/admin/blog_update_mysqli.php

https://github.com/lisawilliams/phpsols · PHP · 167 lines · 142 code · 6 blank · 19 comment · 25 complexity · 171955ba6fe840bc614d3cbb0c335ebb MD5 · raw file 

    

  1. <?php

    2. 

  2. if (get_magic_quotes_gpc() === 1)

    3. 

  3. {

    4. 

  4.     $_GET = json_decode(stripslashes(json_encode($_GET, JSON_HEX_APOS)), true);

    5. 

  5.     $_POST = json_decode(stripslashes(json_encode($_POST, JSON_HEX_APOS)), true);

    6. 

  6.     $_COOKIE = json_decode(stripslashes(json_encode($_COOKIE, JSON_HEX_APOS)), true);

    7. 

  7.     $_REQUEST = json_decode(stripslashes(json_encode($_REQUEST, JSON_HEX_APOS)), true);

    8. 

  8. }

    9. 

  9. 

    10. 

  10. include('../includes/connection.inc.php');

    11. 

  11. // initialize flags

    12. 

  12. $OK = false;

    13. 

  13. $done = false;

    14. 

  14. // create database connection

    15. 

  15. $conn = dbConnect('write');

    16. 

  16. // initialize statement

    17. 

  17. $stmt = $conn->stmt_init();

    18. 

  18. 

    19. 

  19. // get details of selected record

    20. 

  20. if (isset($_GET['article_id']) && !$_POST) {

    21. 

  21.   // prepare SQL query

    22. 

  22.   $sql = 'SELECT article_id, image_id, title, article

    23. 

  23. 		  FROM blog WHERE article_id = ?';

    24. 

  24.   $stmt->prepare($sql);

    25. 

  25.   // bind the query parameter

    26. 

  26.   $stmt->bind_param('i', $_GET['article_id']);

    27. 

  27.   // bind the results to variables

    28. 

  28.   $stmt->bind_result($article_id, $image_id, $title, $article);

    29. 

  29.   // execute the query, and fetch the result

    30. 

  30.   $OK = $stmt->execute();

    31. 

  31.   $stmt->fetch();

    32. 

  32.   // free the database resource for the next query

    33. 

  33.   $stmt->free_result();

    34. 

  34.   // get categories associated with the article

    35. 

  35.   $sql = 'SELECT cat_id FROM article2cat

    36. 

  36.           WHERE article_id = ?';

    37. 

  37.   $stmt->prepare($sql);

    38. 

  38.   $stmt->bind_param('i', $_GET['article_id']);

    39. 

  39.   $stmt->bind_result($cat_id);

    40. 

  40.   $OK = $stmt->execute();

    41. 

  41.   // loop through the results to store them in an array

    42. 

  42.   $selected_categories = array();

    43. 

  43.   while ($stmt->fetch()) {

    44. 

  44. 	$selected_categories[] = $cat_id;

    45. 

  45.   }

    46. 

  46. }

    47. 

  47. // if form has been submitted, update record

    48. 

  48. if (isset($_POST ['update'])) {

    49. 

  49.   // prepare update query

    50. 

  50.   if (!empty($_POST['image_id'])) {

    51. 

  51. 	$sql = 'UPDATE blog SET image_id = ?, title = ?, article = ?

    52. 

  52. 			WHERE article_id = ?';

    53. 

  53. 	$stmt->prepare($sql);

    54. 

  54. 	$stmt->bind_param('issi', $_POST['image_id'], $_POST['title'], $_POST['article'], $_POST['article_id']);

    55. 

  55.   } else {

    56. 

  56. 	$sql = 'UPDATE blog SET image_id = NULL, title = ?, article = ?

    57. 

  57. 			WHERE article_id = ?';

    58. 

  58. 	$stmt->prepare($sql);

    59. 

  59. 	$stmt->bind_param('ssi', $_POST['title'], $_POST['article'], $_POST['article_id']);	

    60. 

  60.   }

    61. 

  61.   $stmt->execute();

    62. 

  62.   $done = $stmt->execute();

    63. 

  63.   // delete existing values in the cross-reference table

    64. 

  64.   $sql = 'DELETE FROM article2cat WHERE article_id = ?';

    65. 

  65.   $stmt->prepare($sql);

    66. 

  66.   $stmt->bind_param('i', $_POST['article_id']);

    67. 

  67.   $stmt->execute();

    68. 

  68.   

    69. 

  69.   // insert the new values in articles2cat 

    70. 

  70.   if (isset($_POST['category']) && is_numeric($_POST['article_id'])) {

    71. 

  71.   	$article_id = (int) $_POST['article_id'];

    72. 

  72.   	foreach ($_POST['category'] as $cat_id) {

    73. 

  73.   		$values[] = "($article_id, " . (int) $cat_id .')';

    74. 

  74.   		}

    75. 

  75.   		if ($values) {

    76. 

