function NextbacklogID()
{
global $DBConn;
$today = date_create(Date("Y-m-d"));
$today = date_format($today, 'Y-m-d');
$isql = "INSERT INTO iteration SET Points_Object_ID=" . NextPointsObject() . ", Project_ID=0, Start_Date='" . $today . "', End_Date='2299-12-31'," . " Comment_Object_ID=" . NextIterationCommentObject() . ", iteration.Name = 'Backlog'";
mysqli_query($DBConn, $isql);
$rand = mysqli_insert_id($DBConn);
return $rand;
}
</script>
<script>
$(document).ready(function(){
});
</script>
<?php
$showForm = true;
if (isset($_POST['saveUpdate'])) {
if (empty($_REQUEST['IID'])) {
$sql_method = 'INSERT INTO';
$button_name = 'Add';
$whereClause = '';
$Insertsql = ', Points_Object_ID = ' . NextPointsObject() . ',Comment_Object_ID= ' . NextIterationCommentObject() . ' ';
} else {
$sql_method = 'UPDATE';
$button_name = 'Save';
$whereClause = 'WHERE ID = ' . ($_REQUEST['IID'] + 0);
}
if (mysqli_query($DBConn, "{$sql_method} iteration SET\n\t\t\tProject_ID = '" . $_REQUEST['PID'] . "',\n\t\t\tLocked = '" . $_REQUEST['Locked'] . "',\n\t\t\tName = '" . htmlentities($_REQUEST['Name'], ENT_QUOTES) . "',\n\t\t\tObjective = '" . mysqli_real_escape_string($DBConn, $_REQUEST['Objective']) . "',\n\t\t\tStart_Date = '" . $_REQUEST['Start_Date'] . "',\n\t\t\tEnd_Date = '" . $_REQUEST['End_Date'] . "' {$Insertsql} {$whereClause}")) {
$showForm = false;
header('Location:iteration_List.php?PID=' . $_REQUEST['PID']);
} else {
$error = 'The form failed to process correctly.' . mysqli_error();
}
}
if (!empty($error)) {
echo '<div class="error">' . $error . '</div>';
}
<?php
require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
exit;
}
$comment_text = mysqli_real_escape_string($DBConn, $_REQUEST['comment_text']);
if ($_REQUEST['Type'] == "s") {
$q = "INSERT INTO comment (Parent_ID, User_Name, Story_AID, Comment_Text) VALUES (" . $_REQUEST['Parent_ID'] . ", '" . $_REQUEST[User_Name] . "', " . $_REQUEST['Story_AID'] . ", '" . $comment_text . "' )";
auditit($_REQUEST['PID'], $_REQUEST['Story_AID'], $_SESSION['Email'], 'Added Comment', '', $_REQUEST['comment_text']);
} else {
if ($_REQUEST['Story_AID'] == 0) {
$icoid = NextIterationCommentObject();
// so get the next comment object id
$q = 'Update Iteration set Comment_Object_ID=' . $icoid . ' where ID=' . $_REQUEST['Iteration_ID'];
// and set it
$row = mysqli_query($DBConn, $q);
} else {
$icoid = $_REQUEST['Story_AID'];
}
$q = "INSERT INTO comment (Parent_ID, User_Name, Comment_Object_ID, Comment_Text) VALUES (" . $_REQUEST['Parent_ID'] . ", '" . $_REQUEST[User_Name] . "', " . $icoid . ", '" . $comment_text . "' )";
auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Added Iteration Comment', '', $_REQUEST['comment_text']);
}
$row = mysqli_query($DBConn, $q);
$id = mysqli_insert_id($DBConn);
if (mysqli_affected_rows($DBConn) == 1) {
$r = mysqli_query($DBConn, 'select * from comment where ID =' . $id);
$row = mysqli_fetch_assoc($r);
GetComments($row, $_REQUEST['replyid'], $_REQUEST['Type']);