#!/usr/bin/perl -Tw
############################################################
## Written and copyright 2002 by 
## Jacqueline D. Hamilton (kira@cgi101.com)
##
## This code is excerpted from "CGI Programming 201"
## (http://www.cgi101.com/advanced)
##
## You may use this code on your own website, however
## you may not publish or sell any copy or derivative work
## without permission of the author.
#############################################################
use strict;
use lib '../';
use MyBoard;

my($msgid, $sth, $rv, $msg, $resp);

# untaint the message number
# this is different from message.cgi in that it's a posted value
# rather than the query string.
if ($cgi->param('msgid') =~ /^(\d+)$/) {
    $msgid = $1;
} else {
    &dienice($cgi->param('msgid') . " isn't a valid message number.");
}

$sth = $dbh->prepare("select * from messages where id=?") or &dbdie;
$rv = $sth->execute($msgid);
if ($rv < 1) {
   &dienice("Message ID $msgid doesn't exist.");
}
$msg = $sth->fetchrow_hashref;

&do_header("Edit Message");

my($message) = &detag($msg->{message});

print <<EndHTML;
<form action="edit2.cgi" method="POST">
<input type="hidden" name="msgid" value="$msgid">
<b>Subject:</b> $msg->{subject}<p>
<b>Message:</b><br>
<textarea name="message" rows=10 cols=78>
$message </textarea><p>
<input type="submit" value="Save Changes">
</form>
EndHTML

&do_footer;

sub detag {
    my($str) = @_;
    $str =~ s/&/&amp;/g;
    $str =~ s/</&lt;/g;
    $str =~ s/>/&gt;/g;
    return $str;
}