nedostatecna opravneni
";
include("footer.php");
die;
}
$viewingId=htmlspecialchars($_GET["id"]);
header_remove();
$prefillName="";
$prefillContent="";
if(! $viewingId == NULL)
{
// Prepare a select statement
$sql = "SELECT name, content FROM news WHERE id = ?";
if($stmt = mysqli_prepare($link, $sql))
{
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_id);
// Set parameters
$param_id = $viewingId;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt))
{
// Store result
mysqli_stmt_store_result($stmt);
// Check if entry exists, if yes then display
if(mysqli_stmt_num_rows($stmt) == 1)
{
// Bind result variables
mysqli_stmt_bind_result($stmt, $sqlPrefillName, $sqlPrefillContent);
if(mysqli_stmt_fetch($stmt))
{
$prefillName = $sqlPrefillName;
$prefillContent = $sqlPrefillContent;
}
}
else
{
// Article doesn't exist, display 404
http_response_code(404);
header("location: /404.php");
die();
}
}
else
{
printf("Error: %s.\n", mysqli_stmt_error($stmt));
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// Prepare an insert statement
if(! $_POST["viewingId"] == NULL)
{
$sql = "UPDATE news SET poster_id=?, name=?, content=? WHERE id = ".$_POST["viewingId"];
}
else
{
$sql = "INSERT INTO news (poster_id, name, content) VALUES (?, ?, ?)";
}
if($stmt = mysqli_prepare($link, $sql))
{
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "sss", $param_poster, $param_name, $param_content);
// Set parameters
$param_poster = uuid_to_bin($_SESSION["userid"]);
$param_name = $_POST["name"];
$param_content = $_POST["content"];
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt))
{
// Redirect to login page
header("location: /index.php");
}
else
{
// Close statement
mysqli_stmt_close($stmt);
}
}
}
?>
NAPSAT ČLÁNEK