From f83530a122119d7f69812493f9c2f4987ccb2065 Mon Sep 17 00:00:00 2001
From: Cflip <36554078+cflip@users.noreply.github.com>
Date: Wed, 10 Feb 2021 20:40:32 -0700
Subject: Reorganize code and add info to front page

---
 category.php | 57 ++++++++++++++++++++++++++++++---------------------------
 1 file changed, 30 insertions(+), 27 deletions(-)

(limited to 'category.php')

diff --git a/category.php b/category.php
index 9fffd10..4280767 100644
--- a/category.php
+++ b/category.php
@@ -2,42 +2,45 @@
 
 include_once 'includes/db_inc.php';
 include_once 'header.php';
-include_once 'includes/functions_inc.php';
+include_once 'includes/functions_display.php';
 
-echo '<section>';
-
-$sql = "SELECT cat_name, cat_description FROM categories WHERE cat_id = " . mysqli_real_escape_string($dbc, $_GET['id']);
-$result = mysqli_query($dbc, $sql);
+if (!isset($_GET['id']) || !filter_var($_GET['id'], FILTER_VALIDATE_INT)) {
+	echo '<section>Unknown category.</section>';
+} else {
+	echo '<section>';
 
-if (!$result) {
-	die('Error trying to display category: ' . mysqli_error($dbc));
-}
+	$sql = "SELECT cat_name, cat_description FROM categories WHERE cat_id = " . mysqli_real_escape_string($dbc, $_GET['id']);
+	$result = mysqli_query($dbc, $sql);
 
-// Display category name and description
+	if (!$result) {
+		die('Error trying to display category: ' . mysqli_error($dbc));
+	}
 
-if (mysqli_num_rows($result) == 0) {
-	echo 'This category does not exist';
-} else {
-	while ($row = mysqli_fetch_assoc($result)) {
-		echo '<h1>' . $row['cat_name'] . '</h1>';
-		echo $row['cat_description'];
+	// Display category name and description
+	if (mysqli_num_rows($result) == 0) {
+		echo 'This category does not exist';
+	} else {
+		while ($row = mysqli_fetch_assoc($result)) {
+			echo '<h1>' . $row['cat_name'] . '</h1>';
+			echo $row['cat_description'];
+		}
 	}
-}
 
-mysqli_free_result($result);
+	mysqli_free_result($result);
 
-echo '</section>';
+	echo '</section>';
 
-$sql = "SELECT thread_id, thread_subject, thread_date, user_id, user_name FROM threads JOIN users ON thread_author = user_id WHERE thread_cat = " . mysqli_real_escape_string($dbc, $_GET['id']) . " ORDER BY thread_id DESC";
-$result = mysqli_query($dbc, $sql);
+	$sql = "SELECT thread_id, thread_subject, thread_date, user_id, user_name FROM threads JOIN users ON thread_author = user_id WHERE thread_cat = " . mysqli_real_escape_string($dbc, $_GET['id']) . " ORDER BY thread_id DESC";
+	$result = mysqli_query($dbc, $sql);
 
-if (!$result) {
-	die('Error trying to display threads: ' . mysqli_error($dbc));
-}
+	if (!$result) {
+		die('Error trying to display threads: ' . mysqli_error($dbc));
+	}
 
-echo '<table><tr><th class="left">Thread</th><th class="right">Latest Post</th></tr>';
-display_threads($dbc, $result);
-mysqli_free_result($result);
-echo '</table>';
+	echo '<table><tr><th class="left">Thread</th><th class="right">Latest Post</th></tr>';
+	display_threads($dbc, $result);
+	mysqli_free_result($result);
+	echo '</table>';
+}
 
 include 'footer.php';
\ No newline at end of file
-- 
cgit v1.2.3