nedostatecna opravneni

"; include("footer.php"); die; } $viewingId=htmlspecialchars($_GET["id"]); header_remove(); $prefillName=""; $prefillContent=""; if(! $viewingId == NULL) { // Prepare a select statement $sql = "SELECT name, content FROM news WHERE id = ?"; if($stmt = mysqli_prepare($link, $sql)) { // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "s", $param_id); // Set parameters $param_id = $viewingId; // Attempt to execute the prepared statement if(mysqli_stmt_execute($stmt)) { // Store result mysqli_stmt_store_result($stmt); // Check if entry exists, if yes then display if(mysqli_stmt_num_rows($stmt) == 1) { // Bind result variables mysqli_stmt_bind_result($stmt, $sqlPrefillName, $sqlPrefillContent); if(mysqli_stmt_fetch($stmt)) { $prefillName = $sqlPrefillName; $prefillContent = $sqlPrefillContent; } } else { // Article doesn't exist, display 404 http_response_code(404); header("location: /404.php"); die(); } } else { printf("Error: %s.\n", mysqli_stmt_error($stmt)); } // Close statement mysqli_stmt_close($stmt); } } // Processing form data when form is submitted if($_SERVER["REQUEST_METHOD"] == "POST") { // Prepare an insert statement if(! $_POST["viewingId"] == NULL) { $sql = "UPDATE news SET poster_id=?, name=?, content=? WHERE id = ".$_POST["viewingId"]; } else { $sql = "INSERT INTO news (poster_id, name, content) VALUES (?, ?, ?)"; } if($stmt = mysqli_prepare($link, $sql)) { // Bind variables to the prepared statement as parameters mysqli_stmt_bind_param($stmt, "sss", $param_poster, $param_name, $param_content); // Set parameters $param_poster = uuid_to_bin($_SESSION["userid"]); $param_name = $_POST["name"]; $param_content = $_POST["content"]; // Attempt to execute the prepared statement if(mysqli_stmt_execute($stmt)) { // Redirect to login page header("location: /index.php"); } else { // Close statement mysqli_stmt_close($stmt); } } } ?>

nedostatecna opravneni

NAPSAT ČLÁNEK