1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
<?php
include_once 'header.php';
echo '<section><h2>Create a new thread</h2>';
if (!isset($_SESSION['signed_in'])) {
die('You must be <a href="signin.php">signed in</a> to create a thread.');
}
?>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post">
<label for="thread_subject">Subject: </label><br>
<input type="text" name="thread_subject"><br>
<label for="thread_cat">Category: </label><br>
<?php
include_once 'includes/db_inc.php';
$sql = "SELECT cat_id, cat_name, cat_description FROM categories";
$result = mysqli_query($dbc, $sql);
if (!$result) {
die('Error trying to fetch category list: ' . mysqli_error($dbc));
}
if (mysqli_num_rows($result) == 0) {
die('There are currently no categories to post to.');
}
echo '<select name="thread_cat">';
while ($row = mysqli_fetch_assoc($result)) {
echo '<option value="' . $row['cat_id'] . '">' . $row['cat_name'] . '</option>';
}
echo '</select><br>';
?>
<label for="post_content">Write your post: </label><br>
<textarea name="post_content"></textarea><br>
<input type="submit" name="submit">
</form>
<?php
include_once 'includes/db_inc.php';
function create_thread($dbc, $thread_subject, $thread_cat, $thread_author) {
$sql = "INSERT INTO threads(thread_subject, thread_date, thread_cat, thread_author) VALUES(?, NOW(), ?, ?);";
$stmt = mysqli_stmt_init($dbc);
if (!mysqli_stmt_prepare($stmt, $sql)) {
die('Could not create thread due to internal error: ' . mysqli_error($dbc));
}
mysqli_stmt_bind_param($stmt, "sii", $thread_subject, $thread_cat, $thread_author);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
}
function create_post($dbc, $post_content, $post_thread, $post_author) {
$sql = "INSERT INTO posts(post_content, post_date, post_thread, post_author) VALUES(?, NOW(), ?, ?);";
$stmt = mysqli_stmt_init($dbc);
if (!mysqli_stmt_prepare($stmt, $sql)) {
die('Could not create thread due to internal error: ' . mysqli_error($dbc));
}
mysqli_stmt_bind_param($stmt, "sii", $post_content, $post_thread, $post_author);
$result = mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
return $result;
}
function validate($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$post_result = NULL;
$post_content = validate($_POST['post_content']);
$thread_subject = validate($_POST['thread_subject']);
$thread_cat = validate($_POST['thread_cat']);
$user_id = validate($_SESSION['user_id']);
// Disallow empty thread subjects
if (empty($thread_subject) or !$thread_subject) {
echo '<br>Thread subject cannot be empty.';
} else {
create_thread($dbc, $thread_subject, $thread_cat, $user_id);
$thread_id = mysqli_insert_id($dbc);
$post_result = create_post($dbc, $post_content, $thread_id, $user_id);
if (!$post_result) {
echo 'An error occurred creating your post: ' . mysqli_error($dbc);
} else {
header("Location: thread.php?id=" . $thread_id);
}
}
}
?>
</section>
<?php include_once 'footer.php';?>
|
