public function postPhotoComment()
{
checkUnauthorizedAccess();
$id = getIdFromURL();
checkIntValueOfId($id);
if (post('comment')) {
$photoID = $id;
$username = $_SESSION['username'];
$userid = UserRepository::getIdByUsername($_SESSION['username']);
$content = htmlentities(trim(post('comment')));
$comment = new PhotoComment();
$comment->setPhotoid($photoID);
$comment->setUserid($userid);
$comment->setContent($content);
try {
PhotoCommentRepository::postComment($comment);
echo json_encode(['comment' => parseText($comment->getContent()), 'user' => $username]);
} catch (\PDOException $e) {
$e->getMessage();
}
}
}
public static function postComment(PhotoComment $comment)
{
$db = Database::getInstance();
$query = $db->prepare('INSERT INTO photocomments (photoid,userid,content) VALUES (?, ?, ?)');
$query->execute([$comment->getPhotoid(), $comment->getUserid(), $comment->getContent()]);
}