</table></center>
<?
- if ($id > 0) {
+ if ($_GET[id] > 0) {
$dbh = pg_pconnect ("<dbhost>", "<dbport>", "<dbname>")
or die("Unable to connect to SQL server");
pg_exec ($dbh, "SET DateStyle = 'ISO'") or die("Datenbank-Abfrage!");
- $query = "SELECT * FROM news WHERE id = '$id'";
+ $query = sprintf("SELECT * FROM news WHERE id = %d", $_GET[id]);
$sth = pg_exec ($dbh, $query) or die("Datenbank-Abfrage!");
if (pg_NumRows ($sth) > 0) {
<b>Teaser:</b> <br><textarea name=teaser rows=5 cols=67><? echo $row['teaser']; ?></textarea><p>
<b>Text:</b> <br><textarea name=body rows=16 cols=67><? echo $row['body']; ?></textarea><p>
<b>Releasedate:</b> <input name=releasedate size=40 maxlength=20 value="<? echo $row['releasedate']; ?>"> (yyyy-mm-dd hh:mm)<br>
-<? if ($id > 0) { ?>
+<? if ($_GET[id] > 0) { ?>
<b>Deleted:</b> <input name=deleted type=radio value="1" <? if ($row['deleted']==1) { echo "checked";} ?>> yes
<input name=deleted type=radio value="0" <? if ($row['deleted']==0) { echo "checked";} ?>> no<br>
<? } ?>
-<p><center><input type=submit value="<? echo $id>0?"Update":"Insert"; ?>"></center><p>
+<p><center><input type=submit value="<? echo $_GET[id]>0?"Update":"Insert"; ?>"></center><p>
</form>
</font>
<:
$savedbody = $body;
for $i (('subject','author','email','teaser','body')) {
- printf " \$%s=sql_prepare (\$%s);\n", $i, $i;
+ printf " \$%s=sql_prepare (\$_POST[%s]);\n", $i, $i;
}
:>
- if ($id > 0) {
+ if ($_POST[id] > 0) {
$query = "UPDATE news SET "
. "subject='$subject',"
. "author='$author',"
. "email='$email',"
. "teaser='$teaser',"
. "body='$body',"
- . "releasedate='$releasedate',"
- . "deleted=$deleted"
- . " WHERE id = $id";
+ . "releasedate='$_POST[releasedate]',"
+ . "deleted=$_POST[deleted]"
+ . " WHERE id = $_POST[id]";
} else {
$sth = pg_exec ($dbh, "SELECT max(id) FROM news") or die("Datenbank-Abfrage!");
$oldid = pg_fetch_array ($sth, 0) or die("Datenbank-Abfrage!"); $oldid[0]++;
. "'$email',"
. "'$teaser',"
. "'$body',"
- . "'$releasedate',"
+ . "'$_POST[releasedate]',"
. "'$date',"
- . "'$REMOTE_USER',0"
+ . "'$_SERVER[REMOTE_USER]',0"
. ")";
}
//printf ("<pre>\n%s\n</pre>\n", $query);
$sth = pg_exec ($dbh, $query) or die("Datenbank-Abfrage!");
- $date = explode (" ", $releasedate);
+ $date = explode (" ", $_POST[releasedate]);
$date = explode ("-", $date[0]);
$date = sprintf ("%d.%d.%d", $date[2], $date[1], $date[0]);
?>