<?php
include_once 'database.php';
$sug = get_suggestion();
?>
<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<h3>Suggestions</h3>
<hr/>
<?php
foreach ($sug as $g) {
?>
<div><?php
echo $g['message'];
?>
</div>
<hr/>
<?php
}
?>
</body>
</html>
<?php
require('lib/db_info.php');
require('authentication.php');
//require('mysqlnd_polyfill.php');
//make switch case to do get, post, delete from $_GET array
$action = $_GET['action'];
switch($action)
{
case 'get_suggestion': get_suggestion(); break;
case 'post_suggestion': post_suggestion(); break;
case 'edit_suggestion': edit_suggestion(); break;
case 'delete_suggestion': delete_suggestion(); break;
default: break;
}
//get_suggestion();
function get_suggestion(){
global $conn;
//sanatize tho
$table_name = $_GET['tableName'];
$suggestion_id = $_GET['id'];
//make sure the table being requested in the right table name and not something like an injection command
$accepted_tables = get_tables();
if(in_array($table_name, $accepted_tables)){
$table_name = htmlspecialchars($table_name);
