The following files exists in this folder. Click to view.
Foogler_blog/pages
PAuthor.php
PCommentProcess.php
PDeleteCommentProcess.php
PDeletePost.php
PDeletePostProcess.php
PEditPost.php
PEditPostProcess.php
PErDiagramme.php
PIndex.php
PInstall.php
PInstallProcess.php
PNewPost.php
PNewPostProcess.php
PRssFeed.php
PShowPost.php
PStatistics.php
PValidate.php
login/
<?php
//-------------------------
//PShowPost.php
//
//Shows individual post and commenting page
//-------------------------
//-----------------------------------
//Handles GET and POST variables
$postId = isset($_GET['id']) ? $_GET['id'] : '';
$errorMessage = isset($_GET['error']) ? $_GET['error'] : '';
//Makes sure entered ID is an integer
if(!is_numeric($postId)) {
die("The ID has to be an integer. Try again.");
}
//-----------------------------------
//Handles DB query
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE); //New DB object
$tablePost = DB_PREFIX . 'Post';
$tableComment = DB_PREFIX . 'Comment';
if (mysqli_connect_error()) {
echo "Connect failed: ".mysqli_connect_error()."<br>";
exit();
}
$mysqli->set_charset("utf8");
//Prevent SQL injections
$postId = $mysqli->real_escape_string($postId);
//-----------------------
//SQL query
$query = <<<END
--
-- Select chosen post
--
SELECT * FROM {$tablePost}
WHERE idPost = {$postId};
--
-- Select comments for chosen post
--
SELECT idComment from mom07_10_Comment
WHERE Comment_idPost = {$postId}
ORDER BY commDate ASC;
END;
//Performs multiple queries
$mysqli->multi_query($query) or die("Could not query database" . $mysqli->errno .":" . $mysqli->error);
//--------------------------
//Gets result from first query
$res = $mysqli->store_result() or die("Failed to retrieve result from query.");
$row = $res->fetch_object(); //Gets first row
//-----------------------------------
//Prints HTML
require_once(TP_SOURCEPATH . "CHTMLPage.php");
$page = new CHTMLPage();
$html = $page->getFormattedPost($row->idPost); //Gets formatted post HTML
$res->close();
//--------------------------
//Gets result from second query
($mysqli->next_result() && ($res = $mysqli->store_result()) )
or die("Failed to retrive result from query.");
//Commenting form HTML
$html .= <<<END
<hr />
<span class="commentSeparator"><a name="comment">Comment</a></span>
<hr style="margin-bottom:10px;" />
<p class="error">{$errorMessage}</p>
<form method="POST" action="?p=commentp">
<input type="hidden" name="post" value="{$postId}" />
<label>Signature:</label><label style="margin-left:167px;">E-mail*:</label>
<input type="text" name="signature" class="textbox" />
<input type="text" name="email" class="textbox" />
<label>Title:</label>
<input type="text" name="title" class="textboxLong" />
<label>Comment:</label>
<textarea name="commentText"></textarea>
<input type="submit" value="Post comment" class="button" />
</form>
<hr style="margin-bottom:80px;" />
END;
//For each comment returned, get formatted comment HTML
while($row = $res->fetch_object()) {
$html .= $page->getFormattedComment($row->idComment, $postId);
}
$res->close();
$mysqli->close(); //Closes DB connection
$page->printHTMLHeader();
$page->printPageHeader();
$page->printPageBody($html);
//$page->printTagList();
$page->printRightColumn();