<?php
session_start();
include('pdo.php');
$editFlag = $_POST['editFlag'] ?? false;
$contentID = $_POST['id'] ?? false;
$section = 1;
require_once 'tools/HTMLPurifier.standalone.php';
$config = HTMLPurifier_Config::createDefault();
$purifier = new HTMLPurifier($config);
$clean_html = $purifier->purify($_POST['userContent']);
if ($editFlag != "1"){
$stmt = $db->prepare("INSERT INTO userContent (section, author, content) VALUES (:section, :author, :content)");
$stmt->bindValue(':section', $section, PDO::PARAM_INT);
$stmt->bindValue(':author', $_SESSION['userID'], PDO::PARAM_INT);
$stmt->bindValue(':content', $clean_html, PDO::PARAM_STR);
$stmt->execute();
} else {
$stmt = $db->prepare("UPDATE userContent SET section=:section, author=:author, content=:content WHERE id=:contentID");
$stmt->bindValue(':section', $section, PDO::PARAM_INT);
$stmt->bindValue(':author', $_SESSION['userID'], PDO::PARAM_INT);
$stmt->bindValue(':content', $clean_html, PDO::PARAM_STR);
$stmt->bindValue(':contentID', $contentID, PDO::PARAM_INT);
$stmt->execute();
}
?>
preferences:
72.3 ms | 402 KiB | 5 Q