$action = preg_replace("/[^a-zA-Z]/","",$_GET['action']);
if ($action == "ajouter")
{
if (empty($_POST['section']) or
empty($_POST['titre']) or
empty($_POST['contenu']))
{
echo "
";
}
else {
$query = "INSERT INTO mp_blog (section,titre,contenu,pseudo) VALUES
('".text2html($_POST['section'])."',
'".text2html($_POST['titre'])."',
'".text2html($_POST['contenu'])."',
'".$nick."'
)";
mysql_query($query) or die(mysql_error());
echo "Changement effectuées.
";
}
}
elseif($action == "edit")
{
if (empty($_GET['article']))
{
echo "Liste des billets \n";
echo "";
$query = "SELECT id,titre FROM mp_blog WHERE pseudo='".$nick."' ORDER BY id DESC";
$result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_assoc($result))
{
echo "".$row{'titre'}." \n";
}
echo " \n";
}
else {
$id = preg_replace("/[\D]/","",$_GET['article']);
if (empty($_POST['titre']) or
empty($_POST['section']) or
empty($_POST['contenu']))
{
$id = $_GET['article'];
aide();
$query = "SELECT * FROM mp_blog WHERE pseudo='".$nick."' and id='".$id."'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_assoc($result);
echo "
Section
titre
Contenu
".html2text($row['contenu'])."
Validation
";
}
else {
if ($_POST['action'] == "supprimer")
{
$query = "DELETE FROM mp_blog WHERE pseudo='".$nick."' and id='".$id."'";
}
else
{
$query = "UPDATE mp_blog set titre='".text2html($_POST['titre'])."',
section='".text2html($_POST['section'])."',
contenu='".text2html($_POST['contenu'])."'
WHERE pseudo='".$nick."' and id='".$id."'";
}
mysql_query($query) or die(mysql_error());
echo "Modifications effectuées.
";
}
}
}