function database_addThread($subject, $content, $author, $forum)
{
$forumData = mysqli_fetch_assoc(database_getForum($forum));
if (!things_checkLevel($forumData["forum_post_level"])) {
return database_SQL_ERROR;
}
$subject = htmlspecialchars($subject);
if ($forumData["forum_escape_html"]) {
$content = htmlspecialchars($content);
}
$sql = "INSERT INTO threads(thread_subject,thread_date,thread_author,thread_forum)\n\t\t\tVALUES('" . mysqli_real_escape_string($GLOBALS["con"], $subject) . "',\n\t\t\t\t NOW(),\n\t\t\t\t " . $author . ",\n\t\t\t\t\t" . $forum . ")";
$result = mysqli_query($GLOBALS["con"], $sql);
if (!$result) {
return database_SQL_ERROR;
}
$sql = "SELECT * FROM threads ORDER BY thread_id DESC LIMIT 1";
$result = mysqli_query($GLOBALS["con"], $sql);
$threadData = mysqli_fetch_assoc($result);
database_addPost($content, $author, $threadData["thread_id"]);
if ($result) {
return database_SUCCESS;
} else {
return database_SQL_ERROR;
}
}
<?php
include_once "connect.php";
include_once "structure.php";
include_once "database.php";
include_once "things.php";
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
database_addPost($_POST["post_content"], $_SESSION["user_id"], $_GET["thread_id"]);
}
structure_insertHeader("post added", true);
?>
<div>
post added.
<p>
<?php
echo "<a href=viewThread.php?thread_id=" . $_GET["thread_id"] . ">return</a>";
?>
</p>
</div>
<?php
structure_insertFooter();