-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathedit.php
120 lines (105 loc) · 4.33 KB
/
edit.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
<?php
$pdo = require("pdo.php");
$errors = [];
$id = isset($_GET['id']) ? $_GET['id'] : null;
if (!$id) {
header("Location: index.php");
exit;
}
$statement = $pdo->prepare("SELECT * FROM posts WHERE id = :id");
$statement->bindParam(':id', $id, PDO::PARAM_INT);
$statement->execute();
$post = $statement->fetch();
if (!$post) {
header("Location: index.php");
exit;
}
$title = htmlspecialchars_decode($post['title'],ENT_QUOTES);
$body = htmlspecialchars_decode($post['body'],ENT_QUOTES);
$isPutRequest = $_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['_method']) && $_POST['_method'] === 'PUT';
if ($isPutRequest) {
$title = trim(isset($_POST["title"]) ? $_POST["title"] : '');
$body = trim(isset($_POST["body"]) ? $_POST["body"] : '');
if (empty($title)) {
$errors['title'] = "The title field is required.";
}
if (empty($body)) {
$errors['body'] = "The body field is required.";
}
if (empty($errors)) {
$title = htmlspecialchars($title);
$body = htmlspecialchars($body);
$sql = "UPDATE posts SET title = :title, body = :body WHERE id = :id";
$params = [
'title' => $title,
'body' => $body,
'id' => $id
];
$statement = $pdo->prepare($sql);
$statement->execute($params);
header("Location: index.php");
exit;
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<script src="https://cdn.tailwindcss.com"></script>
<title>Blog</title>
</head>
<body class="bg-gray-100">
<header class="bg-blue-500 text-white p-4">
<div class="container mx-auto">
<h1 class="text-3xl font-semibold">Update Blog Post</h1>
</div>
</header>
<div class="flex justify-center mt-10">
<div class="bg-white rounded shadow-md p-8 w-full max-w-md">
<h1 class="text-2xl font-semibold mb-6">Update Blog Post</h1>
<form method="post" action="">
<input type="hidden" name="_method" value="PUT">
<input type="hidden" name="id" value="<?= htmlspecialchars($post['id']) ?>">
<div class="mb-4">
<label for="title" class="block text-gray-700 font-medium">Title</label>
<input type="text" id="title" name="title" value="<?= htmlspecialchars_decode(isset($_POST['title']) ? $_POST['title'] : $post['title']) ?>"
placeholder="Enter the post title"
class="w-full px-4 py-2 border rounded focus:ring focus:ring-blue-300 focus:outline-none">
<?php if (isset($errors['title'])): ?>
<p class="text-red-500 text-sm mt-1"><?= $errors['title'] ?></p>
<?php endif; ?>
</div>
<div class="mb-4">
<label for="body" class="block text-gray-700 font-medium">Body</label>
<textarea id="body" name="body" placeholder="Enter the post body"
class="w-full px-4 py-2 border rounded focus:ring focus:ring-blue-300 focus:outline-none"><?= htmlspecialchars_decode(isset($_POST['body']) ? $_POST['body'] : $post['body']) ?></textarea>
<?php if (isset($errors['body'])): ?>
<p class="text-red-500 text-sm mt-1"><?= $errors['body'] ?></p>
<?php endif; ?>
</div>
<div class="mb-4">
<button type="submit" class="bg-blue-500 text-white px-4 py-2 rounded hover:bg-blue-600 focus:outline-none w-full">
Update
</button>
</div>
</form>
<div class="mb-4">
<form action="delete.php" method="POST" onsubmit="return confirm('Are you sure you want to delete this post?');">
<input type="hidden" name="id" value="<?= htmlspecialchars($post['id']) ?>">
<input type="hidden" name="_method" value="DELETE">
<button type="submit" class="bg-red-500 text-white px-4 py-2 rounded hover:bg-red-600 focus:outline-none w-full">
Delete
</button>
</form>
</div>
<div class="mt-4">
<a href="index.php" class="text-blue-500 hover:underline w-full text-center block">
Back to posts
</a>
</div>
</div>
</div>
</body>
</html>