forked from root/threadr.lostcave.ddnss.de
fixed html injection
parent
06d085859e
commit
4c6ede19a3
|
@ -5,20 +5,27 @@ $statement->execute(array("bid"=>$id));
|
|||
foreach($statement->fetchAll() as $ROW) {
|
||||
$statement = $pdo->prepare("SELECT * FROM users WHERE id=:uid");
|
||||
$statement->execute(array("uid"=>$ROW[user_id]));
|
||||
$post_user = $statement->fetch();
|
||||
echo "<section>";
|
||||
echo "<h1>$ROW[title]</h1>";
|
||||
echo "<article>";
|
||||
echo "<header>";
|
||||
echo "<div>";
|
||||
echo "<p class='beige'>$post_user[name] <time datetime='$ROW[post_time]'>$ROW[post_time]</time></p>";
|
||||
echo "</div>";
|
||||
echo "</header>";
|
||||
echo "<div class='postcontent'>";
|
||||
echo "<p>$ROW[content]</p>";
|
||||
echo "</div>";
|
||||
echo "</article>";
|
||||
echo "</section>";
|
||||
|
||||
$post_creator = $statement->fetch();
|
||||
|
||||
$post_title = htmlspecialchars($ROW['title']);
|
||||
$post_creator_name = htmlspecialchars($post_creator['name']);
|
||||
$post_time = htmlspecialchars($ROW['post_time']);
|
||||
$post_content = htmlspecialchars($ROW['content']);
|
||||
|
||||
echo "<section>
|
||||
<h1>$post_title</h1>
|
||||
<article>
|
||||
<header>
|
||||
<div>
|
||||
<p class='beige'> $post_creator_name <time datetime='$post_time'>$post_time</time></p>
|
||||
</div>
|
||||
</header>
|
||||
<div class='postcontent'>
|
||||
<p>$post_content</p>
|
||||
</div>
|
||||
</article>
|
||||
</section>";
|
||||
}
|
||||
?>
|
||||
|
||||
|
|
Loading…
Reference in New Issue