public static function getCommentIDsFromAddon($aid, $offset = 0, $limit = 15, $sort = 0) { $cacheString = serialize(["aid" => $aid, "offset" => $offset, "limit" => $limit, "sort" => $sort]); $database = new DatabaseManager(); CommentManager::verifyTable($database); $query = "SELECT * FROM `addon_comments` WHERE `aid` = '" . $database->sanitize($aid) . "' ORDER BY "; switch ($sort) { case CommentManager::$SORTDATEASC: $query .= "`timestamp` ASC"; break; case CommentManager::$SORTDATEDESC: $query .= "`timestamp` DESC"; break; default: $query .= "`timestamp` ASC"; } $query .= " LIMIT " . $database->sanitize($offset) . ", " . $database->sanitize($limit); $resource = $database->query($query); if (!$resource) { throw new Exception("Database error: " . $database->error()); } $addonComments = []; while ($row = $resource->fetch_object()) { $addonComments[] = CommentManager::getFromID($row->id, $row)->getID(); } $resource->close(); return $addonComments; }
<?php if (!isset($_GET['id'])) { return []; } require_once realpath(dirname(__DIR__) . "/class/CommentManager.php"); $aid = $_GET['id'] + 0; //force it to be a number $commentIDs = CommentManager::getCommentIDsFromAddon($aid); $comments = []; foreach ($commentIDs as $cid) { $comments[] = CommentManager::getFromID($cid); } return $comments; // require_once(realpath(dirname(__DIR__) . "/private/class/DatabaseManager.php")); // $database = new DatabaseManager(); // // //the "and `verified` = 1 can be deleted if we decide to force blid database entries to be unique // $result = $database->query("SELECT * FROM `addon_comments` WHERE `blid` = '" . $database->sanitize($_GET['blid']) . "' AND `verified` = 1"); // // if(!$result) { // echo("Database error: " . $database->error()); // } else { // if($result->num_rows == 0) { // echo("<tr style=\"vertical-align:top\">"); // echo("<td colspan=\"2\" style=\"text-align: center;\">"); // echo("There are no comments here yet."); // echo("</td></tr>"); // } else { // require_once(realpath(dirname(__DIR__) . "/private/class/UserHandler.php")); //