' . $question['Question'] . 'Delete'; return template_render('../templates/user_questions.html', array ( 'link' => page_link_to("user_questions"), 'open_questions' => $open_questions )); } else { switch ($_REQUEST['action']) { case 'ask' : $question = trim(preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['question']))); if ($question != "") { sql_query("INSERT INTO `Questions` SET `UID`=" . sql_escape($user['UID']) . ", `Question`='" . sql_escape($question) . "'"); header("Location: " . page_link_to("user_questions")); } else return error("Please enter a Question!"); break; case 'delete' : if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) $id = $_REQUEST['id']; else return error("Incomplete call, missing Question ID."); $question = sql_select("SELECT * FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); if (count($question) > 0 && $question[0]['UID'] == $user['UID']) { sql_query("DELETE FROM `Questions` WHERE `QID`=" . sql_escape($id) . " LIMIT 1"); header("Location: " . page_link_to("user_questions")); } else return error("No Question found."); break; } } } ?>