...
| Code Block |
|---|
// Choose the correct action based on the value of the $_POST['action']
if ($_POST['action'] == 'new_message')
{
// Add a message to the database
// prepare query
// save it with htmlspecialchars in order to stop clever javascripting and HTML-tags ;)
$query = $mysql_conn->prepare("INSERT INTO peukku_viestit (message) VALUES ('" . htmlspecialchars($_POST['message']) . "')");
// run query
$query->execute();
//remove post data by redirecting to ourselves
header( 'Location: index.php?new=' . $rivi['LAST_INSERT_ID()'] ) ;
}
|
...
| Code Block |
|---|
else if ($_POST['action'] == 'peukuta')
{
// Update +rating to the database
// prepare query
$query = $mysql_conn->prepare("UPDATE peukku_viestit SET rating = rating + 1 WHERE id = '" . $_POST['id'] . "'");
// run query
$query->execute();
//remove post data by redirecting to ourselves
header( 'Location: index.php?new=' . $_POST['id'] );
}
|
Peukku alas:
| Code Block |
|---|
else if ($_POST['action'] == 'peukuta_nega')
{
// Update -rating to the database
// prepare query
$query = $mysql_conn->prepare("UPDATE peukku_viestit SET rating = rating - 1 WHERE id = '" . $_POST['id'] . "'");
// run query
$query->execute();
//remove post data by redirecting to ourselves
header( 'Location: index.php?new=' . $_POST['id'] );
}
}
|
2.2.3 Sisällön muodostaminen
...