R
E
S
O
U
R
C
E
S
       Home      Products & Services      Contact Us      Links


WebHatchers will design & develop your site for you.
_______________________

Website Menu Heaven: menus, buttons, etc.
_______________________

Send us your questions.
_______________________

site search by freefind
_______________________

HOME
SEO, Google, Privacy
   and Anonymity
Browser Insanity
JavaScript
Popups and Tooltips
Free Website Search
HTML Form Creator
Animation
Buttons and Menus
Counters
Captchas
Image Uploading
CSS and HTML
PHP
AJAX
XPATH
Website Poll
IM and Texting
Databases—MySQL
   or Not MySQL
Personal Status Boards
Content Management
   Systems
Article Content
   Management Systems
Website Directory
   CMS Systems
Photo Gallery CMS
Forum CMS
Blog CMS
Customer Records
   Management CMS
Address Book CMS
Private Messaging CMS
Chat Room CMS
JavaScript Charts
   and Graphs




Free Personal Status Boards (PSB™)

Free Standard Free PSB

Free PSB Pro Version

Free Social PSB

Free Social PSB Plus (with Email)

Free Business PSB

Free Business PSB Plus (with Email)

PSB demo

Social PSB demo

Business PSB demo

So what's all this PSB stuff about?

Chart comparing business status boards

PSB hosting diagram

PSB Licence Agreement



Copyright © 2002 -
MCS Investments, Inc. sitemap

PSBs, social networking, social evolution, microcommunities, personal status boards
PSBs, social networking, business personal status boards
website design, ecommerce solutions
website menus, buttons, image rotators
Ez-Architect, home design software
the magic carpet and the cement wall, children's adventure book
the squirrel valley railroad, model railroad videos, model train dvds
the deep rock railroad, model railroad videos, model train dvds

PHP Code for View Blog Topic and Replies

Content Management System: Blogs


The blog's topic and replies viewing page whose code is on this web page has a sidebar with info on what is allowed in writing both topics and replies, although only replies can be entered on this page. You're allowed to have bold, underscore, italics, links, email links, pictures, videos, and audios in either topics or replies. The only limitation is that you must use our tag system when typing in new topics and/or replies. Only the selected topic (with replies) is displayed on this topic viewing page (in its entirety) when you click on one of the topic links on the home page, or on a Replies link in one of the topics on the home page. This will include any bold, underscore, italics, links, email links, pictures, videos, and audios in those topics or replies. And here are the custom tags you will use:

No single or double quotes or Enter/Return allowed in topic titles. Use letters, numbers, spaces and these: , . ) ? : ( ; _ - ! / in title and content. In content only, you may use single or double quotes or Enter/Return. Use Returns for new paragraphs. For italics, starting and ending tags are (i-) and (ii-). For bold, use (b-) and (bb-). Underline is (u-) and (uu-). For links, use (l-) then domain without http://, then (ll-) then link text, then (lll-). For emails, use (e-) then email address with (ee-) instead of @, then (eee-) then subject, then (eeee-) then link text, then (eeeee-).

For pictures, use (p-) as start tag, then the complete picture URL with .jpg or .png or .gif or .bmp extension, then (pp-) as end tag. If the picture somehow is on the blog server near the blog folder but is in a higher level folder than the subfolder your Content Management System is in, put 2 dots before the name and just make sure you use the picture name only, not a URL path, for this special case. If it's in a subfolder like "images", then move it to the higher level folder or the subfolder your Content Management System is in. If the image is wider than 580 pixels, resave it to 580.

For YouTube video, use (v-) as start tag, then the letter code after http://www.youtube.com/v/ and before &hl=en_US&fs=1& in your video's YouTube Embed code, then (vv-), then the same letter code again, then (vvv-) as end tag. If the video you want to use is not on YouTube, upload it there before proceeding.

