$sql = "SELECT * FROM `{$dbFeedbackForms}` WHERE id='{$formid}'"; $result = mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_WARNING); } if (mysql_num_rows($result) < 1) { echo "<h2>{$strError}</h2>"; echo "<p>{$strNoFeedBackFormToCompleteHere}</p>"; echo "\n\n<!-- f: {$formid} r:{$respondent} rr:{$responseref} dh:{$decodehash} hc:{$hashcode} -->\n\n"; } else { $reqd = 0; while ($form = mysql_fetch_object($result)) { echo "<form action='feedback.php' method='post'>\n"; echo "<h2>{$form->name}</h2>\n"; echo "<p>{$strRelatingToIncident} <strong>#{$incidentid}</strong> — <strong>" . incident_title($incidentid) . "</strong><br />"; echo sprintf($strOpenedbyXonY, contact_realname(incident_contact($incidentid)), ldate($CONFIG['dateformat_date'], db_read_column('opened', $dbIncidents, $incidentid))); echo ' '; echo sprintf($strClosedOnX, ldate($CONFIG['dateformat_date'], db_read_column('closed', $dbIncidents, $incidentid))) . ".</p>"; if (!empty($_REQUEST['error'])) { echo "<p style='color: red'>{$strErrorRequiredQuestionsNotCompleted}</p>"; } echo nl2br($form->introduction); $qsql = "SELECT * FROM `{$dbFeedbackQuestions}` "; $qsql .= "WHERE formid='{$form->id}' "; $qsql .= "ORDER BY taborder ASC"; $qresult = mysql_query($qsql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_WARNING); } while ($question = mysql_fetch_object($qresult)) { if (strlen(trim($question->sectiontext)) > 3) {
/** * Creates a blank feedback form response * @param $formid int The feedback form to use * @param $incidentid int The incident to generate the form for * @return int The form ID */ function create_incident_feedback($formid, $incidentid) { global $dbFeedbackRespondents; $contactid = incident_contact($incidentid); $email = contact_email($contactid); $sql = "INSERT INTO `{$dbFeedbackRespondents}` (formid, contactid, email, incidentid) VALUES ("; $sql .= "'" . mysql_real_escape_string($formid) . "', "; $sql .= "'" . mysql_real_escape_string($contactid) . "', "; $sql .= "'" . mysql_real_escape_string($email) . "', "; $sql .= "'" . mysql_real_escape_string($incidentid) . "') "; mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Error: " . mysql_error(), E_USER_ERROR); } $blankformid = mysql_insert_id(); return $blankformid; }