Invalid forum id.

'); } mysql_free_result($result); $msg_id = (isset($_GET['mid'])) ? (int)$_GET['mid'] : 0; $query = sprintf('SELECT MESSAGE_ID FROM %sFORUM_MESSAGE WHERE ' . 'MESSAGE_ID = %d', DB_TBL_PREFIX, $msg_id); $result = mysql_query($query, $GLOBALS['DB']); if ($msg_id && !mysql_num_rows($result)) { mysql_free_result($result); mysql_close($GLOBALS['DB']); die('

Invalid forum id.

'); } mysql_free_result($result); $msg_subject = (isset($_POST['msg_subject'])) ? trim($_POST['msg_subject']) : ''; $msg_text = (isset($_POST['msg_text'])) ? trim($_POST['msg_text']) : ''; // add entry to the database if the form was submitted and the necessary // values were supplied in the form if (isset($_POST['submitted']) && $msg_subject && $msg_text) { $query = sprintf('INSERT INTO %sFORUM_MESSAGE (SUBJECT, ' . 'MESSAGE_TEXT, PARENT_MESSAGE_ID, FORUM_ID, USER_ID) VALUES ' . '("%s", "%s", %d, %d, %d)', DB_TBL_PREFIX, mysql_real_escape_string($msg_subject, $GLOBALS['DB']), mysql_real_escape_string($msg_text, $GLOBALS['DB']), $msg_id, $forum_id, $user->userId); mysql_query($query, $GLOBALS['DB']); echo mysql_error(); // redirect header('Location: view.php?fid=' . $forum_id . (($msg_id) ? '&mid=' . $msg_id : '')); } // form was submitted but not all the information was correctly filled in else if (isset($_POST['submitted'])) { $message = '

Not all information was provided. Please correct ' . 'and resubmit.

'; } // generate the form ob_start(); if (isset($message)) echo $message; ?>