$description = $_REQUEST['description']; $idvalue = $_REQUEST['id']; if ($title && $description) { if ($idvalue) { $sql = 'UPDATE ads SET ' . "title='" . mysql_real_escape_string($title) . "', " . "description='" . mysql_real_escape_string($description) . "', " . "updated_at= NOW() " . "WHERE id=" . "'" . mysql_real_escape_string($idvalue) . "' AND " . $authzsql; $result = mysql_query($sql); $retval = mysql_affected_rows(); if ($retval != 1) { $message = "Error, unable to update ad."; $action = 'edit'; } else { $message = "Updated record for '" . $title . "' id=" . $idvalue; $action = 'main'; } } else { $sql = 'INSERT INTO ads ' . '( title, description, course_key, user_key, user_name, user_image, created_at, updated_at ) ' . ' VALUES ( ' . "'" . mysql_real_escape_string($title) . "', " . "'" . mysql_real_escape_string($description) . "', " . "'" . mysql_real_escape_string($context->getCourseKey()) . "', " . "'" . mysql_real_escape_string($context->getUserKey()) . "', " . "'" . mysql_real_escape_string($context->getUserName()) . "', " . "'" . mysql_real_escape_string($context->getUserImage()) . "', " . " NOW(), NOW() ) "; $result = mysql_query($sql); $retval = mysql_affected_rows(); if ($retval != 1) { $message = "Error, unable to insert ad."; $action = 'add'; } else { $idvalue = mysql_insert_id(); $message = "Inserted ad '" . $name . "' id=" . $idvalue; $action = 'main'; $context->redirect(); } } } else { $message = "Error, please specify all data."; $action = 'add';
<h2> A Very Basic LTI Tool </h2> </header> <div id="page-content"> <?php if ($context->valid) { ?> <h2>Hello, <?php echo $context->getUserName(); ?> !</h2> <p id="image-wrapper"> <img src="<?php echo $context->getUserImage(); ?> " alt="<?php echo $context->getUserName(); ?> " /> </p> <p class="clearme"> </p> <?php if ($_POST['launch_presentation_return_url']) { ?> <p> The LMS is allowing you to make a call-back. Feel free to send the LMS a message that it will display back to the user. </p> <form method="GET" action="<?php