throw new Exception('Invalid Title. Please resubmit.'); } $body = $_POST['alterComment']; # CKEDITOR escapes it's own input data // // Sanitize - Comment // $body = trim(filter_input(INPUT_POST, 'alterComment', FILTER_SANITIZE_STRING)); // if (!$body) { // throw new Exception('Invalid Comment. Please resubmit.'); // } // Get the ID of the comment to edit and then clear the session value $comment = $_SESSION['editComment']; unset($_SESSION['editComment']); // Create a 'Comment' object and set the username for the post $commentObject = new Comment($comment['comm_ID'], $title, $body, time(), $user->id); // Update the comment in the DB. Do not have to recount comments for editing GuestBook::editComment($commentObject); // Provide the user a message $_SESSION['userMessage'] = "Your comment has been edited!"; // User has chosen a comment to edit and clicked on submit } else { $comm_ID = $_POST['userComment']; $_SESSION['editComment'] = GuestBook::getComment($comm_ID); } header('HTTP/1.1 302 Redirect'); header('Location: ' . INDEX_REDIRECT); } catch (Exception $e) { // Store error message in the session to view on the index page $_SESSION['errorMessage'] = $e->getMessage(); header('HTTP/1.1 302 Redirect'); header('Location: ' . INDEX_REDIRECT); }