WebSVN - taios - Path Comparison - /blog Rev 484 and /blog Rev 492

Ignore whitespace Rev 484 → Rev 492

 /blog/add-post.php
 ,8 → 44,9
         {
             $page->drawError('You do not have permission to access this page.');
         }
-        $page->query('INSERT INTO BlogPosts VALUES(0, "' . $parentID . '", "' . $page->getLoggedInUser()->ID . '", "' . $title . '", "' . $content . '", NOW(), "' . $category . '", 0)');
+                $args = array(0, $parentID, $page->getLoggedInUser()->ID, $title, $content, $category, 0);
+        $page->query("INSERT INTO BlogPosts VALUES(?, ?, ?, ?, ?, NOW(), ?, ?)", $args);
         $page->redirect('post.php?id=' . $parentID);
     }
 }

 /blog/edit-post.php
 ,23 → 27,18
 $error = '';
-if (isset($_POST['id']))
-{
+if (isset($_POST['id'])) {
     $title = $_POST['title'];
     $content = $_POST['content'];
     $category = $_POST['category'];
-    if (empty($title))
-    {
+    if (empty($title)) {
         $error = "No Title Specified";
-    }
-    else if (empty($content))
-    {
+    } else if (empty($content)) {
         $error = "No Content Specified";
-    }
-    else
-    {
-        $page->query('UPDATE BlogPosts SET Content = "' . $content . '", Title = "' . $title . '", Category = "' . $category . '" WHERE ID = "' . $id . '"');
+    } else {
+                $args = array($content, $title, $category, $id);
+        $page->query("UPDATE BlogPosts SET Content = ?, Title = ?, Category = ? WHERE ID = ?", $args);
         $page->redirect('post.php?id=' . $id);
     }
 }
 ,8 → 47,7
 $page->drawBlogCategoriesMenu();
 $page->drawMiddle();
-if (!empty($error))
-{
+if (!empty($error)) {
     $page->drawError($error, false);
 }