-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcommentform.php
58 lines (53 loc) · 2.1 KB
/
commentform.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
<!-- delete or add comment form handler + edit comment form-->
<!DOCTYPE html>
<html lang="en">
<head>
<link href="fotoapp.css" rel="stylesheet">
<?php
require('nav.php');
require('db.php');
?>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Edit Comment</title>
</head>
<body>
<?php
session_start();
//post id = pid
$pid = $_POST['postid'];
if($_POST['submit']!='Edit')
{
if($_POST['submit']=='Comment')
{
$_POST['comment'] = addslashes($_POST['comment']);
$sql = "INSERT INTO `post_comment`(`Post`, `Comment`, `Comment_User`)
VALUES ('".$_POST['postid']."','".$_POST['comment']."','".$_SESSION['username']."')";
$result = $conn->query($sql);
}
elseif($_POST['submit']=='Delete')
{
$sql = "DELETE FROM `post_comment`
WHERE `Comment_User` like '".$_POST['comment_user']."'
and `Comment` like '".$_POST['comment']."'
and `Time` like '".$_POST['time']."'
and `Post` = '".$pid."'";
$result = $conn->query($sql);
}
header("Location: ./comment.php?postid=".$pid);
exit();
}
else{
echo "<form action='./commentedit.php' method = 'POST'>
<input type='hidden' name='comment_user' value='".$_POST['comment_user']."'>
<input type='hidden' name='comment' value='".$_POST['comment']."'>
<input type='hidden' name='postid' value='".$pid."'>
<input type='hidden' name='time' value='".$_POST['time']."'>
<input type='text' name='new' placeholder='New comment' value= ''>
<input type='submit' id='submit' name='submit' value='Edit'>
</form>";
}
?>
</body>
</html>