<?php if (!defined("IN_RULE")) { die("Oops"); } $title = 'Books'; if (isset($_POST['delbook'])) { $message = delbook($pdo); } $authors = getAuthorList($pdo); $books = getBooksList($pdo); function delbook($dblink) { $delid = filter_input(INPUT_POST, 'delbook', FILTER_SANITIZE_NUMBER_INT); if ($delid == FALSE) { $message = "Не указана книга."; } if ($delid != FALSE) { if ($stm = $dblink->prepare("DELETE FROM books WHERE id=?")) { $stm->execute(array($delid)); $message = "Книга удалена"; $stm = NULL; } } return $message; } function makeSearchQuery() { $searchAuthor = filter_input(INPUT_COOKIE, 'searchAuthor', FILTER_VALIDATE_INT); $searchName = filter_input(INPUT_COOKIE, 'searchName', FILTER_SANITIZE_SPECIAL_CHARS); $searchFrom = filter::date($_COOKIE['searchFrom']);
<?php if (!defined("IN_RULE")) { die("Oops"); } $title = 'EditBook'; getBook($pdo); $authors = getAuthorList($author_id, $pdo); if (isset($_POST['editbook'])) { $message = editbook($bid, $OkDomains, $pdo); } function editbook($bid, $okdomains, $dblink) { $authorid = filter_input(INPUT_POST, 'authorid', FILTER_SANITIZE_NUMBER_INT); $name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_SPECIAL_CHARS); $dateto = filter::date($_POST['dateto']); $preview = filter::allowedURL($_POST['preview'], $okdomains); if ($authorid == FALSE) { $message = "Не выбран автор."; } if ($name == FALSE) { $message = "Не указано название книги."; } if ($dateto == FALSE) { $message = "Не указана дата издания."; } if ($preview == FALSE) { $message = "Укажите полный путь к превью (с http://)."; } if ($authorid != FALSE && $name != FALSE && $dateto != FALSE && $preview != FALSE) { if ($stm = $dblink->prepare("SELECT COUNT(id) AS cnt FROM authors WHERE id=?")) {