require 'auth.inc'; if(!hasPermission('c_photobook')) include ('403.inc'); $photobookId = isset($_GET['photobookId'])?intval($_GET['photobookId']):0; require 'header.inc'; include '../nav.inc'; $title = ""; $text =""; if (isset($_POST['save'])) { $title = isset($_POST['title'])?trim($_POST['title']):''; $text = isset($_POST['text'])?trim($_POST['text']):''; unset($error); if (strlen($title)<2) $error['title']="Too short"; if (strlen($text)>250) $error['text']="Too long"; if (!isset($error)) { // DO WE WANT TO MODIFY OR CREATE ? $tmptitle="aangemaakt"; if($photobookId) { safe_update ( 'UPDATE photobook' . " SET title = '".(mysql_escape_string(htmlspecialchars($title)))."'" . " , text = '".(mysql_escape_string(htmlspecialchars($text)))."'" . " , modified = NOW()" . " WHERE id = ".$photobookId); if(isset($_SESSION['photobook']['title'])) $_SESSION['photobook']['title'] = $title; $tmptitle="aangepast"; } else $photobookId = safe_insert ( "INSERT INTO photobook" . " SET title = '".mysql_escape_string(htmlspecialchars($title))."'" . " , text = '".mysql_escape_string(htmlspecialchars($text))."'" . " , created = NOW()" . " , ownerId = ".$_SESSION['authUser']['id']); include 'done.inc'; exit(); } } else if($photobookId) { $res = safe_query ( "SELECT title,text" . " FROM photobook WHERE id=$photobookId"); if(mysql_num_rows($res)) list($title,$text)=mysql_fetch_array($res); } ?>