-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathadd_comment_script.php
More file actions
51 lines (49 loc) · 1.36 KB
/
Copy pathadd_comment_script.php
File metadata and controls
51 lines (49 loc) · 1.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
<?php
//checking the data entered for invalid data
$acess=0;
if (isset($head) && !empty($head))
{
$acess=1;
}
if (isset($comment) && !empty($comment))
{
$acess=1;
}
//echo "$head & <br/>$comment"; //for testing only
$mysql_query_run=$connection->query("SELECT DISTINCT `comment` FROM `comments` WHERE `bookid`='$bid'");
while ($rows=$mysql_query_run->fetch_array())
{
$com=$rows[0];
if($com==$comment)
{
$acess=0;
echo "Please Don't copy someones comment<br/>";
}
}
//neutralizing the data
if ($acess==1)
{
$head=htmlentities($head);
$comment=htmlentities($comment);
$date=date('Y-m-d H:i:s'); //to get the current system date time.
// php insertion code
$sql = "INSERT INTO `comments` (`cid`, `userid`, `bookid`, `cheadding`, `comment`, `date`) VALUES (NULL, '$uid', '$bid', '$head', '$comment', '$date');";
include_once "user/core.inc.php"; //to get database acess
$mysql_query_run=$connection->query($sql); //data adding query
if(!$mysql_query_run)
{
// error occurs
echo "<br>Error writing data".@mysqli_error($connection);
}
else
{ //sucess in adding the data.
echo "Thank you for your comment";
//header('location: $current_file'); //to refresh current page.
}
}
else
{
echo "<br/>Some error has occur.<br> Please check the values. Might be some field left out.";
include 'add_comment_form.php';
}
?>