<?php
if (!defined("IN_RULE")) {
die("Oops");
}
$title = 'Books';
if (isset($_POST['delbook'])) {
$message = delbook($pdo);
}
$authors = getAuthorList($pdo);
$books = getBooksList($pdo);
function delbook($dblink)
{
$delid = filter_input(INPUT_POST, 'delbook', FILTER_SANITIZE_NUMBER_INT);
if ($delid == FALSE) {
$message = "Не указана книга.";
}
if ($delid != FALSE) {
if ($stm = $dblink->prepare("DELETE FROM books WHERE id=?")) {
$stm->execute(array($delid));
$message = "Книга удалена";
$stm = NULL;
}
}
return $message;
}
function makeSearchQuery()
{
$searchAuthor = filter_input(INPUT_COOKIE, 'searchAuthor', FILTER_VALIDATE_INT);
$searchName = filter_input(INPUT_COOKIE, 'searchName', FILTER_SANITIZE_SPECIAL_CHARS);
$searchFrom = filter::date($_COOKIE['searchFrom']);
<?php
if (!defined("IN_RULE")) {
die("Oops");
}
$title = 'EditBook';
getBook($pdo);
$authors = getAuthorList($author_id, $pdo);
if (isset($_POST['editbook'])) {
$message = editbook($bid, $OkDomains, $pdo);
}
function editbook($bid, $okdomains, $dblink)
{
$authorid = filter_input(INPUT_POST, 'authorid', FILTER_SANITIZE_NUMBER_INT);
$name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_SPECIAL_CHARS);
$dateto = filter::date($_POST['dateto']);
$preview = filter::allowedURL($_POST['preview'], $okdomains);
if ($authorid == FALSE) {
$message = "Не выбран автор.";
}
if ($name == FALSE) {
$message = "Не указано название книги.";
}
if ($dateto == FALSE) {
$message = "Не указана дата издания.";
}
if ($preview == FALSE) {
$message = "Укажите полный путь к превью (с http://).";
}
if ($authorid != FALSE && $name != FALSE && $dateto != FALSE && $preview != FALSE) {
if ($stm = $dblink->prepare("SELECT COUNT(id) AS cnt FROM authors WHERE id=?")) {
