diff options
Diffstat (limited to 'lib/notes/new.php')
-rw-r--r-- | lib/notes/new.php | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/lib/notes/new.php b/lib/notes/new.php index 1213b94..adad015 100644 --- a/lib/notes/new.php +++ b/lib/notes/new.php @@ -6,12 +6,12 @@ assert_redir(count($args) == 3, 'notes'); $parentid = intval($args[2]); if ($parentid != 0) { - $parent = mysql_fetch_assoc(sql( + $parent = sql( "SELECT na.id AS id, na.title AS title, na.text_html AS html, na.public AS public, na.owner AS owner, ". "nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ". "LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ". "WHERE na.id = $parentid" - )); + )->fetch(); assert_error($parent && $parent['owner'] == $user['id'], "The selected parent does not exist, or you cannot create children for it."); } @@ -28,9 +28,10 @@ if (isset($_POST['title']) && isset($_POST['text'])) { $error = "You must enter a title for your note"; } else { sql("INSERT INTO notes(owner, parent, title, text, text_html, public) ". - "VALUES(" . $user['id'] . ", $parentid, '" . escs($note_title) . "', '" . - escs($note_text) . "', '" . escs($note_html) . "', ". ($note_public?'1':'0') . ")"); - header("Location: view-notes-" . mysql_insert_id()); + "VALUES(?, ?, ?, ?, ?, ". ($note_public?'1':'0') . ")", + $user['id'], $parentid, escs($note_title), + escs($note_text), escs($note_html)); + header("Location: view-notes-" . $sql_conn->lastInsertId()); die(); } } |