<?php // require header for db connections $include_mysqli = true; require_once "_resources/header.inc.php"; if (!empty($_SESSION["user_key"])) { $user_key = $_SESSION["user_key"]; if (valid_positive_integer(@$_GET["content_key"])) { $content_key = $_GET["content_key"]; if (!empty($_GET["vote_value"])) { $vote_value = $_GET["vote_value"]; if ($vote_value == -2 || $vote_value == -1 || $vote_value == 1) { // BEGIN validation wrapper // call the sql precedue to do the voting $sql = "CALL create_vote(?,?,?)"; if (!($stmt = $mysqli_connection->prepare($sql))) { echo "Prepare failed: (" . $mysqli_connection->errno . ") " . $mysqli_connection->error; } else { $stmt->bind_param('iii', $user_key, $content_key, $vote_value); if (!$stmt->execute()) { echo "Execute failed: (" . $stmt->errno . ") "; } else { $stmt->store_result(); $stmt->bind_result($response); $stmt->fetch(); echo "{$response}"; } } // END validation wrapper } else { echo "ERROR: invalid vote value!";
<?php $include_mysqli = true; require_once "_resources/header.inc.php"; if (valid_positive_integer(@$_POST["parent_content_key"])) { $parent_content_key = "{$_POST['parent_content_key']}"; } else { $parent_content_key = NULL; } if (!empty($_SESSION["user_key"])) { $user_key = $_SESSION["user_key"]; } if (!empty($_POST["content_value"])) { $content_value = htmlentities($_POST["content_value"]); } if (empty($_POST["content_title"])) { $content_title = NULL; } else { $content_title = htmlentities($_POST["content_title"]); } if (!empty($user_key) && !empty($content_value) && !empty($mysqli_connected)) { $stmt = $mysqli_connection->prepare("CALL create_content(?,?,?,?)") or die($mysqli_connection->error); $stmt->bind_param('iiss', $user_key, $parent_content_key, $content_title, $content_value); $stmt->execute(); $stmt->store_result(); // get variables from result. $stmt->bind_result($new_content_key); $stmt->fetch(); $stmt->close(); echo "<script>window.location = '?content_key={$new_content_key}'</script>"; } else {