  76.   			$sql = 'INSERT INTO article2cat (article_id, cat_id)

    77. 

  77.   					VALUES ' . implode (',', $values);

    78. 

  78.   			if (!$conn->query($sql)) { 

    79. 

  79.   				$catError = $conn->error;

    80. 

  80.   				

    81. 

  81.   				}	

    82. 

  82.   		}

    83. 

  83.    }

    84. 

  84. }

    85. 

  85. // redirect if $_GET['article_id'] not defined

    86. 

  86. if ($done || !isset($_GET['article_id'])) {

    87. 

  87.   header('Location: http://localhost/phpsols/admin/blog_list_mysqli.php');

    88. 

  88.   exit;

    89. 

  89. }

    90. 

  90. // store error message if query fails

    91. 

  91. if (isset($stmt) && !$OK && !$done) {

    92. 

  92.   $error = $stmt->error;

    93. 

  93. }

    94. 

  94. 

    95. 

  95. ?>

    96. 

  96. <!DOCTYPE HTML>

    97. 

  97. <html>

    98. 

  98. <head>

    99. 

  99. <meta charset="utf-8">

    100. 

  100. <title>Update Blog Entry</title>

    101. 

  101. <link href="../styles/admin.css" rel="stylesheet" type="text/css">

    102. 

  102. </head>

    103. 

  103. 

    104. 

  104. <body>

    105. 

  105. <h1>Update Blog Entry</h1>

    106. 

  106. <p><a href="blog_list_mysqli.php">List all entries </a></p>

    107. 

  107. <?php 

    108. 

  108. if (isset($error)) {

    109. 

  109.   echo "<p class='warning'>Error: $error</p>";

    110. 

  110. }

    111. 

  111. if($article_id == 0) { ?>

    112. 

  112. <p class="warning">Invalid request: record does not exist.</p>

    113. 

  113. <?php } else { ?>

    114. 

  114. <form id="form1" method="post" action="">

    115. 

  115.   <p>

    116. 

  116.     <label for="title">Title:</label>

    117. 

  117.     <input name="title" type="text" class="widebox" id="title" value="<?php echo htmlentities($title, ENT_COMPAT, 'utf-8'); ?>">

    118. 

  118.   </p>

    119. 

  119.   <p>

    120. 

  120.     <label for="article">Article:</label>

    121. 

  121.     <textarea name="article" cols="60" rows="8" class="widebox" id="article"><?php echo htmlentities($article, ENT_COMPAT, 'utf-8'); ?></textarea>

    122. 

  122.   </p>

    123. 

  123.   <p>

    124. 

  124.     <label for="category">Categories:</label>

    125. 

  125.     <select name="category[]" size="5" multiple id="category">

    126. 

  126.     <?php

    127. 

  127. 	// get categories

    128. 

  128. 	$getCats = 'SELECT cat_id, category FROM categories

    129. 

  129. 	            ORDER BY category';

    130. 

  130. 	$categories = $conn->query($getCats);

    131. 

  131. 	while ($row = $categories->fetch_assoc()) {

    132. 

  132. 	?>

    133. 

  133.     <option value="<?php echo $row['cat_id']; ?>" <?php

    134. 

  134.     if (in_array($row['cat_id'], $selected_categories)) {

    135. 

  135. 	  echo 'selected';

    136. 

  136. 	} ?>><?php echo $row['category']; ?></option>

    137. 

  137.     <?php } ?>

    138. 

  138.     </select>

    139. 

  139.   </p>

    140. 

  140.   <p>

    141. 

  141.     <label for="image_id">Uploaded image:</label>

    142. 

  142.     <select name="image_id" id="image_id">

    143. 

  143.       <option value="">Select image</option>

    144. 

  144.       <?php

    145. 

  145. 	  // get the list of images

    146. 

  146. 	  $getImages = 'SELECT image_id, filename

    147. 

  147. 	                FROM images ORDER BY filename';

    148. 

  148. 	  $images = $conn->query($getImages);

    149. 

  149. 	  while ($row = $images->fetch_assoc()) {

    150. 

  150. 	  ?>

    151. 

  151.       <option value="<?php echo $row['image_id']; ?>"

    152. 

  152.       <?php

    153. 

  153. 	  if ($row['image_id'] == $image_id) {

    154. 

  154. 		echo 'selected';

    155. 

  155. 	  }

    156. 

  156. 	  ?>><?php echo $row['filename']; ?></option>

    157. 

  157.       <?php } ?>

    158. 

  158.     </select>

    159. 

  159.   </p>

    160. 

  160.   <p>

    161. 

  161.     <input type="submit" name="update" value="Update Entry" id="update">

    162. 

  162.     <input name="article_id" type="hidden" value="<?php echo $article_id; ?>">

    163. 

  163.   </p>

    164. 

  164. </form>

    165. 

  165. <?php } ?>

    166. 

  166. </body>

    167. 

  167. </html>
    168.