Script 17.7
PHP and MySQL for Dynamic Web Sites: The Forum!
English/English
You must be logged in to post messages.
<?php # Script 17.7 - post.php // This page handles the message post. // It also displays the form if creating a new thread. include (CHAPTER_PATH.'/'.$chapter.'/includes/17.1.php'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form. // Language ID is in the session. // Validate thread ID ($tid), which may not be present: if (isset($_POST['tid']) && filter_var($_POST['tid'], FILTER_VALIDATE_INT, array('min_range' => 1)) ) { $tid = $_POST['tid']; } else { $tid = FALSE; } // If there's no thread ID, a subject must be provided: if (!$tid && empty($_POST['subject'])) { $subject = FALSE; echo '<p>Please enter a subject for this post.</p>'; } elseif (!$tid && !empty($_POST['subject'])) { $subject = htmlspecialchars(strip_tags($_POST['subject'])); } else { // Thread ID, no need for subject. $subject = TRUE; } // Validate the body: if (!empty($_POST['body'])) { $body = htmlentities($_POST['body']); } else { $body = FALSE; echo '<p>Please enter a body for this post.</p>'; } if ($subject && $body) { // OK! // Add the message to the database... if (!$tid) { // Create a new thread. $q = "INSERT INTO mb_threads (lang_id, user_id, subject) VALUES ({$_SESSION['lid']}, {$_SESSION['user_id']}, '" . mysqli_real_escape_string($link, $subject) . "')"; $r = mysqli_query($link, $q); if (mysqli_affected_rows($link) == 1) { $tid = mysqli_insert_id($link); } else { echo '<p>Your post could not be handled due to a system error.</p>'; } } // No $tid. if ($tid) { // Add this to the replies table: $q = "INSERT INTO mb_posts (thread_id, user_id, message, posted_on) VALUES ($tid, {$_SESSION['user_id']}, '" . mysqli_real_escape_string($link, $body) . "', UTC_TIMESTAMP())"; $r = mysqli_query($link, $q); if (mysqli_affected_rows($link) == 1) { echo '<p>Your post has been entered.</p>'; } else { echo '<p>Your post could not be handled due to a system error.</p>'; } } // Valid $tid. } else { // Include the form: include (CHAPTER_PATH.'/'.$chapter.'/includes/17.6.php'); } } else { // Display the form: include (CHAPTER_PATH.'/'.$chapter.'/includes/17.6.php'); } include (CHAPTER_PATH.'/'.$chapter.'/includes/17.2.php'); ?>