For audio, use (a-) as start tag, then the sound's name, then (aa-), then the complete sound file URL ending in .mp3 or .wav, then (aaa-) as end tag. Make sure the site administrator has put the sound.js file in the folder your blog Content Management System is in, and do not try to put this JavaScript on the web page—it needs to be a separate file. Save the following code (exactly, without adding script tags or anything else!) as sound.js: function sound(s,q) {document.getElementById(q).innerHTML="<embed src='"+s+"' hidden=true autostart=true loop=false>"}

Depending on which topic link is clicked on the blog home page, its corresponding id number will be sent via query string (along with the username) to this blog topic and replies viewing page and, as mentioned, only this topic and its replies will be visible on this viewing page. For other topics, you must return to the blog home page from a Return to Blog link on this blog topic and replies viewing page.

On to the PHP code. As usual, we start with config.php, since without it, the MySQL-based blog would not be viable. You cannot relate to a db without knowing the magic words. Next, the security of the page is dealt with by ensuring the page visitor has a username that's in the database. Note that the various pages on our blog app use both forms and URL query strings to transfer data between pages, so both POST and GET are checked for username, and if neither works, the visitor is sent to the login script. Not only is the db checked for a valid username, the username is checked to make sure it has only 6 to 20 letters, numbers or underscore in it and no other characters—otherwise, it's off to the login script. If a hacker has put something nasty in the query string, he'll end up at the login script. All our blog app scripts have this same (almost) username checker at the top of the PHP section—except for the login script. We say "almost" because most pages only allow the administrator access because most pages are about adding, deleting, or editing topics, replies, or categories. So, seeing if the username is the administrator's is in the user checker on most of these blog app pages.

Speaking of seeing if the username is the administrator's, we do that several times on this page because the page's links will differ depending on who the user is that's currently using the blog. Regular visitors will not be able to even see the links Open/Close Topic or Edit Topic or Delete Topic or Delete Reply, for instance, but the administrator will. The regular users will be able to see a Return to Blog link which will transport them to the glories and wonders of the blog's home page. if($U<>"DIRTY_dog_DROPPINGS_"){$am_i_admin="cms-view-blog-topic.php";$thelinktext=""; is our way of coding "if you aren't the administrator we will make the links disappear." The administrator's username is a bit silly, as you see. Feel free to change it (to AfDqC_1f3_DkI3j5k9N_ for example) when you register the administrator username and password, but you must search and replace ALL blog app pages for our silly name and replace it with your not-as-silly name or you'll have more problems than a pregnant nun. Anyway, in that code you can see that the link is of no consequence because the link text that will be for clicking on is an empty string so the user will see nothing. Note that in the script below the admin person gets good links with good query strings in them so username and topic id will be passed to that blog app.

Next comes SELECT * FROM $tbl_name WHERE id='$id'. You can see why we stuck the topic id into the URL query string that brought us to this topic viewing page. We use it now to grab the topic from the MySQL db.

Note that for displaying data, htmlentities() and stripslashes() are used to provides display security on this page—just in case the data has somehow gotten compromised.

At the conclusion of the db interfacing is a script deciphering custom tags and replacements that are real HTML tags. Then there is more username checking to see whether to make certain links visible or not, based upon whether you are the administrator or not. Note that the email is either displayed or not depending on the same username checking. <td><b>Email :</b> <? if($U=="DIRTY_dog_DROPPINGS_"){echo htmlentities(stripslashes($rows['email']), ENT_QUOTES);}else{echo "(private)";} ?></td> makes sure "(private)" is displayed if they're anyone but the administrator. Then the topic's open/closed status is displayed. It uses the $open string to store the correct word, which it got earlier with: $open="Open";if($rows['open']=="0"){$open="Closed";}. This helps to display whether the topic is open to new replies or not or closed. The code block with all the nonbreaking spaces in it has a Return to Blog link at the end that is for everyone—no attempt to make the link invisible is made.

The code now deals with the db table with the replies in it so it can display them, getting only those that have our topic's id in their question_id field. Just like with the topic displaying, there is deciphering custom tags and replacements that are real HTML tags. Then there is more username checking to see whether to make certain links visible or not, based upon whether you are the administrator or not. Note that while($rows=mysql_fetch_array($result2)){ is our replies-getting loop here, whereas with the topic there was only one so no loop was needed.

The next script section looks into the $open string and only if the string equals "Open" will the HTML input form for replies entry be displayed. A closed topic is not to be commented on until the administrator opens it again—if ever.

The input form has an input validation JavaScript function that it runs from the onsubmit event, and this is only safe because it's duplicated in the cms-add-blog-answer.php script the form sends us to but this time as safe PHP code. Additionally, the form has a hidden field that gets the username stuck in it by JavaScript prior to submitting, and if JavaScript is turned off, the cms-add-blog-answer.php script will discover an empty username, resulting in the user being sent back to the login script without any db table changes.

At the bottom of the script is the code for the sidebar with info on what is allowed in writing both topics and replies, although only replies can be entered on this page. You're told you are allowed to have bold, underscore, italics, links, email links, pictures, videos, and audios in either topics or replies.

SAVE THIS PAGE AS: cms-view-blog-topic.php

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>View Blog Topic—Content Management System (CMS)</TITLE>
<meta name="description" content="View Blog Topic—Content Management System (CMS)">
<meta name="keywords" content="Blogs,Blog,Content Management System,Content Management System Articles,php,CMS,javascript, dhtml, DHTML">
<style type="text/css">
BODY {margin-left:0; margin-right:0; margin-top:0;text-align:left;background-color:#ddd}
p, li {font:13px Verdana; color:black;text-align:left;text-indent:2em;margin-bottom:-1em}
h1 {font:bold 28px Verdana; color:black;text-align:center}
h2 {font:bold 24px Verdana;text-align:center}
td {font:normal 13px Verdana;text-align:left;background-color:#eee}
.topic {text-align:left;background-color:#fff}
.mid {text-align:center;background-color:#bbb}
.right {text-align:right;}
.over {margin-left:240px}
.info {position:absolute;top:19px;left:2px;width:188px;border:1px solid blue;padding:6px;background-color:#bbb;word-wrap:break-word}
</style>
<script type="text/javascript">

mactest=(navigator.userAgent.indexOf("Mac")!=-1) //My browser sniffers
is_chrome = navigator.userAgent.toLowerCase().indexOf('chrome') > -1
Netscape=(navigator.appName.indexOf("Netscape") != -1)
msafari=(navigator.userAgent.indexOf("Safari")!= -1)
wsafari=0; if(!mactest&&msafari){wsafari=1;msafari=0}
is_opera = 0; if(window.opera){is_opera=1}
is_ie_mac = 0; is_ie=0;if(document.all){is_ie=1}
if(is_ie&&mactest){is_ie_mac=1}

function fixem(){if(Netscape||is_opera){e=document.getElementById('ti');e.style.marginTop='-15px';}}

function textCounter(field, countfield, maxlimit) {
if (field.value.length > maxlimit){field.value = field.value.substring(0, maxlimit);}
else{countfield.value = maxlimit - field.value.length;}}

function check(){

var ck_email = /^[A-Za-z0-9-_]+(\.[A-Za-z0-9-_]+)*@([A-Za-z0-9-_]+\.)?([A-Za-z0-9-_]+(\.[A-Za-z]{2,6})(\.[A-Za-z]{2})?)$/;
if(document.form1.a_email.value.search(ck_email)==-1)
{alert("That email address is not valid.");document.form1.a_email.focus();return false;}

var ck_a_name = /^[A-Za-z0-9_ ]{6,20}$/;
if (document.form1.a_name.value.search(ck_a_name)==-1)
{alert("Please enter 6 to 20 letters, numbers, space, and underline for the name.");document.form1.a_name.focus();return false;}

if (document.form1.a_answer.value.length<6) {alert("Please enter 6 to 10000 characters for reply."); document.form1.a_answer.focus(); return false;}

return true;}

</script>
</head>
<body onload='fixem()'>

<?php
include_once"config.php";

$U=$_POST['username'];if (!isset($U)){$U=$_GET['username'];}
if (isset($U)&&preg_match("/[A-Za-z0-9_]{6,20}$/",$U)){$check_user_data = mysql_query("SELECT * FROM blogmembers WHERE username='$U'") or die(mysql_error());if(mysql_num_rows($check_user_data)==0){unset($U);}}else{unset($U);}
if (!isset($U)){echo '<script language="javascript">alert("Please login.");window.location="blog-login.php"; </script>';}

$tbl_name="blog_question";

$id=$_GET['id'];

echo "<center><div id='ti'><h2>View Topics and Replies</h2></div></center>";

$result = mysql_query("SELECT * FROM $tbl_name WHERE id='$id'") or die(mysql_error());
$rows=mysql_fetch_array($result);$open="Open";if($rows['open']=="0"){$open="Closed";}
?>
<BR>
<table class='over' width="700" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCC">
<tr>
<td><table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFF">
<tr><td class='mid'><b>Topic</b></td></tr>
<tr>
<td><b><? echo htmlentities(stripslashes($rows['topic']), ENT_QUOTES); ?></b></td>
</tr>
<tr>
<td><p>
<?php
$detail=strip_tags($rows['detail']);
$detail=htmlentities(stripslashes($detail), ENT_QUOTES);
$detail=nl2br($detail); //Enter turns into <BR />
$pattern = '/(<BR\s\/>)+/i';
$replacement = '</p><p>'; //turn any <BR />s into a </p><p> to allow indent since <p>s are css styled to indent!
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(i-\)/i';
$replacement = '<i>'; //turn any (i-)s into a <i>s to allow italics
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(ii-\)/i';
$replacement = '</i>'; //turn any (ii-)s into a </i>s to allow italics
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(b-\)/i';
$replacement = '<b>'; //turn any (b-)s into a <b>s to allow bold
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(bb-\)/i';
$replacement = '</b>'; //turn any (bb-)s into a </b>s to allow bold
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(u-\)/i';
$replacement = '<u>'; //turn any (u-)s into a <u>s to allow underline
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(uu-\)/i';
$replacement = '</u>'; //turn any (uu-)s into a </u>s to allow underline
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(p-\)\.\./i';
$replacement = '<center><br><IMG SRC="../'; //turn any (p-)s into start of image tag to allow image
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(p-\)/i';
$replacement = '<center><br><IMG SRC="'; //turn any (p-)s into start of image tag to allow image
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(pp-\)/i';
$replacement = '" BORDER=0><br><br></center>'; //turn any (pp-)s into end of image tag to allow image
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(l-\)/i';
$replacement = '<a href="http://'; //turn any (l-)s into <http:// to allow link protocol
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(ll-\)/i';
$replacement = '">'; //turn any (ll-)s into "> to allow url
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(lll-\)/i';
$replacement = '</a>'; //turn any (lll-)s into </a> to link text
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(e-\)/i';
$replacement = '<a href="mailto:'; //turn any (e-)s into <a href="mailto: to allow link protocol
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(ee-\)/i';
$replacement = '@'; //turn any (ee-)s into @ to allow email @ sign
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(eee-\)/i';
$replacement = '?subject='; //turn any (eee-)s into ?subject= to allow email subject
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(eeee-\)/i';
$replacement = '">'; //turn any (eeee-)s into "> to allow email address
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(eeeee-\)/i';
$replacement = '</a>'; //turn any (eeeee-)s into </a> to allow link text
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(v-\)/i';
$replacement = '<div style="width:580px"><br><center><object width="480" height="385"><param name="movie" value="http://www.youtube.com/v/'; //turn any (v-)s into start of video tag
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(vv-\)/i';
$replacement = '&hl=en_US&fs=1&"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/'; //middle of video tag
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(vvv-\)/i';
$replacement = '&hl=en_US&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="385"></embed></object><br><br></center></div>'; //end of video tag
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(a-\)/i';
$replacement = '<div style="width:580px"><br><center><script src="sound.js"></script><span id="a1"></span><form><input type="button" value="'; //turn any (a-)s into start of audio tag
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(aa-\)/i';
$replacement = '" onClick="sound(\''; //middle of audio tag
$detail=preg_replace($pattern, $replacement, $detail);
$pattern = '/\(aaa-\)/i';
$replacement = '\',\'a1\')"></form><br><br></center></div>'; //end of audio tag
$detail=preg_replace($pattern, $replacement, $detail);
echo $detail;

if($U<>"DIRTY_dog_DROPPINGS_"){$am_i_admin="cms-view-blog-topic.php";$thelinktext="";
$am_i_admin2="cms-view-blog-topic.php";$thelinktext2="";$am_i_admin3="cms-view-blog-topic.php";$thelinktext3="";
}else{
$thelinktext="Delete Topic";$am_i_admin="cms-delete-blog-topic.php?username=".stripslashes($U)."&id=".$id;
$thelinktext3="Open/Close Topic";$am_i_admin3="cms-open-or-close-blog-topic.php?username=".stripslashes($U)."&id=".$id;
$thelinktext2="Edit Topic";$am_i_admin2="cms-edit-blog-topic.php?username=".stripslashes($U)."&id=".$id;}

?>
</p><BR><BR></td>
</tr>
<tr>
<td><b>Category:</b> <? echo htmlentities(stripslashes($rows['category']), ENT_QUOTES); ?></td>
</tr>
<tr>
<td><b>By :</b> <? echo htmlentities(stripslashes($rows['name']), ENT_QUOTES); ?></td>
</tr>
<tr>
<td><b>Email :</b> <? if($U=="DIRTY_dog_DROPPINGS_"){echo htmlentities(stripslashes($rows['email']), ENT_QUOTES);}else{echo "(private)";} ?></td>
</tr>
<tr>
<td><b>Date/time : </b><? echo htmlentities(stripslashes($rows['datetime']), ENT_QUOTES); ?></td>
</tr>
<tr>
<td><b>Topic is: </b><? echo $open; ?></td>
</tr>
<tr><td class='mid' colspan=3><a href="<? echo $am_i_admin2; ?>"><B><? echo $thelinktext2; ?></B></a>       <a href="<? echo $am_i_admin; ?>"><B><? echo $thelinktext; ?></B></a>       <a href="<? echo $am_i_admin3; ?>"><B><? echo $thelinktext3; ?></B></a>       <a href="cms-blog.php?username=<? echo stripslashes($U); ?>"><B>Return to Blog</B></a></td></tr>
</table></td>
</tr>
</table>
<BR>
<?php
$tbl_name2="blog_answer";

$result2=mysql_query("SELECT * FROM $tbl_name2 WHERE question_id='$id' ORDER BY a_id") or die(mysql_error());
while($rows=mysql_fetch_array($result2)){
?>
<table class='over' width="700" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCC">
<tr>
<td><table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFF">
<tr><td class='mid' colspan=3><b>Reply</b></td></tr>
<tr>
<td><b>ID</b></td>
<td colspan=2><? echo htmlentities(stripslashes($rows['a_id']), ENT_QUOTES); ?></td>
</tr>
<tr>
<td width="12%"><b>Name</b></td>
<td width="88%"><? echo htmlentities(stripslashes($rows['a_name']), ENT_QUOTES); ?></td>
</tr>
<tr>
<td><b>Email</b></td>
<td colspan=2><? if($U=="DIRTY_dog_DROPPINGS_"){echo htmlentities(stripslashes($rows['a_email']), ENT_QUOTES);}else{echo "(private)";} ?></td>
</tr>
<tr>
<td valign='top'><b>Reply</b></td>
<td colspan=2><p>
<?php
$a_answer=strip_tags($rows['a_answer']);
$a_answer=htmlentities(stripslashes($a_answer), ENT_QUOTES);
$a_answer=nl2br($a_answer); //Enter turns into <BR />
$pattern = '/(<BR\s\/>)+/i';
$replacement = '</p><p>'; //turn any <BR />s into a </p><p> to allow indent since <p>s are css styled to indent!
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(i-\)/i';
$replacement = '<i>'; //turn any (i-)s into a <i>s to allow italics
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(ii-\)/i';
$replacement = '</i>'; //turn any (ii-)s into a </i>s to allow italics
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(b-\)/i';
$replacement = '<b>'; //turn any (b-)s into a <b>s to allow bold
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(bb-\)/i';
$replacement = '</b>'; //turn any (bb-)s into a </b>s to allow bold
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(u-\)/i';
$replacement = '<u>'; //turn any (u-)s into a <u>s to allow underline
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(uu-\)/i';
$replacement = '</u>'; //turn any (uu-)s into a </u>s to allow underline
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(p-\)\.\./i';
$replacement = '<center><br><IMG SRC="../'; //turn any (p-)s into start of image tag to allow image
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(p-\)/i';
$replacement = '<center><br><IMG SRC="'; //turn any (p-)s into start of image tag to allow image
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(pp-\)/i';
$replacement = '" BORDER=0><br><br></center>'; //turn any (pp-)s into end of image tag to allow image
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(l-\)/i';
$replacement = '<a href="http://'; //turn any (l-)s into <http:// to allow link protocol
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(ll-\)/i';
$replacement = '">'; //turn any (ll-)s into "> to allow url
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(lll-\)/i';
$replacement = '</a>'; //turn any (lll-)s into </a> to link text
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(e-\)/i';
$replacement = '<a href="mailto:'; //turn any (e-)s into <a href="mailto: to allow link protocol
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(ee-\)/i';
$replacement = '@'; //turn any (ee-)s into @ to allow email @ sign
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(eee-\)/i';
$replacement = '?subject='; //turn any (eee-)s into ?subject= to allow email subject
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(eeee-\)/i';
$replacement = '">'; //turn any (eeee-)s into "> to allow email address
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(eeeee-\)/i';
$replacement = '</a>'; //turn any (eeeee-)s into </a> to allow link text
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(v-\)/i';
$replacement = '<div style="width:580px"><br><center><object width="480" height="385"><param name="movie" value="http://www.youtube.com/v/'; //turn any (v-)s into start of video tag
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(vv-\)/i';
$replacement = '&hl=en_US&fs=1&"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/'; //middle of video tag
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(vvv-\)/i';
$replacement = '&hl=en_US&fs=1&" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="480" height="385"></embed></object><br><br></center></div>'; //end of video tag
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(a-\)/i';
$replacement = '<div style="width:580px"><br><center><script src="sound.js"></script><span id="a1"></span><form><input type="button" value="'; //turn any (a-)s into start of audio tag
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(aa-\)/i';
$replacement = '" onClick="sound(\''; //middle of audio tag
$a_answer=preg_replace($pattern, $replacement, $a_answer);
$pattern = '/\(aaa-\)/i';
$replacement = '\',\'a1\')"></form><br><br></center></div>'; //end of audio tag
$a_answer=preg_replace($pattern, $replacement, $a_answer);
echo $a_answer;

if($U<>"DIRTY_dog_DROPPINGS_"){$am_i_admin="cms-view-blog-topic.php";$thelinktext="";}else{$thelinktext="Delete Reply";$am_i_admin="cms-delete-blog-answer.php?username=".stripslashes($U)."&id=".$id."&aid=".stripslashes($rows['a_id']);}

?>
</p><BR><BR></td>
</tr>
<tr>
<td><b>Date/Time</b></td>
<td colspan=2><? echo htmlentities(stripslashes($rows['a_datetime']), ENT_QUOTES); ?></td>
</tr>
<tr><td class='mid' colspan=3><a href="<? echo $am_i_admin; ?>"><B><? echo $thelinktext; ?></B></a></td></tr>
</table></td>
</tr>
</table><br>

<?
}

$result3=mysql_query("SELECT view FROM $tbl_name WHERE id='$id'") or die(mysql_error());
$rows=mysql_fetch_array($result3);
$view=$rows['view'];

if(empty($view)){
$view=1;
$sql4="INSERT INTO $tbl_name(view) VALUES('$view') WHERE id='$id'";
$result4=mysql_query($sql4);
}

$addview=$view+1;
$sql5="update $tbl_name set view='$addview' WHERE id='$id'";
$result5=mysql_query($sql5);

mysql_close();

if($open=="Open"){
?>
<BR>
<table class='over' width="700" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCC">
<tr>
<form name="form1" method="post" action="cms-add-blog-answer.php" onsubmit="return check()">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFF">
<tr><td class='mid' colspan=2><b>Reply</b></td></tr>
<tr>
<td width="10%"><b>Name</b></td>
<td width="89%"><input name="a_name" type="text" id="a_name" size="65" maxlength=65> 6-20 letters, numbers or _</td>
</tr>
<tr>
<td><b>Email</b></td>
<td><input name="a_email" type="text" id="a_email" size="65" maxlength=65> legitimate email only</td>
</tr>
<tr>
<td valign="top"><b>Reply</b><input type="hidden" name="username" value=" "></td>
<td><textarea name="a_answer" cols="50" rows="3" id="a_answer" onKeyDown="textCounter(this.form.a_answer,this.form.remLen,10000);" onKeyUp="textCounter(this.form.a_answer,this.form.remLen,10000);"></textarea> 6 or more characters
<br>
<input readonly type=text name=remLen size=5 maxlength=5 value="10000"> characters left</td>
</tr>
<tr>
<td><input name="id" type="hidden" value="<? echo htmlentities(stripslashes($id), ENT_QUOTES); ?>"></td>
<td><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</td>
</form>
</tr><br><br>
<tr><td><a href="cms-blog.php?username=<? echo stripslashes($U); ?>"><B>Return to Blog—don't add reply</B> </a></td></tr>
</table>
<div class='info'>In Detail and Reply fields only, you may use single or double quotes or Enter/Return. Use Returns for new paragraphs. For italics, starting and ending tags are (i-) and (ii-). For bold, use (b-) and (bb-). Underline is (u-) and (uu-). For links, use (l-) then domain <i>without http://</i>, then (ll-) then link text, then (lll-). For emails, use (e-) then email address <i>with (ee-) instead of @</i>, then (eee-) then subject, then (eeee-) then link text, then (eeeee-). For pictures, use (p-) as start tag, then full URL path to picture, then (pp-) as end tag. If the image is wider than 580 pixels, resave it to 580. For YouTube video, use (v-) as start tag, then the letter code <I>after</I> <b>http://www.youtube.com/v/</b> and <I>before</I> <b>&hl=en_US&fs=1&</b> in your video's YouTube Embed code, then (vv-), then the same letter code again, then (vvv-) as end tag.<br><br>For audio, use (a-) as start tag, then the sound's name, then (aa-), then the sound's file name ending in .mp3 or .wav, then (aaa-) as end tag. Make sure the sound.js file is in the folder your Content Management System is in. Save the following code as sound.js:<BR><b>function sound(s,q) {document.getElementById(q).innerHTML="<embed src='"+s+"' hidden=true autostart=true loop=false>"}</div>

<script language="javascript">
var u = <?php echo json_encode($U); ?>;
u=u.replace(/\\/g,'');
document.form1.username.value=u;
</script>

<?php
}
?>

</body>
</html>