} // Start of the ad code $self = $context->addSession($_SERVER['PHP_SELF']); if (strpos($self, '?') > 0) { $selfp = $self . '&'; } else { $selfp = $self . '?'; } $action = $_REQUEST['action']; $message = false; $title = false; $description = false; $idvalue = false; // print_r($_REQUEST); // AuthZ WHERE clause terms $authzsql = "course_key=" . "'" . mysql_real_escape_string($context->getCourseKey()) . "'"; if (!$context->isInstructor()) { $authzsql = $authzsql . "AND user_key=" . "'" . mysql_real_escape_string($context->getUserKey()) . "'"; } if ($action == 'delete') { $idvalue = $_REQUEST['id']; if ($idvalue) { $sql = 'DELETE FROM ads WHERE id=' . "'" . mysql_real_escape_string($idvalue) . "' AND " . $authzsql; $result = mysql_query($sql); $retval = mysql_affected_rows(); if ($retval != 1) { $message = "Error, unable to delete ad."; $action = 'main'; } else { $message = "Deleted record id=" . $idvalue; $action = 'main';