diff --git a/threadr/board/index.php b/threadr/board/index.php index e612259..a6fa23d 100644 --- a/threadr/board/index.php +++ b/threadr/board/index.php @@ -55,9 +55,6 @@ $id=$_GET['id']; if($_GET['action']=='post') { include("./post.php"); } elseif($_GET['action']=='submit') { - $user_id=$_SESSION[user_id]; - $title=$_POST['title']; - $content=$_POST['content']; include("./submit.php"); } elseif($_GET['action']=='edit') { include("./edit.php"); diff --git a/threadr/board/submit.php b/threadr/board/submit.php index 23fe733..1491265 100644 --- a/threadr/board/submit.php +++ b/threadr/board/submit.php @@ -1,15 +1,21 @@ prepare("INSERT INTO posts (board_id, user_id, content, title) VALUES (:bid, :uid, :content, :title)"); - $result = $statement->execute(array('bid'=>$id, 'uid'=>$user_id, 'content'=>$content, 'title'=>$title)); -} -if (!$result) { - $error_message = "
Error: SQL error.
" . $statement->queryString . "
" . $statement->errorInfo()[2] . ""; +$title=$_POST['title']; +$content=$_POST['content']; +if ($title==="" || $content==="") { } +else { + $error = false; + $error_message = ""; + if (!$error) { + $statement = $pdo->prepare("INSERT INTO posts (board_id, user_id, content, title) VALUES (:bid, :uid, :content, :title)"); + $result = $statement->execute(array('bid'=>$id, 'uid'=>$_SESSION[user_id], 'content'=>$content, 'title'=>$title)); + } + if (!$result) { + $error_message = "
Error: SQL error.
" . $statement->queryString . "
" . $statement->errorInfo()[2] . ""; + } -echo "