Learning PHP and MySQL
Example 16-16 modify_comment.php
<?php
session_start();
require_once('config.php');
require_once('db_login.php');
require_once("DB.php");
// Display the header
$smarty->assign('blog_title',$blog_title);
$smarty->display('header.tpl');
// Check for valid login
if (!isset($_SESSION["username"])) {
echo 'Please <a href="login.php">login</a>.';
exit;
}
// Connect to the database
$connection = DB::connect("mysql://$db_username:$db_password@$db_host/$db_database");
if (DB::isError($connection)){
die ("Could not connect to the database: <br />". DB::errorMessage($connection));
}
$stop = false;
$post_id = $_REQUEST["post_id"];
$title = htmlentities($_POST['title']);
$body = htmlentities($_POST['body']);
$action = htmlentities($_POST['action']);
$category_id = htmlentities($_POST['category_id']);
$user_id = $_SESSION["user_id"];
$comment_id = htmlentities($_POST['comment_id']);
if ($_GET['action'] == "delete" and !$stop) {
$comment_id = $_GET["comment_id"];
$query = "DELETE FROM `comments` WHERE `comment_id`='".$comment_id."' AND `user_id`='".$user_id."'";
$result = $connection->query($query);
if (DB::isError($result)){
die("Could not query the database: <br />".$query." ".DB::errorMessage($result));
}
echo "Deleted successfully.<br />";
$stop = true;
}
// We're editing an entry, explicitly grab the id from the URL
if ($_GET["comment_id"] and !$stop) {
$query = "SELECT * FROM `comments` NATURAL JOIN `users`
WHERE `comment_id`=".$_GET["comment_id"];
$result = $connection->query($query);
if (DB::isError($result)){
die("Could not query the database: <br />".$query." ".DB::errorMessage($result));
}
while ($result_row = $result->fetchRow(DB_FETCHMODE_ASSOC)) {
$comments[] = $result_row;
}
$post_id = $_GET["post_id"];
$smarty->assign('action','edit');
$smarty->assign('comments',$comments);
$smarty->assign('post_id',$post_id);
$smarty->display('comment_form.tpl');
// Display the footer
$smarty->display('footer.tpl');
exit;
}
//The form was submitted, was itan add or an update?
if ($_POST['submit'] and !$stop) {
// Validate fields if ($title == ""){
echo 'Title must not be null.<br />';
$found_error = true;
$stop = true;
}
if ($body == ""){
echo "Body must not be null.<br />";
$found_error = true;
$stop = true;
}
// Validated OK lets hit the database
if ($_POST['action'] == "add" AND !$stop) {
$query = "INSERT INTO `comments` VALUES (NULL,
'".$user_id."','".$post_id."','".$title."','".$body."', NULL)";
$result = $connection->query($query);
if (DB::isError($result)){
die("Could not query the database: <br />".$query." ".DB::errorMessage($result));
}
echo "Posted successfully.<br />";
$stop = true;
}
if ($_POST['action']=="edit" and !$stop){
$query = "UPDATE `comments` SET
`title`='".$title."',
`body`='".$body."'
WHERE `comment_id`='".$comment_id."' AND `user_id`='".$user_id."'";
$result = $connection->query($query);
if (DB::isError($result)){
die("Could not query the database: <br />".$query." ".DB::errorMessage($result));
}
echo 'Updated successfully.<br />';
$stop = true;
}
}
if (!$stop){
// Display blank form
// Create an empty entry
$post_id = $_GET["post_id"];
$result_row = array('title'=>NULL,'body'=>NULL,'comment_id'=>NULL);
$comments[] = $result_row;
// Get the categories
$smarty->assign('post_id',$post_id);
$smarty->assign('comments',$comments);
$smarty->assign('action','add');
$smarty->display('comment_form.tpl');
}
if ($found_error) {
// Assign old vals
// Redisplay form
$post_id = $_POST["post_id"];
$result_row = array('title'=>"$title",'body'=>"$body",'comment_id'=>"$comment_id");
$comments[] = $result_row;
$smarty->assign('action',$action);
$smarty->assign('post_id',$post_id);
$smarty->assign('comments',$comments);
$smarty->display('comment_form.tpl');
}
// Display the footer
$smarty->display('footer.tpl');
?>
Posted by on 09/27 at 12:25 PM
Next entry: Example 16-17 comment_form.tpl
Previous entry: Example 16-15 post_form.tpl