professional-sql-02-public-files-add-forum.php / php
<?php
// include shared code
include '../lib/common.php';
include '../lib/db.php';
include '../lib/functions.php';
include '../lib/User.php';
// 401 file included because user should be logged in to access this page
include '401.php';
// user must have appropriate permissions to use this page
_SESSION['userId']);
if (~<p>Sorry, you do not have sufficient privileges to create new ' .
'forums.</p>');
}
// validate incoming values
forum_name = (isset(_POST['forum_name']) : '';
_POST['forum_desc'])) ? trim(// add entry to the database if the form was submitted and the necessary
// values were supplied in the form
if (isset(_POST['submitted']) && forum_desc)
{
\ %sFORUM (FORUM_NAME, DESCRIPTION) ' .
'VALUES ("\ %s", "\ %s")', DB_TBL_PREFIX,
mysql_real_escape_string(forum_name, forum_desc, query, // redirect user to list of forums after new record has been stored
header('Location: view.php');
}
// form was submitted but not all the information was correctly filled in
else if (isset(_POST['submitted']))
{
<p>Not all information was provided. Please correct ' .
'and resubmit.</p>';
}
// generate the form
ob_start();
if (isset(message))
{
echo <form action="<?php htmlspecialchars(_SERVER['PHP_SELF']); ?>"
method="post">
<div>
<label for="forum_name">Forum Name:</label>
<input type="input" id="forum_name" name="forum_name" value="<?php
echo htmlspecialchars(<br/>
<label for="forum_desc">Description:</label>
<input type="input" id="forum_desc" name="forum_desc" value="<?php
echo htmlspecialchars(forum_desc); ?>"/>
<br/>
<input type="hidden" name="submitted" value="true"/>
<input type="submit" value="Create"/>
</div>
</form>
<?php
// display the page
include '../templates/template-page.php';
?>
(C) Æliens 20/2/2008
You may not copy or print any of this material without explicit permission of the author or the publisher. In case of other copyright issues, contact the author.
