prevent posting empty posts

2021-09-05 07:30:22 +02:00 · 2021-09-05 07:30:22 +02:00 · e03503cf1b
parent 3b4d80c755
commit e03503cf1b
2 changed files with 15 additions and 12 deletions
--- a/threadr/board/index.php
+++ b/threadr/board/index.php
@ -55,9 +55,6 @@ $id=$_GET['id'];
            if($_GET['action']=='post') {
              include("./post.php");
            } elseif($_GET['action']=='submit') {
-              $user_id=$_SESSION[user_id];
-              $title=$_POST['title'];
-              $content=$_POST['content'];
              include("./submit.php");
            } elseif($_GET['action']=='edit') {
              include("./edit.php");
--- a/threadr/board/submit.php
+++ b/threadr/board/submit.php
@ -1,15 +1,21 @@
 <?php
 %REQUIRE_LOGIN%

-$error = false;
-$error_message = "";
-if (!$error) {
-  $statement = $pdo->prepare("INSERT INTO posts (board_id, user_id, content, title) VALUES (:bid, :uid, :content, :title)");
-  $result = $statement->execute(array('bid'=>$id, 'uid'=>$user_id, 'content'=>$content, 'title'=>$title));
-}
-if (!$result) {
-    $error_message = "<p>Error: SQL error.</p><pre>" . $statement->queryString . "</pre><pre>" . $statement->errorInfo()[2] . "</pre>";
+$title=$_POST['title'];
+$content=$_POST['content'];
+if ($title==="" || $content==="") {
 }
+else {
+  $error = false;
+  $error_message = "";
+  if (!$error) {
+    $statement = $pdo->prepare("INSERT INTO posts (board_id, user_id, content, title) VALUES (:bid, :uid, :content, :title)");
+    $result = $statement->execute(array('bid'=>$id, 'uid'=>$_SESSION[user_id], 'content'=>$content, 'title'=>$title));
+  }
+  if (!$result) {
+      $error_message = "<p>Error: SQL error.</p><pre>" . $statement->queryString . "</pre><pre>" . $statement->errorInfo()[2] . "</pre>";
+  }

-echo "<section><center><h1>Post submitted.</h1></center></section>";
+  echo "<section><center><h1>Post submitted.</h1></center></section>";
+}
 ?>