-
Notifications
You must be signed in to change notification settings - Fork 1
/
edit_messages.php
75 lines (64 loc) · 2.37 KB
/
edit_messages.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
<?php
// First we execute our common code to connection to the database and start the session
require("common.php");
// At the top of the page we check to see whether the user is logged in or not
if(empty($_SESSION['user']))
{
// If they are not, we redirect them to the login page.
header("Location: login.php");
// Remember that this die statement is absolutely critical. Without it,
// people can view your members-only content without logging in.
die("Redirecting to login.php");
}
// Everything below this point in the file is secured by the login system
$query = "
SELECT
messages.messageId,
messages.title,
messages.message,
messages.messageType,
users.email
FROM messages, users
WHERE users.userId = messages.userId
";
try
{
// These two statements run the query against your database table.
$stmt = $db->prepare($query);
$stmt->execute();
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
// Finally, we can retrieve all of the found rows into an array using fetchAll
$rows = $stmt->fetchAll();
?>
<h1>Messages</h1>
<table class="u-full-width">
<thead>
<tr>
<th>Title</th>
<th class="un">Message</th>
<th class="un">Message Type</th>
<th class="un">Created By</th>
<th></th>
</tr>
</thead>
<tbody>
<?php foreach($rows as $row): ?>
<tr>
<td><?php echo htmlentities($row['title'], ENT_QUOTES, 'UTF-8'); ?></td>
<td class="un"><?php echo htmlentities($row['message'], ENT_QUOTES, 'UTF-8'); ?></td>
<td class="un"><?php echo htmlentities($row['messageType'], ENT_QUOTES, 'UTF-8'); ?></td>
<td class="un"><?php echo htmlentities($row['email'], ENT_QUOTES, 'UTF-8'); ?></td>
<td>
<form action='delete_message.php?messageId=<?php echo $row['messageId']; ?>' method="post">
<input type="submit" name="submit" value="Delete">
</form>
</tr>
<?php endforeach; ?>
</tbody>
</table>