$container['account_id'] = $album_id; forward($container); exit; } $db = new SmrMySqlDatabase(); if (!isset($_GET['comment']) || empty($_GET['comment'])) { create_error_offline('Please enter a comment.'); } else { $comment = $_GET['comment']; } // get current time $curr_time = TIME; $comment = word_filter($comment); $account->sendMessageToBox(BOX_ALBUM_COMMENTS, $comment); // check if we have comments for this album already $db->lockTable('album_has_comments'); $db->query('SELECT MAX(comment_id) FROM album_has_comments WHERE album_id = ' . $db->escapeNumber($album_id)); if ($db->nextRecord()) { $comment_id = $db->getField('MAX(comment_id)') + 1; } else { $comment_id = 1; } $db->query('INSERT INTO album_has_comments (album_id, comment_id, time, post_id, msg) VALUES (' . $db->escapeNumber($album_id) . ', ' . $db->escapeNumber($comment_id) . ', ' . $db->escapeNumber($curr_time) . ', ' . $db->escapeNumber($account->getAccountID()) . ', ' . $db->escapeString($comment) . ')'); $db->unlock(); header('Location: ' . URL . '/album/?' . get_album_nick($album_id)); exit; } catch (Exception $e) { handleException($e); }