30 lines
808 B
PHP
Executable File
30 lines
808 B
PHP
Executable File
<?php
|
|
|
|
// this is the script that actually submits the comment into the db
|
|
|
|
session_start();
|
|
include('config.php');
|
|
|
|
// Create connection
|
|
$conn = new mysqli($servername, $username, $password, $dbname);
|
|
// Check connection
|
|
if ($conn->connect_error) {
|
|
die("Connection failed: " . $conn->connect_error);
|
|
}
|
|
|
|
if ($_POST['comment'] == "") {
|
|
die('Empty');
|
|
}
|
|
|
|
$sql = "INSERT INTO comments (commenter, postid, comment)
|
|
VALUES ('". htmlspecialchars($_SESSION['name'], ENT_QUOTES). "', '". htmlspecialchars($_GET['postid']) ."', '".substr(htmlspecialchars($_POST['comment']), 0, 150)."')";
|
|
|
|
if ($conn->query($sql) === TRUE) {
|
|
header('Location: comments.php?postid='.htmlspecialchars($_GET['postid']));
|
|
} else {
|
|
echo "Error: " . $sql . "<br>" . $conn->error;
|
|
}
|
|
|
|
$conn->close();
|
|
|
|
?>
|