-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaddComment.php
More file actions
75 lines (58 loc) · 2.57 KB
/
addComment.php
File metadata and controls
75 lines (58 loc) · 2.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
<?php
session_start();
if (!isset($_GET["postID"])) {
echo "<script type='text/javascript'>alert('post not specified');</script>";
header("Location: homepage.php");
die();
} else if (!isset($_SESSION["currentUser"])) {
echo "<script type='text/javascript'>alert('Log in to post comment');</script>";
header("Location: login.php");
die();
}
?>
<html>
<head>
<link rel="stylesheet" href="css/form.css">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="css/bodyMain.css">
</head>
<body>
<div class="bodyMain">
<?php
$db = mysqli_connect('localhost', 'root', '') or die('Unable to connect. Check your connection parameters.');
mysqli_select_db($db, 'projectSite') or die(mysqli_error($db));
$postID = $_GET['postID'];
$query = "SELECT * FROM threadpost WHERE id =$postID ;";
$result = mysqli_query($db, $query) or die(mysqli_error($db));
$postData = mysqli_fetch_assoc($result);
$postOpenerID = $postData["authorID"];
echo " <script>console.log('postID : , openerID = ')</script>";
$query = "SELECT username FROM student WHERE student.id = '$postOpenerID'";
$result = mysqli_query($db, $query) or die(mysqli_error($db));
$postOpener = mysqli_fetch_assoc($result)["username"];
echo "<h3>Write what you want to say to $postOpener!</h3>"; ?>
<form action="" method="post" id="commentForm">
<div class="formBox">
<label for="body"></label>
<input type="textarea" name="body" required>
<input type="submit" value="Post Comment!">
</div>
</form>
</div>
</body>
</html>
<?php
if ($_SERVER["REQUEST_METHOD"] == 'POST') {
$db = mysqli_connect('localhost', 'root', '') or die('Unable to connect. Check your connection parameters.');
mysqli_select_db($db, 'projectSite') or die(mysqli_error($db));
$authorID = $_SESSION["currentUser"];
$body = $_POST["body"];
$insertPostQuery = "INSERT INTO comment (postID, authorID, body) VALUES ('$postID', '$authorID', '$body')";
$result = mysqli_query($db, $insertPostQuery) or die(mysqli_error($db));
//find original project with groupID
$findOriginalProjectQuery = "SELECT id FROM project WHERE id = (SELECT groupID FROM threadpost WHERE id = $postID)";
$result = mysqli_query($db, $findOriginalProjectQuery) or die(mysqli_error($db));
$projectID = mysqli_fetch_assoc($result)["id"];
header("Location: projectThread.php?projectID=$projectID");
die();
} ?>