diff options
| author | Cflip <36554078+cflip@users.noreply.github.com> | 2021-01-23 11:24:05 -0700 |
|---|---|---|
| committer | Cflip <36554078+cflip@users.noreply.github.com> | 2021-01-23 11:24:05 -0700 |
| commit | 19a3704acbf9801c0b1491a84828496ef46bc840 (patch) | |
| tree | aff00dc7753eb9dff38d4e556f633fd17e0dff79 /create_topic.php | |
| parent | 6a2867481359b185b32955be4de5c3bee4cdc269 (diff) | |
Form cleanup and better password hashing
Diffstat (limited to 'create_topic.php')
| -rw-r--r-- | create_topic.php | 69 |
1 files changed, 62 insertions, 7 deletions
diff --git a/create_topic.php b/create_topic.php index 2953646..278d0fa 100644 --- a/create_topic.php +++ b/create_topic.php @@ -9,12 +9,11 @@ if (!isset($_SESSION['signed_in'])) { } ?> -<form action="includes/topic_inc.php" method="post"> +<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post"> <label for="topic_subject">Subject: </label><br> <input type="text" name="topic_subject"><br> <label for="topic_cat">Category: </label><br> - <select name="topic_cat">'; - <?php + <?php include_once 'includes/db_inc.php'; $sql = "SELECT cat_id, cat_name, cat_description FROM categories"; @@ -28,11 +27,14 @@ if (!isset($_SESSION['signed_in'])) { die('There are currently no categories to post to.'); } + echo '<select name="topic_cat">'; + while ($row = mysqli_fetch_assoc($result)) { echo '<option value="' . $row['cat_id'] . '">' . $row['cat_name'] . '</option>'; } - ?> - </select><br> + + echo '</select><br>'; + ?> <label for="post_content">Write your post: </label><br> <textarea name="post_content"></textarea><br> <input type="submit" name="submit"> @@ -40,5 +42,58 @@ if (!isset($_SESSION['signed_in'])) { </section> <?php -include 'footer.php'; -?>
\ No newline at end of file +include_once 'includes/db_inc.php'; + +function create_topic($dbc, $topic_subject, $topic_cat, $topic_author) { + $sql = "INSERT INTO topics(topic_subject, topic_date, topic_cat, topic_author) VALUES(?, NOW(), ?, ?);"; + $stmt = mysqli_stmt_init($dbc); + + if (!mysqli_stmt_prepare($stmt, $sql)) { + die('Could not create topic due to internal error: ' . mysqli_error($dbc)); + } + + mysqli_stmt_bind_param($stmt, "sii", $topic_subject, $topic_cat, $topic_author); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); +} + +function create_post($dbc, $post_content, $post_topic, $post_author) { + $sql = "INSERT INTO posts(post_content, post_date, post_topic, post_author) VALUES(?, NOW(), ?, ?);"; + $stmt = mysqli_stmt_init($dbc); + + if (!mysqli_stmt_prepare($stmt, $sql)) { + die('Could not create topic due to internal error: ' . mysqli_error($dbc)); + } + + mysqli_stmt_bind_param($stmt, "sii", $post_content, $post_topic, $post_author); + mysqli_stmt_execute($stmt); + mysqli_stmt_close($stmt); +} + +function validate($data) { + $data = trim($data); + $data = stripslashes($data); + $data = htmlspecialchars($data); + return $data; +} + +if ($_SERVER['REQUEST_METHOD'] == 'POST') { + $post_content = validate($_POST['post_content']); + $topic_subject = validate($_POST['topic_subject']); + $topic_cat = validate($_POST['topic_cat']); + $user_id = validate($_SESSION['user_id']); + + create_topic($dbc, $topic_subject, $topic_cat, $user_id); + $topic_id = mysqli_insert_id($dbc); + create_post($dbc, $post_content, $topic_id, $user_id); + + if (!$post_result) { + echo 'An error occurred creating your post: ' . mysqli_error($dbc); + } + + header("Location: topic.php?id=" . $topic_id); +} + +?> + +<?php include_once 'footer.php';?>
\ No newline at end of file |