Opdracht

public/index.php

@@ -56,6 +56,9 @@ $app->get('/', function (Request $request, Response $response, array $args) {
     addNavbar($response);
     $response->getBody()->write('<hr/><h1>Onze blog</h1>');
     $response->getBody()->write('<ul>');
+    # Opdracht : lees de blogs in, en toon het lijstje met links naar de artikels.
+    # $ret->fetchArray(SQLITE3_ASSOC); Dit geeft steeds 1 rij terug als Associative array
+    # https://www.php.net/manual/en/sqlite3result.fetcharray.php : commentaar "4" geeft clues hoe aan te pakken
     foreach ($_SESSION['blogs'] as $art) {
         $response->getBody()->write('<li><a href="/blog/' . $art['slug'] . '">' . $art['title'] . '</a></li>');
     }
@@ -77,6 +80,7 @@ $app->map(['GET', 'POST'], '/blog/create', function (Request $request, Response
                 unset($_SESSION['error']);
             }
 
+            // Opdracht : Toon reeds ingevoerde gegevens in geval van foutmelding
             $response->getBody()->write('<form action="/blog/create" method="POST">');
             $response->getBody()->write('<label for="slug">slug:</label>');
             $response->getBody()->write('<input type="text" name="slug"/><br/>');
@@ -96,8 +100,6 @@ $app->map(['GET', 'POST'], '/blog/create', function (Request $request, Response
             $stmt->bindValue(':title', $data['title'], SQLITE3_TEXT);
             $stmt->bindValue(':content', $data['content'], SQLITE3_TEXT);
             $res = $stmt->execute();
-            //$ret = $db->exec($sql);
-            //$_SESSION['blogs'][] = ["slug" => $data['slug'], "title" => $data['title'], "content" => "Lorem ipsum 4"];
 
             if ($res) {
                 return $response->withHeader('Location', '/')->withStatus(302);
@@ -152,6 +154,7 @@ $app->map(['GET', 'POST'], '/login', function (Request $request, Response $respo
 
 
         global $db;
+        // OPDRACHT : herwerk deze om te beveiligen tegen SQL Attack
         $sql = "SELECT count(*) as count FROM users WHERE username = '" . $postdata['username'] . "' AND password = '" . $postdata['password'] . "';";
         $ret = $db->query($sql);
         $rows = $ret->fetchArray(SQLITE3_ASSOC);