/
reply.php
56 lines (51 loc) · 1.39 KB
/
reply.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
<?php
session_start();
include 'core/connect.php';
include 'nav.php';
include 'Controllers/class.TopicController.inc';
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
//someone is calling the file directly, which we don't want
//echo 'This file cannot be called directly.';
header("Location: index.php");
}
else
{
//check for sign in status
if(!$_SESSION['signed_in'])
{
echo 'You must be signed in to post a reply.';
}
else
{
//a real user posted a real reply
$sql = "INSERT INTO
posts(post_content,
post_date,
post_topic,
post_by)
VALUES ('" . $_POST['reply-content'] . "',
NOW(),
" . mysql_real_escape_string($_GET['id']) . ",
" . $_SESSION['user_id'] . ")";
$result = mysql_query($sql);
if(!$result)
{
echo 'Your reply has not been saved, please try again later.';
}
else
{
$id = $_GET['id'];
$o = new TopicController($id);
$c = $o->getReplyCount() + 1;
// now update reply
//echo $c;
$sql ="UPDATE topics SET reply_count='$c' WHERE topic_id = '$id'";
// $sql = "UPDATE reply_count='$c' FROM topics WHERE topic_id = '$id'";
mysql_query($sql);
header("Location: topic.php?id=" . htmlentities($_GET['id']));
echo 'Your reply has been saved, check out <a href="topic.php?id=' . htmlentities($_GET['id']) . '">the topic</a>.';
}
}
}
?>