Creando un CMS [Tutorial en Ingles]
Existen muchos CMS y cada uno tiene a sus fieles usuarios, como también hay usuarios que tienen sus propios CMS.
Con este tutorial que encontré gracias a Francisco, podremos crear nuestro propio CMS, que con paciencia y un poco de Ingles lo tendremos listo en poco tiempo, claro que con muy pocas opciones en comparación con WordPress, ya que solo es un tutorial básico.
El tutorial se encuentra dividido en estos temas:
- Crear una base de datos.
- Conectar con una base de datos.
- Mostrar un formulario con dos campos.
- Guardar los datos del formulario en la base de datos.
- Mostrar los datos que se han guardado.
Lo ideal serÃa que supieras un poco de PHP, o que lo estes practicando, de esta forma podrás darle más opciones de las que aquà nos enseñan.
Se incluye un archivo .zip para descargar los archivos como complemento al tutorial en sÃ.
30/01/2009
Post Relacionados
2 Comentarios en “Creando un CMS [Tutorial en Ingles]”
Deja un Comentario
Additional comments powered by BackType
Enero 30th, 2009 a las 4:22 pm
Información Bitacoras.com…
Si lo deseas, puedes hacer click para valorar este post en Bitacoras.com. Gracias….
Mayo 12th, 2010 a las 9:07 pm
No offense, but I had a quick look through your article and there’s a lot of things I have an issue with.
Why are you doing the CREATE TABLE IF NOT EXISTS on every page load? It’s a bit of a useless query. Create it, and then store somewhere that it is created – or just do so manually.
display_admin() form. $_SERVER['PHP_SELF'] is not safe. XSS exploitable. Clean it using htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES) or htmlentities($_SERVER['PHP_SELF']);
If magicquotes GPC is on, you want to strip slashes from items in $_POST before inserting them to the database. (In most cases, magicquotes GPC will be disabled these days)
In the INSERT query for inserting a new item, it’s best to specify the fields to insert into. If you add another column (for example with a default value) to the table then you’ll also need to adjust the query. If you’re explicitly naming columns, you don’t need to.
mysql_num_rows should be used with care. It’s safe to use as you’re using it where you’ve got a LIMIT that is set very low on the query. Why? This function makes PHP count each and every row manually. The best solution (for large datasets) is to either to a COUNT query separately or even better, in the while loop, set a flag if any posts were processed or not. (Speaking of which, you could just do if(!$entry_display) { … no posts message }.
You don’t need to use stripslashes when fetching the data from the database. Especially if magicquotes GPC is off, as this will strip legitimate slashes.
Once again, $_SERVER['PHP_SELF'] is tainted. This is especially important here, as it’s a publicly accessible page. Escape it before displaying it.
if($_POST) is a very bad check to be doing. Check if $_SERVER['REQUEST_METHOD'] is POST, or $_POST is not empty (if(!empty($_POST)) {)
Sorry, but there’s this issue I have if you’re going to be teaching other people how to use a programming language – you need to do it right, so you’re not teaching bad practices.