<?php
  // include shared code
  include '../lib/common.php';
  include '../lib/db.php';
  include '../lib/functions.php';
  
  // this should not be available unless the user has logged in 
  include '401.php';
  
  // insert a new blog entry
  if ($\_POST[\text{'}post\_id\text{'}]\; ==\; \text{'}new\text{'})\; \{$query = sprintf('INSERT INTO \%sBLOG_POST SET POST_TITLE = "\%s", ' .
          'POST_DATE = "\%s", POST_TEXT = "\%s"',
          DB_TBL_PREFIX,
          mysql_real_escape_string($\_POST[\text{'}post\_title\text{'}],$GLOBALS['DB']),
          mysql_format_date($\_POST[\text{'}post\_date\text{'}]),\; mysql\_real\_escape\_string($_POST['post_text'], $GLOBALS[\text{'}DB\text{'}]));\; mysql\_query($query, $GLOBALS[\text{'}DB\text{'}]);\; \}\; else\; \{$// delete entry
      if (isset(_POST['delete']))
      {
          $query\; =\; sprintf(\text{'}DELETE\; FROM$\%sBLOG_POST WHERE POST_ID = \%d',
              DB_TBL_PREFIX, _POST['post_id']);
  
          mysql_query($query,$GLOBALS['DB']);
      }
      // update entry
      else
      {
          $query\; =\; sprintf(\text{'}UPDATE$\%sBLOG_POST SET POST_TITLE = "\%s", ' .
              'POST_DATE = "\%s", POST_TEXT = "\%s" WHERE POST_ID = \%d',
              DB_TBL_PREFIX,
              mysql_real_escape_string(_POST['post_title'], $GLOBALS[\text{'}DB\text{'}]),\; mysql\_format\_date($_POST['post_date']),
              mysql_real_escape_string($\_POST[\text{'}post\_text\text{'}],$GLOBALS['DB']),
              $\_POST[\text{'}post\_id\text{'}]);\; mysql\_query($query, $GLOBALS[\text{'}DB\text{'}]);\; \}\; \}\; mysql\_close($GLOBALS['DB']);
  header('Location: admin.php');
  ?>