- session_start: documentation ( source)
<?php
session_start();
// some sort of user authorization should go here.
if (isset($_POST['userContent'])) {
// see https://gist.github.com/adrian-enspired/2e03b01fcfff54151864
require 'pdo.php';
require_once 'tools/HTMLPurifier.standalone.php';
$purifier = new HTMLPurifier(HTMLPurifier_Config::createDefault());
$data = [
'section' => $section,
'author' => $_SESSION['userId'],
'content' => $purifier->purify($_POST['userContent'])
];
if (isset($_POST['id'])) {
$data['contentID'] = $_POST['id'];
// i'd question why you're updating the author. is it potentially being changed? same goes for $section.
$stmt = $db->prepare("UPDATE userContent SET section=:section, author=:author, content=:content WHERE id=:contentID");
$stmt->execute($data);
} else {
$stmt = $db->prepare("INSERT INTO userContent (section, author, content) VALUES (:section, :author, :content)");
$stmt->execute($data);
}
}