function database_addPost($content, $author, $thread)
{
$threadData = database_getThread($thread);
$row = mysqli_fetch_assoc($threadData);
$forum = mysqli_fetch_assoc(database_getForum($row["thread_forum"]));
if (!things_checkLevel($forum["forum_reply_level"])) {
return database_SQL_ERROR;
}
if ($forum["forum_escape_html"]) {
$content = htmlspecialchars($content);
}
$sql = "INSERT INTO posts(post_content,post_date,post_author,post_thread)\n\t\t\tVALUES('" . mysqli_real_escape_string($GLOBALS["con"], $content) . "',\n\t\t\t\t NOW(),\n\t\t\t\t " . $author . ",\n\t\t\t\t\t" . $thread . ")";
$result = mysqli_query($GLOBALS["con"], $sql);
if ($result) {
return database_SUCCESS;
} else {
return database_SQL_ERROR;
}
}
<?php
include_once "connect.php";
include_once "structure.php";
include_once "database.php";
include_once "things.php";
$thread = database_getThread($_GET["thread_id"]);
$row = mysqli_fetch_assoc($thread);
structure_insertHeader($row["thread_subject"], true);
$forum = mysqli_fetch_assoc(database_getForum($row["thread_forum"]));
if (!things_checkLevel($forum["forum_view_level"], true)) {
die("you must be at least level " . $row["forum_view_level"] . " to be allowed here :)");
}
?>
<div>
<?php
echo "<a href='viewForum.php?forum_id=" . $row["thread_forum"] . "'>Return to forum overview</a>";
?>
<table>
<?php
$posts = database_getPosts($_GET["thread_id"]);
while ($row = mysqli_fetch_assoc($posts)) {
echo "<tr><td class='avatar'>";
echo "<a href='viewUser.php?user_id=" . $row["post_author"] . "'>" . database_getUsername($row["post_author"]) . "</a>";
echo "<br />" . $row["post_date"];
echo "</td><td>";
echo "<p>" . $row["post_content"] . "</p>";
echo "</td></tr>";