session_start(); require('prepare.inc'); include 'header.inc'; $blogid = 1; $filename = 'Logbook'; $res = safe_query("SELECT title FROM blog WHERE id=$blogid"); list($btitle)=mysql_fetch_row($res); $postId = isset($_GET['postId'])?intval($_GET['postId']):0; $text = ''; $name = ''; if(isset($_POST['text']) && isset($_POST['name']) && isset($_POST['inputkey'])) { $errors = array(); $text = mysql_escape_string(trim($_POST['text'])); $name = mysql_escape_string(trim($_POST['name'])); if(empty($text) || strlen($text)>=1000) $errors['text'] = true; if(empty($_POST['name']) || strlen($_POST['name'])>=250) $errors['name'] = true; if(!isset($_SESSION['imagekey']) || strtoupper(str_replace(' ','',$_SESSION['imagekey'])) != strtoupper($_POST['inputkey'])) $errors['inputkey'] = true; if (!count($errors)) { safe_insert("INSERT INTO blog_reaction SET name = '$name',text = '$text' ,created = NOW(), postId = $postId, blogid = $blogid"); safe_update("UPDATE blog_post SET reactions = reactions+1 WHERE id = $postId"); unset($_SESSION['imagekey']); $text = ''; $name = ''; } } $res = safe_query("SELECT id,title_en as title,text_en as text,intro_en as intro,UNIX_TIMESTAMP(date) as date,reactions FROM blog_post WHERE id=$postId"); if(!mysql_num_rows($res)) { header("Location: ./".$filename.".html"); exit(); } $post=mysql_fetch_array($res) ?>
= $weekdays[date('w',$post['date'])]." ".date('d',$post['date'])." ".$months[date('n',$post['date'])-1]." ".date('Y',$post['date']) ?>
= $post['text'] ?>= nl2br(htmlspecialchars($message['text'])) ?> |
by = $message['name'] ?> on = D($message['created']) ?> |
'.date('d/m/Y',$post['date']).' '.htmlspecialchars($post['title']).'' . '
'; ?> Overview »