include "../common.php"; include "./common.nn"; switch ($_POST[action]) { case "add_comment": if (isset($_POST[security_try])) { //Connect to database echo connect_to_db(); //Set variables, and call checkSecurityImage $security_refid = mysql_real_escape_string($_POST[security_refid]); $security_try = mysql_real_escape_string($_POST[security_try]); $checkSecurity = checkSecurityImage($security_refid, $security_try); //Depending on result, do something if ($checkSecurity) { perform_add_blog_comment(); } else { $validnot = "incorrect"; } } break; default: break; } $title = "Andrew J. Nowicki's Home on the Web | My Blog"; html_header($title, "blog"); ?>
| //Display blog links $date = "current viewing date or todays if non specified"; if($_GET[vm]) $date = $_GET[vm]; else $date = date("Y-m"); display_blog_links(); ?> | //Find info to display from URL connect_to_db(); if($_GET[id]) { $id = $_GET[id]; }else{ $sql = "SELECT max(blogid) FROM blog"; $err_msg = "Error finding newest Blog Entry"; $results = mysql_query($sql) or die(SQL_ERR_MSG($err_msg, mysql_error(), $sql, __LINE__)); if($results) $results = mysql_fetch_array($results); else SQL_ERR_MSG($err_msg, mysql_error(), "Fetch $sql", __LINE__); $id = $results[0]; } $sql = "SELECT * FROM blog WHERE blogid=\"$id\""; $err_msg = "Unable to get blog Blog Entry with ID=$id"; $results = mysql_query($sql) or die(SQL_ERR_MSG($err_msg, mysql_error(), $sql, __LINE__)); if($results) $results = mysql_fetch_array($results); else SQL_ERR_MSG($err_msg, mysql_error(), "Fetch $sql", __LINE__); if($results[blogid]) { display_blog_entry($results[blogid], $results[blog_date], $results[blog_subject], $results[blog_text]); show_blog_comments($results[blogid]); } else { print "Sorry, No results found."; } //Display the add comment form add_blog_comment_form($results[blogid]); ?> | if($_GET[vm]) display_blog_history($_GET[vm]); ?> |