Location: PHPKode > projects > OpenBlog mini > OpenBlog mini 1.0/write.php
<?php
	session_start();

	if ($_SESSION['logged_in'] = 'YES') {

		include 'config.php';

		echo $html_header;
		
		$post_id = $_POST['post_id'];
		$status = $_POST['status'];
		
		// This strips out any problematic characters from the database query
		$post_title_replace_quote_single = str_replace("'", "`", $_POST['post_title']);
		$post_title_replace_quote_double = str_replace('"', "``", $post_title_replace_quote_single);
		$post_title = str_replace("\\", "/", $post_title_replace_quote_double);
		
		$post_body_replace_quote_single = str_replace("'", "`", $_POST['post_body']);
		$post_body_replace_quote_double = str_replace('"', "``", $post_body_replace_quote_single);
		$post_body = str_replace("\\", "/", $post_body_replace_quote_double);
		
		$post_tags_replace_quote_single = str_replace("'", "`", $_POST['post_tags']);
		$post_tags_replace_quote_double = str_replace('"', "``", $post_tags_replace_quote_single);
		$post_tags = str_replace("\\", "/", $post_tags_replace_quote_double);

		// This will write the selected information to the system:	
		if ($status == 'NEW') {
			$post_id = gmmktime();	
			mysql_query("INSERT INTO $mysql_post_table ($mysql_post_id) VALUES('$post_id') ") or die(mysql_error());
		}

		$query_write_title = "UPDATE " . $mysql_post_table . " SET " . $mysql_post_title . " = '" . $post_title . "' WHERE " . $mysql_post_id . " = '" . $post_id . "'";
		mysql_query($query_write_title) or die(mysql_error());
		$query_write_body = "UPDATE " . $mysql_post_table . " SET " . $mysql_post_body . " = '" . $post_body . "' WHERE " . $mysql_post_id . " = '" . $post_id . "'";
		mysql_query($query_write_body) or die(mysql_error());
		$query_write_date = "UPDATE " . $mysql_post_table . " SET " . $mysql_post_date . " = '" . $_POST['post_date'] . "' WHERE " . $mysql_post_id . " = '" . $post_id . "'";
		mysql_query($query_write_date) or die(mysql_error());
		$query_write_tags = "UPDATE " . $mysql_post_table . " SET " . $mysql_post_tags . " = '" . $post_tags . "' WHERE " . $mysql_post_id . " = '" . $post_id . "'";
		mysql_query($query_write_tags) or die(mysql_error());

		echo "Success! Your post has been updated/created in the database!";
		
		echo $html_footer;
		
	}
	else { echo "Error: You are not logged-in/allowed to view this page."; }
?>
Return current item: OpenBlog mini