$idPost = mysql_real_escape_string($_POST['idPost']);
}
if (!empty($_GET['idPost'])) {
$idPost = mysql_real_escape_string($_GET['idPost']);
}
if (empty($idPost)) {
$error['idPost'] = 'idPost is missing. fuuuu...';
}
}
if (empty($error)) {
// Vars
$title = mysql_real_escape_string($_POST['title']);
$tags = mysql_real_escape_string($_POST['tags']);
// Editor vars
$body = mysql_real_escape_string(process_full_editor($_POST['body']));
$summary = mysql_real_escape_string(process_mini_editor($_POST['summary']));
if (!empty($_POST['summary_img']) && is_url_ok($_POST['summary_img'])) {
$summary_img = mysql_real_escape_string($_POST['summary_img']);
}
if (!empty($_POST['date_pub'])) {
$date_pub = mysql_real_escape_string($_POST['date_pub']);
} else {
$date_pub = date("Y-m-d H:i:s");
}
if (!empty($_POST['postFor'])) {
$postFor = mysql_real_escape_string($_POST['postFor']);
}
// ADDING POST
if (!empty($_POST['submitAdd'])) {
$query = "INSERT INTO posts (title, userId, postFor, summary, summary_img, body, date_pub, tags, imgs)\n\t\t\t VALUES ('{$title}', '{$userId}', '{$postFor}', '{$summary}', '{$summary_img}', '{$body}', '{$date_pub}', '{$tags}', '{$imgs}')";
$result = mysql_query($query, $dbConn);
$country = mysql_real_escape_string($_POST['country']);
} else {
$error['country'] = 'A country is needed.';
}
if (!empty($_POST['homepage']) && $_POST['homepage'] != 'http://') {
$homepage = mysql_real_escape_string($_POST['homepage']);
} else {
$homepage = 'http://';
}
if (!empty($_POST['location'])) {
$location = mysql_real_escape_string($_POST['location']);
} else {
$location = '';
}
if (!empty($_POST['about'])) {
$about = process_mini_editor($_POST['about']);
$about = mysql_real_escape_string($about);
} else {
$about = '';
}
if (!empty($_POST['notify']) && $_POST['notify'] == '1') {
$notify = '1';
} else {
$notify = '0';
}
if (!empty($_POST['picasaUser'])) {
$picasaUser = mysql_real_escape_string($_POST['picasaUser']);
} else {
$picasaUser = '';
}
// No errors? Go on