Show sourcecode

The following files exists in this folder. Click to view.

test/incl/blokket2/

add-article.php
aside.php
blokket-default.php
data/
initiate.php
remove-article.php
show-all-articles.php
show-article.php
update-article.php
update-article_backup.php

`update-article_backup.php`

1 lines ASCII Unix (LF)

1

<?php
$db = new PDO("sqlite:incl/blokket2/data/ads");
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); // Display errors, but continue script.

$selected = null;
$title = null;
$image = null;
$description = null;

if(isset($_POST['article-editor-description']))
{
    $ad[] = strip_tags($_POST['article-editor-title'], "<p><strong><emphasis><i><b>");
    $ad[] = strip_tags($_POST['article-editor-image'], '<img>');
    $ad[] = strip_tags($_POST['article-editor-description'], '<p><strong><emphasis><i><b>');
    $ad[] = $_SESSION['article-in-editor'];

    $stmt = $db->prepare(sqlite_escape_string('UPDATE Ads SET title=?, image=?, description=? WHERE id=?'));
    $stmt->execute($ad);
}

if(isset($_POST['article-editor-selection']))
{
   // $selectedIndex = strip_tags($_POST['article-editor-selection-index']);
    $selected = strip_tags($_POST['article-editor-selection']);
    $_SESSION['article-in-editor'] = $selected;
}

if(isset($selected))
{
    if($selected != "Select article")
    {
        $stmt = $db->prepare(sqlite_escape_string('SELECT * FROM Ads WHERE id=?;'));
        $stmt->execute(array($selected));
        $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);

        $title = $rows[0]['title'];
        $image = $rows[0]['image'];
        $description = $rows[0]['description'];
    }
}
?>
mysql

<h1>Update article</h1>
<fieldset>
    <form method="post">
        <legend>Available articles:</legend>
        <select name="article-editor-selection" onchange='form.submit();'>
            <?php
            $stmt = $db->prepare('SELECT * FROM Ads;');
            $stmt->execute();
            $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
            echo "<option value='" . "Select article" . "' ' selected>" . "Select article" . "</option>";
            foreach ($rows as $row)
            {
                if ($selected == $row['id'])
                    echo "<option value='" . $row['id'] . "' selected>" . $row['title'] . "</option>";
                else
                    echo "<option value='" . $row['id'] . "'>" . $row['title'] . "</option>";
            }
            ?>
        </select>
    </form>

    <form method="post">
        <input type="text" name="article-editor-title" value="<?php echo $title; ?>"><br>
        <input type="text" name="article-editor-image" value="<?php echo $image; ?>"><br> <!-- TODO Make this display correctly. -->
        <textarea rows="4" cols="50" name="article-editor-description"><?php echo $description; ?></textarea><br>
        <input type="submit" name="doSave" value="Save changes">
    </form>

    <?php
    /*
    if(isset($selected) & $selected != "Select article")
    {
        if (substr(sprintf('%o', fileperms("incl/blokket/data/" . $selected)), -4) != 666) // TODO Check more comprehensively instead of just checking against 666.
            echo "<p>The selected article cannot be edited.</p>";
    }
    */
    ?>
</fieldset>