I’ve had this ongoing issue with many of the premium ad types: blocks, billboards, adsplus, featured ads, premium ads
One problem is that these ad types could not be edited, well, let’s be realistic, they could but the poorly written software didn’t support it.
I’m a purist when it comes to passing the minimum amount of information over global variables like $_SESSION, $_POST, and $_GET. Back in the days we were slinging code in the tarpits, I was taught to call a procedure and explicitly pass each element, and use only local variables within that procedure. Results were to be passed back through a RETURN variable or array.
PHP is no different than any other programming language, so the same basic programming discipline and protocol should also be applied.
What I found was the calling program (advertise.php) was passing control and ALL the data to the called program through global variables, for example, editadsplus.php. Once the called program took control, it was ASSUMED that the data was passed correctly. The common denominator on all the above ad types, was that they utilized a “textarea” for the description field, “adbody”. Because there were only arbitrary size limits (enforced through the editor) I’m guessing that at some point we were exceeding the global variable buffer size.
Why it was happening is not important. The fix is easy: only pass the ID, and re-query to obtain the fill data for the edit program form <input> fields.
I also encountered pure sloppy programming. In the sql “update” query, none of the data was explicitly delimited. I’ve noticed, since the later versions of PHP were released, that some of the “lax” delimiting practices were no longer tolerated.
My goal was not only to fix the functional issues, but also to universally improve the user experience by providing “preview” modal windows so the user could visualize the ad before submitting. Without preview, there was a universe full of ugly ads being submitted.
OK. So, let’s get to the fixes:
editbillboards.php
- missing $_POST for bannerurl
- Sloppy $query delimiters
- missing update for field bannerurl
- There was a problem in advertise.php also
After line 10, add this line
$bannerurl=$_POST[‘bannerurl’];
Replace the query (~ line 44) with
$query = “update billboards set subject='”.$subject.”‘, adbody='”.$adbody.”‘, url='”.$url.”‘, bannerurl='”.$bannerurl.”‘, textcolor='”.$textcolor.”‘, bgcolor='”.$bgcolor.”‘, titlecolor='”.$titlecolor.”‘, added=1, approved=0 where id=”.$id;
After <center><H2>Edit Billboard Ad</H2><br> insert this code:
<?
$query=”select * from billboards where id='”.$id.”‘”;
$result=mysql_query($query);
$line=mysql_fetch_array($result);
$subject = $line[‘subject’];
$adbody = $line[‘adbody’];
$url = $line[‘url’];
$bannerurl = $line[‘bannerurl’];
$textcolor = $line[‘textcolor’];
$bgcolor = $line[‘bgcolor’];
$titlecolor = $line[‘titlecolor’];
?>
After <p><b>Please double check your billboard ad.</b></p> insert this code
<SCRIPT LANGUAGE=”JavaScript”>
function previewad(bannerurl,url,subject,adbody,bgcolor,textcolor,titlecolor)
{
var win
win = window.open(“”, “win”, “height=250,width=500,toolbar=no,directories=no,menubar=no,scrollbars=yes,resizable=yes,dependent=yes”);
win.document.clear();
win.document.write(‘<body bgcolor=”‘+bgcolor+'”>’);
win.document.write(‘<a href=”‘+url+'”><img src=”‘+bannerurl+'” border=”0″></a>’);
win.document.write(‘<center><br><font color=”‘+titlecolor+'”>’+subject+'</font><br><br>’);
win.document.write(‘<font color=”‘+textcolor+'”>’+adbody+'<br></center></font></body>’);
win.focus();
win.document.close();
}
</SCRIPT>
<INPUT TYPE=”button” class=”form-button” value=” Preview Button ” onClick=”previewad(bannerurl.value, url.value, subject.value, adbody.value,bgcolor.value,textcolor.value,titlecolor.value)”>