This repository has been archived by the owner on May 5, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
add_quote.php
executable file
·55 lines (39 loc) · 1.54 KB
/
add_quote.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
<?php
define('TITLE', 'Add a Quote');
include('templates/header.html');
print '<h2>Add a Quotation</h2>';
if (!is_administrator()) {
print '<h2>Access Denied!</h2><p class="error">You do not have permission to access this page.</p>';
include('templates/footer.html');
exit();
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ( !empty($_POST['quote']) && !empty($_POST['source']) ) {
include('../mysqli_connect.php');
$quote = mysqli_real_escape_string($dbc, trim(strip_tags($_POST['quote'])));
$source = mysqli_real_escape_string($dbc, trim(strip_tags($_POST['source'])));
if (isset($_POST['favorite'])) {
$favorite = 1;
} else {
$favorite = 0;
}
$query = "INSERT INTO quotes (quote, source, favorite) VALUES ('$quote', '$source', $favorite)";
mysqli_query($dbc, $query);
if (mysqli_affected_rows($dbc) == 1){
print '<p>Your quotation has been stored.</p>';
} else {
print '<p class="error">Could not store the quote because:<br>' . mysqli_error($dbc) . '.</p><p>The query being run was: ' . $query . '</p>';
}
mysqli_close($dbc);
} else {
print '<p class="error">Please enter a quotation and a source!</p>';
}
}
?>
<form action="add_quote.php" method="post">
<p><label>Quote <textarea name="quote" rows="5" cols="30"></textarea></label></p>
<p><label>Source <input type="text" name="source"></label></p>
<p><label>Is this a favorite? <input type="checkbox" name="favorite" value="yes"></label></p>
<p><input type="submit" name="submit" value="Add This Quote!"></p>
</form>
<?php include('templates/footer.html'); ?>