header("Location: create_event.php?errorMsg=" . urlencode($image_type_error));
return '';
break;
}
// if(validateInput($title_match,$_POST['title']))
//if(validateInput($text_match,$_POST['description'])==false) { header("Location: create_event.php?errorMsg=".urlencode($invalid_description_error)); return '';}
//input seems valid
sleep(1);
//avoid upload spamming
//create new data - - - - - - - - - - - - - - - - - - - - - - - - -
$clean_title = cleanUserTextTags($_POST['title']);
if (validateInput($title_match, $_POST['title']) === false) {
header("Location: create_event.php?errorMsg=" . urlencode($invalid_title_error));
return '';
}
$clean_description = cleanUserTextTags($_POST['description']);
$public = 0;
if (isset($_POST['public'])) {
$public = 1;
}
$dbh = new PDO('sqlite:database.db');
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//insert new event
$stmt = $dbh->prepare("INSERT INTO events VALUES(NULL, ?,?,?,?,?,?,?)");
$stmt->execute(array($_SESSION['login_user'], $_POST['types'], $current_datetime, $event_date, $clean_title, $clean_description, $public));
$event_id = $dbh->lastInsertId();
//insert new image
$stmt = $dbh->prepare("INSERT INTO images VALUES(NULL, ?,?,?)");
$stmt->execute(array($file_extension, $_SESSION['login_user'], $event_id));
//get new image id (is it ok?)
<?php
include "header.php";
include "getInputSafe.php";
if (isset($_SESSION['login_user']) && isset($_GET['comment']) && isset($_SESSION['display_event_id'])) {
$com = cleanUserTextTags(trim($_GET['comment']));
if ($com != "") {
// Current datetime
$current_datetime = date("Y-m-d H:i:s");
// Database connection
$dbh = new PDO('sqlite:database.db');
$dbh->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// Insert Comment
$stmt = $dbh->prepare("INSERT INTO comments VALUES (null, ?, ?, ?,?)");
$stmt->execute(array($_SESSION['login_user'], $_SESSION['display_event_id'], $current_datetime, $com));
echo json_encode("OK");
} else {
echo json_encode("EMPTYCOMMENT");
}
} else {
echo json_encode("INVALID");
}
