summaryrefslogtreecommitdiff
path: root/category.php
diff options
context:
space:
mode:
Diffstat (limited to 'category.php')
-rw-r--r--category.php57
1 files changed, 30 insertions, 27 deletions
diff --git a/category.php b/category.php
index 9fffd10..4280767 100644
--- a/category.php
+++ b/category.php
@@ -2,42 +2,45 @@
include_once 'includes/db_inc.php';
include_once 'header.php';
-include_once 'includes/functions_inc.php';
+include_once 'includes/functions_display.php';
-echo '<section>';
-
-$sql = "SELECT cat_name, cat_description FROM categories WHERE cat_id = " . mysqli_real_escape_string($dbc, $_GET['id']);
-$result = mysqli_query($dbc, $sql);
+if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) {
+ echo '<section>Unknown category.</section>';
+} else {
+ echo '<section>';
-if (!$result) {
- die('Error trying to display category: ' . mysqli_error($dbc));
-}
+ $sql = "SELECT cat_name, cat_description FROM categories WHERE cat_id = " . mysqli_real_escape_string($dbc, $_GET['id']);
+ $result = mysqli_query($dbc, $sql);
-// Display category name and description
+ if (!$result) {
+ die('Error trying to display category: ' . mysqli_error($dbc));
+ }
-if (mysqli_num_rows($result) == 0) {
- echo 'This category does not exist';
-} else {
- while ($row = mysqli_fetch_assoc($result)) {
- echo '<h1>' . $row['cat_name'] . '</h1>';
- echo $row['cat_description'];
+ // Display category name and description
+ if (mysqli_num_rows($result) == 0) {
+ echo 'This category does not exist';
+ } else {
+ while ($row = mysqli_fetch_assoc($result)) {
+ echo '<h1>' . $row['cat_name'] . '</h1>';
+ echo $row['cat_description'];
+ }
}
-}
-mysqli_free_result($result);
+ mysqli_free_result($result);
-echo '</section>';
+ echo '</section>';
-$sql = "SELECT thread_id, thread_subject, thread_date, user_id, user_name FROM threads JOIN users ON thread_author = user_id WHERE thread_cat = " . mysqli_real_escape_string($dbc, $_GET['id']) . " ORDER BY thread_id DESC";
-$result = mysqli_query($dbc, $sql);
+ $sql = "SELECT thread_id, thread_subject, thread_date, user_id, user_name FROM threads JOIN users ON thread_author = user_id WHERE thread_cat = " . mysqli_real_escape_string($dbc, $_GET['id']) . " ORDER BY thread_id DESC";
+ $result = mysqli_query($dbc, $sql);
-if (!$result) {
- die('Error trying to display threads: ' . mysqli_error($dbc));
-}
+ if (!$result) {
+ die('Error trying to display threads: ' . mysqli_error($dbc));
+ }
-echo '<table><tr><th class="left">Thread</th><th class="right">Latest Post</th></tr>';
-display_threads($dbc, $result);
-mysqli_free_result($result);
-echo '</table>';
+ echo '<table><tr><th class="left">Thread</th><th class="right">Latest Post</th></tr>';
+ display_threads($dbc, $result);
+ mysqli_free_result($result);
+ echo '</table>';
+}
include 'footer.php'; \ No newline at end of file