Show sourcecode
The following files exists in this folder. Click to view.
add-article.php
aside.php
blokket-default.php
data/
initiate.php
remove-article.php
show-all-articles.php
show-article.php
update-article.php
update-article_backup.php
update-article.php
1 lines ASCII Unix (LF)
<?php
$db = new PDO("sqlite:incl/blokket2/data/ads");
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); // Display errors, but continue script.
$selected = null;
$title = null;
$image = null;
$description = null;
$saved = null;
if(isset($_POST['article-editor-description']) && $_POST['selected-article'] != "- Select article -")
{
$title = strip_tags($_POST['article-editor-title'], "<p><strong><emphasis><i><b>");
$image = strip_tags($_POST['article-editor-image']);
$description = strip_tags($_POST['article-editor-description'], '<p><strong><emphasis><i><b>');
$selected = strip_tags($_POST['selected-article']);
$stmt = $db->prepare('UPDATE Ads SET title=?, image=?, description=? WHERE id=?');
$stmt->bindParam(1, $title, PDO::PARAM_STR);
$stmt->bindParam(2, $image, PDO::PARAM_STR);
$stmt->bindParam(3, $description, PDO::PARAM_STR);
$stmt->bindParam(4, $selected, PDO::PARAM_INT);
$stmt->execute();
$saved = true;
}
if(isset($_POST['article-editor-selection']))
{
$selected = strip_tags($_POST['article-editor-selection']); // Sanitizes input?
}
if(isset($selected))
{
if($selected != "Select article")
{
$stmt = $db->prepare('SELECT * FROM Ads WHERE id=?;');
$stmt->execute(array($selected));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
$title = $rows[0]['title'];
$image = $rows[0]['image'];
$description = $rows[0]['description'];
}
}
?>
<h1>Update article</h1>
<fieldset>
<form method="post">
<p><label for="article-editor-selection">Available articles:</label><br>
<select id="article-editor-selection" name="article-editor-selection" onchange='form.submit();'>
<?php
$stmt = $db->prepare('SELECT * FROM Ads;');
$stmt->execute();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
echo "<option value='- Select article -' selected>- Select article -</option>";
$options = "";
foreach ($rows as $row)
{
if ($selected == $row['id'])
$options .= "<option value='" . $row['id'] . "' selected>" . $row['title'] . "</option>";
else
$options .= "<option value='" . $row['id'] . "'>" . $row['title'] . "</option>";
}
echo $options;
?>
</select>
</p>
</form>
<form method="post">
<p><input type="text" name="article-editor-title" value="<?php echo $title; ?>"><br>
<input type="text" name="article-editor-image" value="<?php echo $image; ?>"><br> <!-- TODO Make this display correctly. -->
<textarea rows="4" cols="50" name="article-editor-description"><?php echo $description; ?></textarea><br>
<input type="hidden" name="selected-article" value="<?php echo $selected; ?>">
<input type="submit" name="doSave" value="Save changes">
<input type="reset" name="reset" value="Reset"></p>
</form>
<?php
/*
if(isset($selected) & $selected != "Select article")
{
if (substr(sprintf('%o', fileperms("incl/blokket/data/" . $selected)), -4) != 666) // TODO Check more comprehensively instead of just checking against 666.
echo "<p>The selected article cannot be edited.</p>";
}
*/
?>
<?php
if(isset($saved) && isset($_POST["doSave"]))
{
if(isset($selected) && ($selected != "- Select article -"))
{
if ($saved == true)
echo "<p class='success'>The changes to the article were saved.</p>";
}
else
echo "<p class='notice'>No article has been selected for editing.</p>";
}
?>
</fieldset>