Now we proceed to our other functions, so lets start with adding a post.
Here we take a different approach to the function. Instead of passing values into it, we just make them considered 'global' within the function. That means any of the variables listed outside of the function are made available to the function.
function addpost () {
global $password,$email,$name,$post,$topicID;
$timestamp = time();
Since we are ordering output by the date, we need the current time stamp to do so.
$new_password = addslashes($password);
$new_email = addslashes($email);
$new_name = addslashes($name);
We use the addslashes() function here to make sure our email address, name and password is in the proper format to be put into the database.
$new_post = addslashes(nl2br(htmlspecialchars($post)));
This is a little different. First we turn all of the characters different in HTML than text, such as < or > or & or the quotes, and turn them into their HTML equivalent, such as >. The next part takes all new lines, and turns them into <BR> tags, for output as HTML. Lastly, we use addslashes to make this post in a format the database will like.
$insert = mysql_query("INSERT INTO posts VALUES
('NULL','$topicID','$new_name','$new_email',
'$new_password','$timestamp','$new_post')");
This query is as it looks. We just throw the values into the database.
if (mysql_error() != "") {
showheader("MySQL Error ".mysql_error());
?>
<br><p><center><b>
There was a MySQL Error -- <?php echo mysql_error() ?>
</b></center></p>
<?php
showfooter();
exit;
}
Wondering what this jargon is all about? mysql_error() contains the errors reported by MySQL after all queries to it. So, if the error string is not empty, there was an error that took place. If so, we halt the script, output the headers and footers, the error, and exit;
}
Since the add a post function is in place, we should make our add-post.php3 file. You can download it here.Another feature we have decided to add is editing pre-made posts. This is where our password field comes in handy. So we need another function to do the actual editing.... this will be a three step process. First, the person has to fill in their Name and password so we know they are allowed to edit this post, then we are confronted with the fields which they will edit, and lastly, the actual editing in the database.
So here we go....
function editpost () {
global $postID,$post;
Normal function declaration, with the global variables we need....
$new_post = addslashes(nl2br(htmlspecialchars($post)));
Ahh, this again. It should look very similar to when we added a post. We are just doing the same treatment, changing HTML characters to their equivalents, new lines to <BR>'s, and adding slashes for the databases' sake.
$insert = mysql_query("UPDATE posts SET post='$new_post' WHERE (ID='$postID')");
This query is obviously different. It is easy as well, as we are just updating this one column.
if (mysql_error() != "") {
showheader("MySQL Error ".mysql_error());
?>
<br><p><center><b>
<FONT SIZE="-1" FACE="Trebuchet MS,Arial,Helvetica">
There was a MySQL Error -- <?php echo mysql_error() ?>
</b></center></p>
<?php
showfooter();
exit;
}
Our usual MySQL error checking.
}
You can view the file here.