diff options
Diffstat (limited to 'view.php')
| -rwxr-xr-x | view.php | 17 |
1 files changed, 3 insertions, 14 deletions
| @@ -10,22 +10,11 @@ | |||
| 10 | 10 | ||
| 11 | include dirname(__FILE__).'/inc/config.php'; | 11 | include dirname(__FILE__).'/inc/config.php'; |
| 12 | 12 | ||
| 13 | if(isset($_GET['id']) && $_GET['id'] != '') { | 13 | $id = (isset ($_GET['id'])) ? htmlspecialchars($_GET['id']) : ''; |
| 14 | 14 | ||
| 15 | $sql = "SELECT * FROM entries WHERE id=?"; | 15 | if(!empty($id)) { |
| 16 | $params = array(intval($_GET['id'])); | ||
| 17 | 16 | ||
| 18 | # view article query | 17 | $entry = get_article($id); |
| 19 | try | ||
| 20 | { | ||
| 21 | $query = $db->getHandle()->prepare($sql); | ||
| 22 | $query->execute($params); | ||
| 23 | $entry = $query->fetchAll(); | ||
| 24 | } | ||
| 25 | catch (Exception $e) | ||
| 26 | { | ||
| 27 | die('query error : '.$e->getMessage()); | ||
| 28 | } | ||
| 29 | 18 | ||
| 30 | if ($entry != NULL) { | 19 | if ($entry != NULL) { |
| 31 | $tpl->assign('id', $entry[0]['id']); | 20 | $tpl->assign('id', $entry[0]['id']); |