" . time() . "', '" . filter($_POST["topstory"]) . "', '" . filter($author) . "', 0, 'default')") or die(mysql_error());

Hmpf, tried that, stil got the error.

P.S. got a screenie here: