2020-03-08 14:47:32 +01:00
< ? php
2020-03-08 16:57:47 +01:00
% REQUIRE_LOGIN %
$pdo = new PDO ( 'mysql:host=localhost;dbname=web' , 'webstuff' , 'Schei// auf Pa$$w0rter!' )
$error = false ;
$error_message = " " ;
if ( ! $error ) {
2020-03-08 17:15:05 +01:00
$statement = $pdo -> prepare ( " INSERT INTO posts (board_id, user_id, title, content,) VALUES (:bid,:uid,:title,:content) " );
2020-03-08 17:01:37 +01:00
$result = $statement -> execute ( array ( 'bid' => $id , 'uid' => $_SESSION [ user_id ], 'title' => $_POST [ 'title' ], 'content' => $_POST [ 'content' ]));
2020-03-08 17:15:05 +01:00
}
if ( ! $result ) {
2020-03-08 16:57:47 +01:00
$error_message = " <p>Error: SQL error.</p><pre> " . $statement -> queryString . " </pre><pre> " . $statement -> errorInfo ()[ 2 ] . " </pre> " ;
}
2020-03-08 17:15:05 +01:00
echo " <div class='margin'><a href='%CONTENT_DIR%/board/?id= $id &action=edit'><button> Edit your post </button></a><a href='%CONTENT_DIR%/board/?id= $id '><button> Done </button></a></div> " ;
2020-03-08 14:47:32 +01:00
?>