forked from root/threadr.lostcave.ddnss.de
prevent posting empty posts
parent
3b4d80c755
commit
e03503cf1b
|
@ -55,9 +55,6 @@ $id=$_GET['id'];
|
|||
if($_GET['action']=='post') {
|
||||
include("./post.php");
|
||||
} elseif($_GET['action']=='submit') {
|
||||
$user_id=$_SESSION[user_id];
|
||||
$title=$_POST['title'];
|
||||
$content=$_POST['content'];
|
||||
include("./submit.php");
|
||||
} elseif($_GET['action']=='edit') {
|
||||
include("./edit.php");
|
||||
|
|
|
@ -1,15 +1,21 @@
|
|||
<?php
|
||||
%REQUIRE_LOGIN%
|
||||
|
||||
$error = false;
|
||||
$error_message = "";
|
||||
if (!$error) {
|
||||
$title=$_POST['title'];
|
||||
$content=$_POST['content'];
|
||||
if ($title==="" || $content==="") {
|
||||
}
|
||||
else {
|
||||
$error = false;
|
||||
$error_message = "";
|
||||
if (!$error) {
|
||||
$statement = $pdo->prepare("INSERT INTO posts (board_id, user_id, content, title) VALUES (:bid, :uid, :content, :title)");
|
||||
$result = $statement->execute(array('bid'=>$id, 'uid'=>$user_id, 'content'=>$content, 'title'=>$title));
|
||||
}
|
||||
if (!$result) {
|
||||
$result = $statement->execute(array('bid'=>$id, 'uid'=>$_SESSION[user_id], 'content'=>$content, 'title'=>$title));
|
||||
}
|
||||
if (!$result) {
|
||||
$error_message = "<p>Error: SQL error.</p><pre>" . $statement->queryString . "</pre><pre>" . $statement->errorInfo()[2] . "</pre>";
|
||||
}
|
||||
}
|
||||
|
||||
echo "<section><center><h1>Post submitted.</h1></center></section>";
|
||||
echo "<section><center><h1>Post submitted.</h1></center></section>";
|
||||
}
|
||||
?>
|
||||
|
|
Loading…
Reference in New Issue