* * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. */ ?> <table width=100%><tr><td><div class="subheading">Add Review/Comment</div></td></tr> <tr><td><div class="bodytext"> <form action="mapcollectionaddcomment.php" method="post"> Please enter your comment below<br> <table> <tr><td class="bodytext" valign="top">Rating:</td><td class="bodytext"> <?php if (mcHasCommented($md->getId(), $userdata['user_id']) == true) { echo "Sorry you can only add one rating."; } else { echo "<select name='rating'>"; $count = 1; while ($count < 11) { echo "<option value='{$count}'>{$count}</option>"; $count++; } echo "</select>"; } ?> </td></tr> <tr><td class="bodytext" valign="top">Comments:</td><td><textarea name='comment' rows=5 cols=40></textarea></td></tr> </table><br> <input type="submit" value="Submit review"><input type="hidden" name="id" value="<?php
<?php require "../php/header.php"; $id = stripslashes($HTTP_POST_VARS['id']); $comment = stripslashes($HTTP_POST_VARS['comment']); $rating = stripslashes($HTTP_POST_VARS['rating']); if (isset($HTTP_POST_VARS['id']) && isset($HTTP_POST_VARS['comment']) && $userdata['session_logged_in'] == true && $id != "") { $comment = trim($comment); $len = strlen($comment); if (mcMapExist($id) == true && $len > 0) { $pid = $userdata['user_id']; $comment = mysql_escape_string($comment); $commented = mcHasCommented($pid); $md = mcGetMapDetails($id); if ($commented == true || $rating < 1 || $rating > 10) { $sqlRating = 0; } else { $sqlRating = "'" . mysql_escape_string($rating) . "'"; } $sqlId = mysql_escape_string($id); $sql = "insert into map_comment (mc_mapid, mc_pid, mc_rating, mc_comment) values ('{$sqlId}', '{$pid}', {$sqlRating}, '{$comment}')"; mysql_query($sql); mcCalculateRating($id); } else { if ($len == 0) { $error = "You must enter a comment"; } else { $error = "Map does not exist any more"; } } } else {