Hi JasonDFR
But this will make any one can access this article.
I need user when click the link (modify) for his/her article, view this article. Otherwise gave him error msg that this article is not belong to him. So I used sessions.
Plz check the full code. It is working fine but when user click (modify) it view all his articles. I need view only one article which he clicked.
public function EditArtis() {
try{
if(!$_SESSION['uid']){
echo "Hey, you are not entitle to modify this article. May be it is not yours or you are not login!";
echo ". . . This is a ristricted area for you . . . please wait till transfer you to the proper place . . .";
echo "<meta http-equiv='Refresh' content='5; URL=../index.php'/>";
return false;
}
$CheckArtiList = sprintf("SELECT `artid`, `subject`, `body`, `uid`, `username` FROM %s WHERE uid=".$_SESSION['uid']." ORDER BY curtime DESC",
parent::BHL_CONT_MGM);
$ArtiList = mysql_query($CheckArtiList) or die( mysql_error());
if(!mysql_num_rows($ArtiList) == 1) {
throw new Exception( "Hey, we did not Articles in databases!");
}
if (isset($_GET['editarti'])) {
parent::ClnArtiSub();
parent::ClnArtiBod();
$Artid = $_GET['editarti'];
$sql = sprintf("SELECT `artid`, `subject`, `body`, `uid`, `username`, `curtime` FROM %s WHERE artid='%s'",
parent::BHL_CONT_MGM, $Artid);
$Checkq = mysql_query($sql);
if ($Checkq) {
echo "";
}else{
echo "Sorry, we did not find any article here!";
}
$row = mysql_fetch_array($Checkq);
echo '<HTML>
<BODY>
<table width="40%" border="1" align="center" cellpadding="1" cellspacing="1">
<tr><td align="right"><H1 style="margin-top: 0; margin-bottom: 0"><font face="Tahoma" size="4" >
</font></H1><br>
<fieldset><legend>You can submit your article from this section:</legend>
<FORM METHOD="POST" ACTION="" >
</font><font face="Tahoma" size="2">
subject:</font><font face="Tahoma" size="1"><br>
<INPUT type="text" name="subject" SIZE=25 MAXLENGTH=50 value="'.$row['subject'].'"/></font></font></p>
</font><font face="Tahoma" size="2">
Body:</font><font face="Tahoma" size="1"><br>
<textarea name="content" rows="10" cols="70" wrap="virtual">'.$row['body'].'</textarea>
<P style="margin-top: 0; margin-bottom: 0">
<INPUT TYPE="submit" NAME="submit" VALUE="Save!" style="font-family: Tahoma"></p></td></tr>
</fieldset>
</table>
</FORM>
</BODY>
</HTML>';
if(parent::ClnArtiSub() == "" || parent::ClnArtiBod() == ""){
throw new Exception( "Hey, You have to fill all the required fields!");
}
if( ! parent::getmail() == 0){
$QUERY = sprintf("UPDATE %s SET `subject` = '%s', `body` = '%s' WHERE artid='%s'",
parent::BHL_CONT_MGM, parent::ClnArtiSub(), parent::ClnArtiBod(), $Artid)or die(mysql_error());
$Result = mysql_query($QUERY);
if(! Result){
throw new Exception( "Hey, We can not update this article!" );
}
}
}else {
echo '' .
mysql_error() . '</p>';
}
while($row = mysql_fetch_array($ArtiList)){
$Artid = $row['artid'];
$Article = $row['subject'];
echo '<table width="690" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#666666">
<tr>
<th scope="col"><div align="center">'.$Article.'</div></th>
<th width="150" height="40" scope="col"><div align="center"><a href="' . $_SERVER['PHP_SELF'] .'?editarti=' . $Artid . '">' . 'Edit this article</a></div></th>
</tr>
</table>';
}
}
catch ( Exception $e ) {
echo $e->getMessage();
}
}