#!/usr/bin/perl -Tw
############################################################
## Written and copyright 2002 by 
## Jacqueline D. Hamilton (kira@cgi101.com)
##
## This code is excerpted from "CGI Programming 201"
## (http://www.cgi101.com/advanced)
##
## You may use this code on your own website, however
## you may not publish or sell any copy or derivative work
## without permission of the author.
#############################################################
use strict;
use lib '.';
use MyBoard;

# declare variables
my($msgid, $sth, $rv, $msg, $i, $subject);

# untaint the query string
if ($ENV{QUERY_STRING} =~ /^(\d+)$/) {
   $msgid = $1;
} else {
   &dienice("$ENV{QUERY_STRING} isn't a valid message number.");
}

# get the message data
$sth = $dbh->prepare("select *, date_format(date,'%c/%e/%Y %r') as nicedate from messages where id=?") or &dbdie;
$rv = $sth->execute($msgid);
$msg = $sth->fetchrow_hashref;

$subject = $msg->{'subject'};

&do_header("Reply to Message #$msgid: $subject");
print qq(<h2>Reply to Message #$msgid: $subject</h2>\n);

$subject =~ s/\"/&quot;/g;

print <<EndForm;
<form action="postmsg.cgi" method="POST">
<input type="hidden" name="replyto_id" value="$msgid">
<pre>
Your Name:             <input type="text" name="name" size=40>
E-mail or Web Address: <input type="text" name="email" size=40>
Subject:               <input type="text" name="subject" size=40 value="Re: $subject">
</pre>

Enter your message below.<p>
<textarea name="message" rows=10 cols=78 wrap="HARD">
</textarea>
<p>
<input type="submit" value="Post Comment">
<input type="reset" value="Erase">
</form>

EndForm

&do_footer;