public function create() { AuthLib::authed(); $method = $_SERVER["REQUEST_METHOD"]; if ($method == "GET") { echo HSHTPL::template("newform"); } else { if ($method == "POST") { $dbh = new PDO(DatabaseConfig::$connectionstring); $sql = "INSERT INTO news (" . " title" . ", slug" . ", content" . ", timestamp" . ") VALUES (" . " :title" . ", :slug" . ", :content" . ", :timestamp" . ");"; $query = $dbh->prepare($sql); $title = $_POST["blogtitle"]; $slug = LIBLIB::slugify($title); $content = $_POST["blogcontent"]; $query->execute(array(":title" => htmlentities($title), ":slug" => $slug, ":content" => htmlentities($content), ":timestamp" => time())); header("Location: /kontrol/taarn"); exit; } } }