2020-03-08 14:47:32 +01:00
< ? php
2020-03-08 16:57:47 +01:00
% REQUIRE_LOGIN %
$pdo = new PDO ( 'mysql:host=localhost;dbname=web' , 'webstuff' , 'Schei// auf Pa$$w0rter!' )
$error = false ;
$error_message = " " ;
if ( ! $error ) {
2020-03-08 17:26:58 +01:00
$statement = $pdo -> prepare ( " INSERT INTO posts (board_id, user_id, content, title) VALUES (:bid, :uid, :content, :title) " );
$result = $statement -> execute ( array ( 'bid' => $id , 'uid' => $user_id , 'content' => $content , 'title' => $title ));
2020-03-08 17:15:05 +01:00
}
if ( ! $result ) {
2020-03-08 16:57:47 +01:00
$error_message = " <p>Error: SQL error.</p><pre> " . $statement -> queryString . " </pre><pre> " . $statement -> errorInfo ()[ 2 ] . " </pre> " ;
}
2020-03-08 17:15:05 +01:00
echo " <div class='margin'><a href='%CONTENT_DIR%/board/?id= $id &action=edit'><button> Edit your post </button></a><a href='%CONTENT_DIR%/board/?id= $id '><button> Done </button></a></div> " ;
2020-03-08 14:47:32 +01:00
?>