'; } $reply = mysqli_fetch_assoc($result); if (empty($reply)) { return '

This post has been deleted

'; } return '

Quote from ' . $reply['user_name'] . '
' . $reply['post_content'] . '

'; } } class Post { public $id; public $content; public $date_created; public $date_edited; public $thread; public $author; function get_from_database($id, $dbc) { // TODO: Potential SQL injection risk? $sql = "SELECT post_content, post_date_created, post_date_edited, post_thread, post_author FROM posts WHERE post_id = " . mysqli_real_escape_string($dbc, $id); $result = mysqli_query($dbc, $sql); if (!$result) { echo 'Failed to get post: ' . mysqli_error($dbc); } if (mysqli_num_rows($result) == 0) { return 0; } else { while ($row = mysqli_fetch_assoc($result)) { $this->id = $id; $this->content = $row['post_content']; $this->date_created = $row['post_date_created']; $this->date_edited = $row['post_date_edited']; $this->thread = new Thread(); $this->thread->get_from_database($row['post_thread'], $dbc); $this->author = new User(); $this->author->get_by_id($row['post_author'], $dbc); } } mysqli_free_result($result); return 1; } function display_content($dbc) { echo ''; $post_content = $this->content; $thread_id = $this->id; $post_content = preg_replace_callback('/>#\d+/', function($matches) use($thread_id, $dbc) { return add_quote($dbc, $thread_id, $matches); }, $post_content); // Replace newline characters with HTML
tags $post_content = nl2br($post_content); // Replace YouTube URLs with embedded YouTube videos. $post_content = preg_replace( "/\s*[a-zA-Z\/\/:\.]*youtu(be.com\/watch\?v=|.be\/)([a-zA-Z0-9\-_]+)([a-zA-Z0-9\/\*\-\_\?\&\;\%\=\.]*)/i", '
', $post_content); // Replace Image URLs with embedded images. $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+(?:\.jpg|\.png|\.gif))(?![^<]*?(?:|/?>))@i', '

', $post_content); // Replace other URLs with links. $post_content = preg_replace('@\b(http(s)?://)([^\s]*?(?:\.[a-z\d?=/_-]+)+)(?![^<]*?(?:|/?>))@i', '$0', $post_content); echo '' . $post_content . ''; } } function get_all_posts($dbc) { $sql = "SELECT post_id FROM posts"; $result = mysqli_query($dbc, $sql); if (!$result) { echo 'Failed to get posts: ' . mysqli_error($dbc); } $posts = array(); if (mysqli_num_rows($result) == 0) { } else { while ($row = mysqli_fetch_assoc($result)) { $post = new Post(); $post->get_from_database($row['post_id'], $dbc); array_push($posts, $post); } } mysqli_free_result($result); return $posts; }