Learning PHP and MySQL
Example 16-14 modify_posts.php
<?php
include('db_login.php');
require_once( 'DB.php' );
require_once( 'config.php' );
//check for valid login
session_start();
//display the header
$smarty->assign('blog_title',$blog_title);
$smarty->display('header.tpl');
if (!isset($_SESSION['username'])) {
echo ("Please <a href='login.php'>login</a>.");
exit();
}
//grab submission variables
$post_id=$_POST[post_id];
$title=htmlentities($_POST['title']);
$body=htmlentities($_POST['body']);
$action=htmlentities($_POST['action']);
$category_id=htmlentities($_POST['category_id']);
$user_id=$_SESSION["user_id"];
//conected to database
$connection = DB::connect( "mysql://$db_username:$db_password@$db_
host/$db_database" );
if (!$connection)
{
die ("Could not connect to the database: <br>". DB::errorMessage());
};
if ($_GET['action']=="delete" and !$stop)
{
$post_id=$_GET[post_id];
$query = "delete from posts where post_id='".$post_id."' and
user_id='".$user_id."'";
$result = $connection->query($query);
if (DB::isError($result))
{
die ("Could not query the database: <br>". $query. " ".
DB::errorMessage($result));
};
echo ("Deleted successfully.<br>");
$stop="TRUE";
}
//we're editing an entry, explicitly grab the id from the URL
if ($_GET[post_id] AND !$stop) {
$query = "SELECT * FROM users NATURAL JOIN posts NATURAL JOIN categories
where post_id = $_GET[post_id]";
$result = $connection->query($query);
if (DB::isError($result))
{
die ("Could not query the database: <br>". $query. " ".
DB::errorMessage($result));
};
while ($result_row = $result->fetchRow(DB_FETCHMODE_ASSOC)) {
$posts[]=$result_row;
}
$smarty->assign('action','edit');
$smarty->assign('posts',$posts);
//get those categories
$query = "SELECT category_id, category FROM categories";
$smarty->assign('categories',$connection->getAssoc($query));
$smarty->display('post_form.tpl');
$stop="TRUE";
}
//The form was submitted, was it an add or an edit?
if ($_POST['submit'] AND !$stop)
{
//validate fields
if ($title == ""){
echo ("Title must not be null.<br>");
$found_error=TRUE;
$stop="TRUE";
}
if ($body == ""){
echo ("Body must not be null.<br>");
$found_error=TRUE;
$stop="TRUE";
}
//validated OK lets hit the databae
if ( $_POST['action']=="add" AND !$stop)
{
$query = "insert into posts values (NULL,
"."'".$category_id."','".$user_id."','".$title."','".$body."', NULL)";
$result = $connection->query($query);
if (DB::isError($result))
{
die ("Could not query the database: <br>". $query. " ".
DB::errorMessage($result));
};
echo ("Posted successfully.<br>");
$stop="TRUE";
}
if ($_POST['action']=="edit" and !$stop)
{
//do nothing
$query = "update posts set category_id ='".$category_id."',
title ='".$title."',body='".$body."' where post_id='".$post_id."'
and user_id='".$user_id."'";
//echo $query;
$result = $connection->query($query);
if (DB::isError($result))
{
die ("Could not query the database: <br>". $query. " ".
DB::errorMessage($result));
};
echo ("Updated successfully.<br>");
$stop="TRUE";
}
}
if (!$stop)
{
//display blank form
//create an empty entry
$result_row=array('title'=>NULL,'body'=>NULL);
$posts[]=$result_row;
//get the categories
$query = "SELECT category_id, category FROM categories";
$smarty->assign('categories',$connection->getAssoc($query));
$smarty->assign('posts',$posts);
$smarty->assign('action','add');
$smarty->display('post_form.tpl');
}
if ($found_error) {
//assign old vals
//redisplay form
$result_row=array('title'=>"$title",'body'=>"$body",'post_id'=>"$post_id");
$posts[]=$result_row;
$smarty->assign('action',$action);
$smarty->assign('posts',$posts);
$smarty->display('post_form.tpl');
}
//display the footer
$smarty->display('footer.tpl');
?>
Posted by on 09/27 at 11:55 AM
Next entry: Example 16-15 post_form.tpl
Previous entry: Example 16-13 view_post.tpl