/**
* Retrieves a GET value after sanitizing it
* @param id, The name of the GET value to retrieve.
* @param keephtml, Disables the HTML part of the sanitization (not reccomended).
*/
public static function GetArgumentSafely($id, $keephtml = false)
{
$return = EMPTYSTRING;
if (Value::SetAndNotEmpty($_GET, $id)) {
$return = _string::Sanitize($_GET[$id], $keephtml);
}
return $return;
}
public static function Insert($message, $recipe, $id = EMPTYSTRING)
{
$result = false;
if (Site::HasHttps() && Login::IsLoggedIn()) {
if (Value::SetAndNotEmpty($message) && Value::SetAndNotNull($recipe)) {
$path = 'R=' . $recipe;
if ($id != EMPTYSTRING) {
if ($stmt = Database::GetLink()->prepare('SELECT `comment_path` FROM `Comment` WHERE `comment_path` LIKE ?;')) {
$stmt->bindParam(1, $path, PDO::PARAM_STR, 255);
$stmt->execute();
$stmt->bindColumn(1, $result);
$stmt->fetch();
$stmt->closeCursor();
if ($result != null && _string::StartsWith($result, $path)) {
$path = $result . '>' . $id;
} else {
$path = null;
}
}
}
if ($path != null) {
$userid = Login::GetId();
$timestamp = time();
if ($stmt = Database::GetLink()->prepare('INSERT INTO `Comment` (`user_id`, `comment_path`, `comment_contents`, `sent_at`) VALUES (?, ?, ?, ?);')) {
$stmt->bindParam(1, $userid, PDO::PARAM_INT);
$stmt->bindParam(2, $path, PDO::PARAM_STR, 255);
$stmt->bindParam(3, $message, PDO::PARAM_STR, 255);
$stmt->bindParam(4, $timestamp, PDO::PARAM_INT);
$stmt->execute();
$stmt->closeCursor();
}
}
}
}
return $result;
}
