$isbn = substr($isbn, 0, 3) . "-" . substr($isbn, 3, 1) . "-" . substr($isbn, 4, 3) . "-" . substr($isbn, 7, 5) . "-" . substr($isbn, 12); } } } //sanitize user generated vars $title = strip_tags(htmlspecialchars($title)); $price = $price != 0 ? "\$" . round($price, 2) : ""; $details = str_replace("\n", "<br>", strip_tags(htmlspecialchars($details))); $location = strip_tags(htmlspecialchars($location)); $uName = strip_tags(htmlspecialchars($uName)); $author = strip_tags(htmlspecialchars($author)); } //update view count if ($loggedIn && $_SESSION['username'] != $uName || !$loggedIn) { if (!isset($_COOKIE[$identifier])) { if ($stmt = $cs->getListingConnection()->prepare("UPDATE `" . $schoolTextId . "` SET `views` = `views` + 1 WHERE `id` = ? LIMIT 1")) { //prepare query $stmt->bind_param('i', $id); $stmt->execute(); $stmt->close(); $views++; $expire = time() + 60 * 60 * 24; # 1 Day $path = "/"; setCookie($identifier, "true", $expire, $path); } } } else { $myPost = true; } //get poster details
<?php require_once "framework2/CredentialStore.php"; $cs = new CredentialStore(); $loggedIn = $cs->getLoginStatus(); //get page args $args = array_keys($_GET); $args = split(":", $args[0]); $identifier = $args[1]; $schoolTextId = $args[0]; if ($cs->getSchoolName($schoolTextId) == null || !$loggedIn) { return; } if ($identifier != null) { if ($editSTMT = $cs->getListingConnection()->prepare("SELECT id, title, details, price, tags FROM " . $schoolTextId . " WHERE identifier = ? LIMIT 1")) { $editSTMT->bind_param("s", $identifier); $editSTMT->execute(); // Execute the prepared query. $editSTMT->store_result(); $editSTMT->bind_result($id, $title, $details, $price, $tags); $editSTMT->fetch(); if ($editSTMT->num_rows < 1) { header('Location: ./'); } $title = htmlspecialchars($title); $price = $price != 0 ? "\$" . round($price, 2) : "(no price)"; $details = htmlspecialchars($details); } } ?> <!DOCTYPE html>