diff options
-rwxr-xr-x | www-ssl/nonpublic/news_output.php | 25 |
1 files changed, 12 insertions, 13 deletions
diff --git a/www-ssl/nonpublic/news_output.php b/www-ssl/nonpublic/news_output.php index 9648fc41..91112c81 100755 --- a/www-ssl/nonpublic/news_output.php +++ b/www-ssl/nonpublic/news_output.php @@ -3,31 +3,30 @@ include ("./inc/db.php"); include ("./inc/funktion_user.php"); -if ( isset($text) && isset($betreff) && IsSet($date) ) { - if (!isset($treffen)) $treffen = 0; +if( isset( $_POST["text"]) && isset( $_POST["betreff"]) && IsSet( $_POST["date"]) ) { + if( !isset( $_POST["treffen"])) + $_POST["treffen"] = 0; //$escaped_text = htmlescape($text); //$escaped_betreff = htmlescape($betreff); $SQL = "INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) "; - $SQL.= "VALUES ('$date', '$betreff', '$text', '".$_SESSION['UID']; - $SQL.= "', '$treffen');"; + $SQL.= "VALUES ('". $_POST["date"]. "', '". $_POST["betreff"]. "', '". $_POST["text"]. "', '".$_SESSION['UID']; + $SQL.= "', '". $_POST["treffen"]. "');"; $Erg = mysql_query($SQL, $con); - if ($Erg == 1) { Print_Text(4); } + if ($Erg == 1) + Print_Text(4); } +if( !IsSet( $_GET["news_begin"])) + $_GET["news_begin"]=0; -if (!IsSet($news_begin)) { - $news_begin=0; -} - -if (!IsSet($DISPLAY_NEWS)) { - $DISPLAY_NEWS = 5; -} +if( !IsSet( $_GET["DISPLAY_NEWS"])) + $_GET["DISPLAY_NEWS"] = 5; //if (($news_begin-$DISPLAY_NEWS) >= 0 ) { // echo "<br><br><a href=\"./news.php?news_begin=".($news_begin-$DISPLAY_NEWS)."\">Die vorherigen $DISPLAY_NEWS News anzeigen...</a><br>"; //} -$SQL = "SELECT * FROM `News` ORDER BY 'ID' DESC LIMIT $news_begin,$DISPLAY_NEWS"; +$SQL = "SELECT * FROM `News` ORDER BY 'ID' DESC LIMIT ". $_GET["news_begin"]. ",". $_GET["DISPLAY_NEWS"]; $Erg = mysql_query($SQL, $con); // anzahl zeilen |