diff options
Diffstat (limited to 'category.php')
| -rw-r--r-- | category.php | 57 |
1 files changed, 30 insertions, 27 deletions
diff --git a/category.php b/category.php index 9fffd10..4280767 100644 --- a/category.php +++ b/category.php @@ -2,42 +2,45 @@ include_once 'includes/db_inc.php'; include_once 'header.php'; -include_once 'includes/functions_inc.php'; +include_once 'includes/functions_display.php'; -echo '<section>'; - -$sql = "SELECT cat_name, cat_description FROM categories WHERE cat_id = " . mysqli_real_escape_string($dbc, $_GET['id']); -$result = mysqli_query($dbc, $sql); +if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) { + echo '<section>Unknown category.</section>'; +} else { + echo '<section>'; -if (!$result) { - die('Error trying to display category: ' . mysqli_error($dbc)); -} + $sql = "SELECT cat_name, cat_description FROM categories WHERE cat_id = " . mysqli_real_escape_string($dbc, $_GET['id']); + $result = mysqli_query($dbc, $sql); -// Display category name and description + if (!$result) { + die('Error trying to display category: ' . mysqli_error($dbc)); + } -if (mysqli_num_rows($result) == 0) { - echo 'This category does not exist'; -} else { - while ($row = mysqli_fetch_assoc($result)) { - echo '<h1>' . $row['cat_name'] . '</h1>'; - echo $row['cat_description']; + // Display category name and description + if (mysqli_num_rows($result) == 0) { + echo 'This category does not exist'; + } else { + while ($row = mysqli_fetch_assoc($result)) { + echo '<h1>' . $row['cat_name'] . '</h1>'; + echo $row['cat_description']; + } } -} -mysqli_free_result($result); + mysqli_free_result($result); -echo '</section>'; + echo '</section>'; -$sql = "SELECT thread_id, thread_subject, thread_date, user_id, user_name FROM threads JOIN users ON thread_author = user_id WHERE thread_cat = " . mysqli_real_escape_string($dbc, $_GET['id']) . " ORDER BY thread_id DESC"; -$result = mysqli_query($dbc, $sql); + $sql = "SELECT thread_id, thread_subject, thread_date, user_id, user_name FROM threads JOIN users ON thread_author = user_id WHERE thread_cat = " . mysqli_real_escape_string($dbc, $_GET['id']) . " ORDER BY thread_id DESC"; + $result = mysqli_query($dbc, $sql); -if (!$result) { - die('Error trying to display threads: ' . mysqli_error($dbc)); -} + if (!$result) { + die('Error trying to display threads: ' . mysqli_error($dbc)); + } -echo '<table><tr><th class="left">Thread</th><th class="right">Latest Post</th></tr>'; -display_threads($dbc, $result); -mysqli_free_result($result); -echo '</table>'; + echo '<table><tr><th class="left">Thread</th><th class="right">Latest Post</th></tr>'; + display_threads($dbc, $result); + mysqli_free_result($result); + echo '</table>'; +} include 'footer.php';
\ No newline at end of file |