-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcomment_post.php
124 lines (101 loc) · 3.88 KB
/
comment_post.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
<?php
/*******w********
Name: John Kelvin A. Valerio
Date: 03/13/23
Description: Project
****************/
require('connect.php');
session_start();
if (
$_POST
) {
if (isset($_POST['submit'])) {
if (
isset($_POST['name']) && !empty($_POST['name']) && isset($_POST['comment']) && !empty($_POST['comment'])
) {
// Sanitize user input to escape HTML entities and filter out dangerous characters.
$name = filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRIPPED);
if (isset($_SESSION['user_id'])) {
$user_id = $_SESSION['user_id'];
} else {
$user_id = 0;
}
$comment = filter_input(INPUT_POST, 'comment', FILTER_SANITIZE_STRIPPED);
$post_id = $_POST['post_id'];
$visibility = 1;
// Build the parameterized SQL query and bind to the above sanitized values.
$query = "INSERT INTO comments (user_id, post_id, comment,date_created,name, visibility) VALUES (:user_id, :post_id, :comment, NOW(),:name, :visibility)";
$statement = $db->prepare($query);
// Bind values to the parameters
$statement->bindValue(":user_id", $user_id);
$statement->bindValue(":post_id", $post_id);
$statement->bindValue(":comment", $comment);
$statement->bindValue(":name", $name);
$statement->bindValue(":visibility", $visibility);
if ($statement->execute()) {
header("Location: display.php?id=$post_id");
}
} else {
echo ('Comment Failed please complete all the required fields.');
exit;
}
} else if (isset($_POST['visibility'])) {
$comment_id = $_POST['comment_id'];
$post_id = $_POST['post_id'];
$oldVisibility = $_POST['visibility_id'];
echo("OV: $oldVisibility ");
if($oldVisibility === '1'){
echo("line58:");
$newVisibility = 0;
}else{
$newVisibility = 1;
echo("line62:");
}
// Build the parameterized SQL query and bind to the above sanitized values.";
$query = "DELETE FROM comments WHERE comment_id = :comment_id";
$query = "UPDATE comments SET visibility = :visibility WHERE comment_id = :comment_id";
$statement = $db->prepare($query);
// Bind values to the parameters
$statement->bindParam(":visibility", $newVisibility);
$statement->bindParam(":comment_id", $comment_id);
// Execute the DELETE.
if ($statement->execute()) {
header("Location: display.php?id=$post_id");
}
} else if (isset($_POST['delete'])) {
echo ($_POST['comment_id']);
$comment_id = $_POST['comment_id'];
$post_id = $_POST['post_id'];
echo ("Testing commentId: $comment_id");
// Build the parameterized SQL query and bind to the above sanitized values.";
$query = "DELETE FROM comments WHERE comment_id = :comment_id";
$statement = $db->prepare($query);
// Bind values to the parameters
$statement->bindParam(":comment_id", $comment_id);
// Execute the DELETE.
if ($statement->execute()) {
header("Location: display.php?id=$post_id");
}
}
} else {
$errorMessage = "The tweet message or title is empty";
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="main.css">
<title>My Drip Post!</title>
</head>
<body>
<!-- Remember that alternative syntax is good and html inside php is bad -->
<?php if (!empty($errorMessage)): ?>
<h1>
<?= $errorMessage ?>
</h1>
<?php endif ?>
</body>
</html>