header("Location: create_event.php?errorMsg=" . urlencode($image_type_error)); return ''; break; } // if(validateInput($title_match,$_POST['title'])) //if(validateInput($text_match,$_POST['description'])==false) { header("Location: create_event.php?errorMsg=".urlencode($invalid_description_error)); return '';} //input seems valid sleep(1); //avoid upload spamming //create new data - - - - - - - - - - - - - - - - - - - - - - - - - $clean_title = cleanUserTextTags($_POST['title']); if (validateInput($title_match, $_POST['title']) === false) { header("Location: create_event.php?errorMsg=" . urlencode($invalid_title_error)); return ''; } $clean_description = cleanUserTextTags($_POST['description']); $public = 0; if (isset($_POST['public'])) { $public = 1; } $dbh = new PDO('sqlite:database.db'); $dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); //insert new event $stmt = $dbh->prepare("INSERT INTO events VALUES(NULL, ?,?,?,?,?,?,?)"); $stmt->execute(array($_SESSION['login_user'], $_POST['types'], $current_datetime, $event_date, $clean_title, $clean_description, $public)); $event_id = $dbh->lastInsertId(); //insert new image $stmt = $dbh->prepare("INSERT INTO images VALUES(NULL, ?,?,?)"); $stmt->execute(array($file_extension, $_SESSION['login_user'], $event_id)); //get new image id (is it ok?)
<?php include "header.php"; include "getInputSafe.php"; if (isset($_SESSION['login_user']) && isset($_GET['comment']) && isset($_SESSION['display_event_id'])) { $com = cleanUserTextTags(trim($_GET['comment'])); if ($com != "") { // Current datetime $current_datetime = date("Y-m-d H:i:s"); // Database connection $dbh = new PDO('sqlite:database.db'); $dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // Insert Comment $stmt = $dbh->prepare("INSERT INTO comments VALUES (null, ?, ?, ?,?)"); $stmt->execute(array($_SESSION['login_user'], $_SESSION['display_event_id'], $current_datetime, $com)); echo json_encode("OK"); } else { echo json_encode("EMPTYCOMMENT"); } } else { echo json_encode("INVALID"); }