View Single Post
  #9 (permalink)  
Old May 31st, 2006, 10:39 PM
Beebs Beebs is offline
Authorized User
 
Join Date: May 2006
Location: , , Australia.
Posts: 12
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to Beebs
Default

mike,

This : $section_name = $_GET['article_id']; does not do anything . I've tried to use _POST as well...no luck

As I told you in the previous post the form is handled by transact-article.php

I don't know where to change - wether in the SQL query above, or in this transact-article.php

Can you please have a look?

Code:
<?php
session_start();
require_once 'conn.php';
require_once 'http.php';

if (isset($_REQUEST['action'])) {
  switch ($_REQUEST['action']) {
    case 'Submit New Article':
      if (isset($_POST['title'])
          and isset($_POST['section_id'])
          and isset($_POST['body'])
          and isset($_SESSION['user_id']))
      {
        $sql = "INSERT INTO cms_articles " .
               "(title,section_id,body,author_id,date_submitted) " .
               "VALUES ('" . $_POST['title'] . 
               "','" . $_POST['section_id'] . 
               "','" . $_POST['body'] .
               "'," . $_SESSION['user_id'] . ",'" .
               date("Y-m-d H:i:s", time()) . "')";



        mysql_query($sql, $conn)
          or die('Could not submit article; ' . mysql_error());
      }
      redirect('index.php');
      break;

    case 'Edit':
      redirect('compose.php?a=edit&article=' . $_POST['article']);
      break;

    case 'Save Changes':
      if (isset($_POST['title'])
          and isset($_POST['section_id'])
          and isset($_POST['body'])
          and isset($_POST['article']))
      {
        $sql = "UPDATE cms_articles " .
               "SET title='" . $_POST['title'] .
                "', section_id='" . $_POST['section_id'] .
               "', body='" . $_POST['body'] . "', date_submitted='" .
               date("Y-m-d H:i:s", time()) . "' " .
               "WHERE article_id=" . $_POST['article'];
               if (isset($_POST['authorid'])) {
                 $sql .= " AND author_id=" . $_POST['authorid'];
               }

        mysql_query($sql, $conn)
          or die('Could not update article; ' . mysql_error());
      }

      if (isset($_POST['authorid'])) {
        redirect('cpanel.php');
      } else {
        redirect('pending.php');
      }
      break;

    case 'Publish':
      if ($_POST['article']) {
        $sql = "UPDATE cms_articles " .
               "SET is_published=1, date_published='" .
               date("Y-m-d H:i:s",time()) . "' " . 
               "WHERE article_id=" . $_POST['article'];
        mysql_query($sql, $conn)
          or die('Could not publish article; ' . mysql_error());
      }
      redirect('pending.php');
      break;

    case 'Retract':
      if ($_POST['article']) {
        $sql = "UPDATE cms_articles " .
               "SET is_published=0, date_published='' " .
               "WHERE article_id=" . $_POST['article'];
        mysql_query($sql, $conn)
          or die('Could not retract article; ' . mysql_error());
      }
      redirect('pending.php');
      break;

    case 'Delete':
      if ($_POST['article']) {
        $sql = "DELETE FROM cms_articles " .
               "WHERE is_published=0 " . 
               "AND article_id=" . $_POST['article'];
        mysql_query($sql, $conn)
          or die('Could not delete article; ' . mysql_error());
      }
      redirect('pending.php');
      break;

    case 'Submit Comment':
      if (isset($_POST['article'])
          and $_POST['article']
          and isset($_POST['comment'])
          and $_POST['comment'])
      {
        $sql = "INSERT INTO cms_comments " .
               "(article_id,comment_date,comment_user,comment) " .
               "VALUES (" . $_POST['article'] . ",'" .
               date("Y-m-d H:i:s", time()) . 
               "'," . $_SESSION['user_id'] .
               ",'" . $_POST['comment'] . "')";
        mysql_query($sql, $conn)
          or die('Could add comment; ' . mysql_error());
      }
      redirect('viewarticle.php?article=' . $_POST['article']);
      break;

    case 'remove':
      if (isset($_GET['article'])
          and isset($_SESSION['user_id']))
      {
        $sql = "DELETE FROM cms_articles " .
               "WHERE article_id=" . $_GET['article'] . 
               " AND author_id=" . $_SESSION['user_id'];
        mysql_query($sql, $conn)
          or die('Could not remove article; ' . mysql_error());
      }
      redirect('cpanel.php');
      break;
  }
} else {
  redirect('index.php');
}
?>
Reply With Quote