function NextbacklogID()
{
    global $DBConn;
    $today = date_create(Date("Y-m-d"));
    $today = date_format($today, 'Y-m-d');
    $isql = "INSERT INTO iteration SET Points_Object_ID=" . NextPointsObject() . ", Project_ID=0, Start_Date='" . $today . "', End_Date='2299-12-31'," . " Comment_Object_ID=" . NextIterationCommentObject() . ", iteration.Name = 'Backlog'";
    mysqli_query($DBConn, $isql);
    $rand = mysqli_insert_id($DBConn);
    return $rand;
}
</script>

<script>
$(document).ready(function(){


});
</script>
<?php 
$showForm = true;
if (isset($_POST['saveUpdate'])) {
    if (empty($_REQUEST['IID'])) {
        $sql_method = 'INSERT INTO';
        $button_name = 'Add';
        $whereClause = '';
        $Insertsql = ', Points_Object_ID = ' . NextPointsObject() . ',Comment_Object_ID= ' . NextIterationCommentObject() . ' ';
    } else {
        $sql_method = 'UPDATE';
        $button_name = 'Save';
        $whereClause = 'WHERE ID = ' . ($_REQUEST['IID'] + 0);
    }
    if (mysqli_query($DBConn, "{$sql_method} iteration SET\n\t\t\tProject_ID = '" . $_REQUEST['PID'] . "',\n\t\t\tLocked = '" . $_REQUEST['Locked'] . "',\n\t\t\tName = '" . htmlentities($_REQUEST['Name'], ENT_QUOTES) . "',\n\t\t\tObjective = '" . mysqli_real_escape_string($DBConn, $_REQUEST['Objective']) . "',\n\t\t\tStart_Date = '" . $_REQUEST['Start_Date'] . "',\n\t\t\tEnd_Date = '" . $_REQUEST['End_Date'] . "' {$Insertsql} {$whereClause}")) {
        $showForm = false;
        header('Location:iteration_List.php?PID=' . $_REQUEST['PID']);
    } else {
        $error = 'The form failed to process correctly.' . mysqli_error();
    }
}
if (!empty($error)) {
    echo '<div class="error">' . $error . '</div>';
}
<?php

require_once 'include/dbconfig.inc.php';
require_once 'include/common.php';
$user_details = check_user($_SESSION['user_identifier']);
if (!$user_details) {
    exit;
}
$comment_text = mysqli_real_escape_string($DBConn, $_REQUEST['comment_text']);
if ($_REQUEST['Type'] == "s") {
    $q = "INSERT INTO comment (Parent_ID, User_Name, Story_AID, Comment_Text) VALUES (" . $_REQUEST['Parent_ID'] . ", '" . $_REQUEST[User_Name] . "', " . $_REQUEST['Story_AID'] . ", '" . $comment_text . "' )";
    auditit($_REQUEST['PID'], $_REQUEST['Story_AID'], $_SESSION['Email'], 'Added Comment', '', $_REQUEST['comment_text']);
} else {
    if ($_REQUEST['Story_AID'] == 0) {
        $icoid = NextIterationCommentObject();
        // so get the next comment object id
        $q = 'Update Iteration set Comment_Object_ID=' . $icoid . ' where ID=' . $_REQUEST['Iteration_ID'];
        // and set it
        $row = mysqli_query($DBConn, $q);
    } else {
        $icoid = $_REQUEST['Story_AID'];
    }
    $q = "INSERT INTO comment (Parent_ID, User_Name, Comment_Object_ID, Comment_Text) VALUES (" . $_REQUEST['Parent_ID'] . ", '" . $_REQUEST[User_Name] . "', " . $icoid . ", '" . $comment_text . "' )";
    auditit($_REQUEST['PID'], 0, $_SESSION['Email'], 'Added Iteration Comment', '', $_REQUEST['comment_text']);
}
$row = mysqli_query($DBConn, $q);
$id = mysqli_insert_id($DBConn);
if (mysqli_affected_rows($DBConn) == 1) {
    $r = mysqli_query($DBConn, 'select * from comment where ID =' . $id);
    $row = mysqli_fetch_assoc($r);
    GetComments($row, $_REQUEST['replyid'], $_REQUEST['Type']);