professional-sql-02-public-files-add-post.php / php
<?php // include shared code include '../lib/common.php'; include '../lib/db.php'; include '../lib/functions.php'; include '../lib/User.php'; // 401 file included because user should be logged in to access this page include '401.php'; // retrive user information _SESSION['userId']); // validate incoming values _GET['fid'])) ? (int)query = sprintf('SELECT FORUM_ID FROM\ %sFORUM WHERE FORUM_ID =\ %d', DB_TBL_PREFIX, result = mysql_query(GLOBALS['DB']); if (!mysql_num_rows(result); mysql_close(<p>Invalid forum id.</p>'); } mysql_free_result(result); _GET['mid'])) ? (int)query = sprintf('SELECT MESSAGE_ID FROM\ %sFORUM_MESSAGE WHERE ' . 'MESSAGE_ID =\ %d', DB_TBL_PREFIX, result = mysql_query(GLOBALS['DB']); if (result)) { mysql_free_result(GLOBALS['DB']); die('<p>Invalid forum id.</p>'); } mysql_free_result(msg_subject = (isset(_POST['msg_subject']) : ''; _POST['msg_text'])) ? trim(// add entry to the database if the form was submitted and the necessary // values were supplied in the form if (isset(_POST['submitted']) && msg_text) {\ %sFORUM_MESSAGE (SUBJECT, ' . 'MESSAGE_TEXT, PARENT_MESSAGE_ID, FORUM_ID, USER_ID) VALUES ' . '("\ %s", "\ %s",\ %d,\ %d,\ %d)', DB_TBL_PREFIX, mysql_real_escape_string(msg_subject, msg_text, msg_id, user->userId); mysql_query(GLOBALS['DB']); echo mysql_error(); // redirect header('Location: view.php?fid=' . msg_id) ? '&mid=' . // form was submitted but not all the information was correctly filled in else if (isset(_POST['submitted'])) { <p>Not all information was provided. Please correct ' . 'and resubmit.</p>'; } // generate the form ob_start(); if (isset(message)) echo <form method="post" action="<?php echo htmlspecialchars(_SERVER['PHP_SELF']) . '?fid=' . msg_id; ?>"> <div> <label for="msg_subject">Subject:</label> <input type="input" id="msg_subject" name="msg_subject" value="<?php echo htmlspecialchars(<br/> <label for="msg_text">Post:</label> <textarea id="msg_text" name="msg_text"><?php echo htmlspecialchars(msg_text); ?></textarea> <br/> <input type="hidden" name="submitted" value="1"/> <input type="submit" value="Create"/> </div> </form> <?php // display the page include '../templates/template-page.php'; ?>
(C) Æliens 20/2/2008
You may not copy or print any of this material without explicit permission of the author or the publisher. In case of other copyright issues, contact the author.