break;
}
if ($result->rowCount() != 1) {
//Fail 2
$URL .= "&postReturn=fail2";
header("Location: {$URL}");
} else {
$row = $result->fetch();
//INSERT
$replyTo = $_POST["replyTo"];
if ($_POST["replyTo"] == "") {
$replyTo = NULL;
}
//Attempt to prevent XSS attack
$comment = $_POST["comment"];
$comment = tinymceStyleStripTags($comment, $connection2);
try {
$dataInsert = array("gibbonPlannerEntryID" => $gibbonPlannerEntryID, "gibbonPersonID" => $_SESSION[$guid]["gibbonPersonID"], "comment" => $comment, "replyTo" => $replyTo);
$sqlInsert = "INSERT INTO gibbonPlannerEntryDiscuss SET gibbonPlannerEntryID=:gibbonPlannerEntryID, gibbonPersonID=:gibbonPersonID, comment=:comment, gibbonPlannerEntryDiscussIDReplyTo=:replyTo";
$resultInsert = $connection2->prepare($sqlInsert);
$resultInsert->execute($dataInsert);
} catch (PDOException $e) {
//Fail2
$URL .= "&postReturn=fail2";
header("Location: {$URL}");
break;
}
//Work out who we are replying too
$replyToID = NULL;
$dataClassGroup = array("gibbonPlannerEntryDiscussID" => $replyTo);
$sqlClassGroup = "SELECT * FROM gibbonPlannerEntryDiscuss WHERE gibbonPlannerEntryDiscussID=:gibbonPlannerEntryDiscussID";
$URL .= "&updateReturn=fail2";
header("Location: {$URL}");
break;
}
if ($result->rowCount() != 1) {
//Fail 2
$URL .= "&updateReturn=fail2";
header("Location: {$URL}");
} else {
//Get variables
$homework = $_POST["homework"];
if ($_POST["homework"] == "Yes") {
$homework = "Y";
//Attempt to prevent XSS attack
$homeworkDetails = $_POST["homeworkDetails"];
$homeworkDetails = tinymceStyleStripTags($homeworkDetails, $connection2);
if ($_POST["homeworkDueDateTime"] != "") {
$homeworkDueDateTime = $_POST["homeworkDueDateTime"] . ":59";
} else {
$homeworkDueDateTime = "21:00:00";
}
if ($_POST["homeworkDueDate"] != "") {
$homeworkDueDate = dateConvert($guid, $_POST["homeworkDueDate"]) . " " . $homeworkDueDateTime;
}
} else {
$homework = "N";
$homeworkDueDate = NULL;
$homeworkDetails = "";
}
if ($homework == "N") {
//IF HOMEWORK NO, DELETE ANY RECORDS