include dirname(__FILE__).'/inc/config.php';
-if(isset($_GET['id']) && $_GET['id'] != '') {
+$id = (isset ($_GET['id'])) ? htmlspecialchars($_GET['id']) : '';
- $sql = "SELECT * FROM entries WHERE id=?";
- $params = array(intval($_GET['id']));
+if(!empty($id)) {
- # view article query
- try
- {
- $query = $db->getHandle()->prepare($sql);
- $query->execute($params);
- $entry = $query->fetchAll();
- }
- catch (Exception $e)
- {
- die('query error : '.$e->getMessage());
- }
+ $entry = get_article($id);
if ($entry != NULL) {
$tpl->assign('id', $entry[0]['id']);
$tpl->assign('is_fav', $entry[0]['is_fav']);
$tpl->assign('is_read', $entry[0]['is_read']);
$tpl->assign('load_all_js', 0);
+ $tpl->assign('token', $_SESSION['token_poche']);
$tpl->draw('view');
}
else {