Show sourcecode

The following files exists in this folder. Click to view.

Foogler_blog/pages

PAuthor.php
PCommentProcess.php
PDeleteCommentProcess.php
PDeletePost.php
PDeletePostProcess.php
PEditPost.php
PEditPostProcess.php
PErDiagramme.php
PIndex.php
PInstall.php
PInstallProcess.php
PNewPost.php
PNewPostProcess.php
PRssFeed.php
PShowPost.php
PStatistics.php
PValidate.php
login/

PShowPost.php

105 lines ASCII Windows (CRLF)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<?php
//-------------------------
//PShowPost.php
//
//Shows individual post and commenting page
//-------------------------

//-----------------------------------
//Handles GET and POST variables
$postId = isset($_GET['id']) ? $_GET['id'] : '';
$errorMessage = isset($_GET['error']) ? $_GET['error'] : '';

//Makes sure entered ID is an integer
if(!is_numeric($postId)) {
  die("The ID has to be an integer. Try again.");  
}

//-----------------------------------
//Handles DB query
$mysqli = new mysqli(DB_HOSTDB_USERDB_PASSWORDDB_DATABASE); //New DB object
$tablePost   DB_PREFIX 'Post';
$tableComment   DB_PREFIX 'Comment';

if (mysqli_connect_error()) {
   echo "Connect failed: ".mysqli_connect_error()."<br>";
   exit();
}
$mysqli->set_charset("utf8");

//Prevent SQL injections
$postId $mysqli->real_escape_string($postId);

//-----------------------
//SQL query
$query = <<<END
--
-- Select chosen post
--
SELECT * FROM {$tablePost}
WHERE idPost = {$postId};

--
-- Select comments for chosen post
--
SELECT idComment from mom07_10_Comment
WHERE Comment_idPost = {$postId}
ORDER BY commDate ASC;
END;

//Performs multiple queries
$mysqli->multi_query($query) or die("Could not query database" $mysqli->errno .":" $mysqli->error); 

//--------------------------
//Gets result from first query
$res $mysqli->store_result() or die("Failed to retrieve result from query.");
$row $res->fetch_object(); //Gets first row

//-----------------------------------
//Prints HTML
require_once(TP_SOURCEPATH "CHTMLPage.php");
$page = new CHTMLPage();

$html $page->getFormattedPost($row->idPost); //Gets formatted post HTML

$res->close();

//--------------------------
//Gets result from second query
($mysqli->next_result() && ($res $mysqli->store_result()) ) 
or die("Failed to retrive result from query.");

//Commenting form HTML
$html .= <<<END
  <hr />
  <span class="commentSeparator"><a name="comment">Comment</a></span>
  <hr style="margin-bottom:10px;" />
  
  <p class="error">{$errorMessage}</p>
  <form method="POST" action="?p=commentp">
    <input type="hidden" name="post" value="{$postId}" />
    <label>Signature:</label><label style="margin-left:167px;">E-mail*:</label>
    <input type="text" name="signature" class="textbox" />
    <input type="text" name="email" class="textbox" />
    <label>Title:</label>
    <input type="text" name="title" class="textboxLong" />
    <label>Comment:</label>
    <textarea name="commentText"></textarea>
    <input type="submit" value="Post comment" class="button" />
  </form>
  <hr style="margin-bottom:80px;" />
END;

//For each comment returned, get formatted comment HTML
while($row $res->fetch_object()) {
  $html .= $page->getFormattedComment($row->idComment$postId);
}
$res->close();
$mysqli->close(); //Closes DB connection

$page->printHTMLHeader();
$page->printPageHeader();
$page->printPageBody($html);
//$page->printTagList();
$page->printRightColumn();