Show sourcecode
The following files exists in this folder. Click to view.
add-article.php
aside.php
blokket-default.php
data/
initiate.php
remove-article.php
show-all-articles.php
show-article.php
update-article.php
update-article_backup.php
update-article_backup.php
1 lines ASCII Unix (LF)
<?php
$db = new PDO("sqlite:incl/blokket2/data/ads");
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING); // Display errors, but continue script.
$selected = null;
$title = null;
$image = null;
$description = null;
if(isset($_POST['article-editor-description']))
{
$ad[] = strip_tags($_POST['article-editor-title'], "<p><strong><emphasis><i><b>");
$ad[] = strip_tags($_POST['article-editor-image'], '<img>');
$ad[] = strip_tags($_POST['article-editor-description'], '<p><strong><emphasis><i><b>');
$ad[] = $_SESSION['article-in-editor'];
$stmt = $db->prepare(sqlite_escape_string('UPDATE Ads SET title=?, image=?, description=? WHERE id=?'));
$stmt->execute($ad);
}
if(isset($_POST['article-editor-selection']))
{
// $selectedIndex = strip_tags($_POST['article-editor-selection-index']);
$selected = strip_tags($_POST['article-editor-selection']);
$_SESSION['article-in-editor'] = $selected;
}
if(isset($selected))
{
if($selected != "Select article")
{
$stmt = $db->prepare(sqlite_escape_string('SELECT * FROM Ads WHERE id=?;'));
$stmt->execute(array($selected));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
$title = $rows[0]['title'];
$image = $rows[0]['image'];
$description = $rows[0]['description'];
}
}
?>
mysql
<h1>Update article</h1>
<fieldset>
<form method="post">
<legend>Available articles:</legend>
<select name="article-editor-selection" onchange='form.submit();'>
<?php
$stmt = $db->prepare('SELECT * FROM Ads;');
$stmt->execute();
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
echo "<option value='" . "Select article" . "' ' selected>" . "Select article" . "</option>";
foreach ($rows as $row)
{
if ($selected == $row['id'])
echo "<option value='" . $row['id'] . "' selected>" . $row['title'] . "</option>";
else
echo "<option value='" . $row['id'] . "'>" . $row['title'] . "</option>";
}
?>
</select>
</form>
<form method="post">
<input type="text" name="article-editor-title" value="<?php echo $title; ?>"><br>
<input type="text" name="article-editor-image" value="<?php echo $image; ?>"><br> <!-- TODO Make this display correctly. -->
<textarea rows="4" cols="50" name="article-editor-description"><?php echo $description; ?></textarea><br>
<input type="submit" name="doSave" value="Save changes">
</form>
<?php
/*
if(isset($selected) & $selected != "Select article")
{
if (substr(sprintf('%o', fileperms("incl/blokket/data/" . $selected)), -4) != 666) // TODO Check more comprehensively instead of just checking against 666.
echo "<p>The selected article cannot be edited.</p>";
}
*/
?>
</fieldset>