Show sourcecode

The following files exists in this folder. Click to view.

Foogler_blog/pages

PAuthor.php
PCommentProcess.php
PDeleteCommentProcess.php
PDeletePost.php
PDeletePostProcess.php
PEditPost.php
PEditPostProcess.php
PErDiagramme.php
PIndex.php
PInstall.php
PInstallProcess.php
PNewPost.php
PNewPostProcess.php
PRssFeed.php
PShowPost.php
PStatistics.php
PValidate.php
login/

PCommentProcess.php

67 lines ASCII Windows (CRLF)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
<?php
//--------------------------
// PCommentProcess.php
//
// Handles process for adding comment to post
//--------------------------

//--------------------------
//Handles POST variables
$postId = isset($_POST['post']) ? $_POST['post'] : '';
$signature  = isset($_POST['signature']) ? $_POST['signature'] : '';
$title = isset($_POST['title']) ? $_POST['title'] : '';
$commentText  = isset($_POST['commentText']) ? $_POST['commentText'] : '';

//--------------------------
//Make sure input is OK
//--------------------------
//Checks that a correct (-ish) e-mail has been entered
if(isset($_POST['email']) && strpos($_POST['email'], '@')) {
  $email $_POST['email'];
  
} else {
  //Sets error message and returns to post page
  $redirect  "post&id={$postId}&error=Invalid e-mail entered#comment";
  header('Location: ' WS_SITELINK "?p={$redirect}");
  exit;  
}

//--------------------------
//DB stuff
$mysqli = new mysqli(DB_HOSTDB_USERDB_PASSWORDDB_DATABASE); //New DB object

if (mysqli_connect_error()) {
   echo "Connect failed: ".mysqli_connect_error()."<br>";
   exit();
}
$mysqli->set_charset("utf8");

//Prevent SQL injections
$signature       $mysqli->real_escape_string($signature);
$email     $mysqli->real_escape_string($email);
$title      $mysqli->real_escape_string($title);
$commentText     $mysqli->real_escape_string($commentText);
$postId     $mysqli->real_escape_string($postId);

//--------------------------
//SQL query
$tableComment DB_PREFIX 'Comment';

$query = <<<END
--
-- Inserts new comment into DB
--
INSERT INTO {$tableComment} (commTitle, commText, commDate, commSignature, commEmail, Comment_idPost)
VALUES ('{$title}', '{$commentText}', NOW(), '{$signature}', '{$email}', '{$postId}');
END;

$res $mysqli->query($query) or die("Could not query database" $mysqli->errno " : " $mysqli->error); //Performs query
$mysqli->close(); //Closes DB connection

//---------------------
//Redirects to post page
require_once(TP_SOURCEPATH 'CHTMLPage.php');

header("Location:" WS_SITELINK "?p=post&id=" $postId "#comment");
exit;