-
Notifications
You must be signed in to change notification settings - Fork 3
/
reply.php
41 lines (37 loc) · 1.31 KB
/
reply.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<?php
define("TITLE", "Reply to a Topic");
include("includes/header.php");
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['body']) && isset($_POST['topic']) && !empty($_POST['body'])) {
//get user id
$query = "SELECT id FROM users WHERE username = ?";
$stmt = $dbc->prepare($query);
$stmt->bind_param("s", $u);
$stmt->execute();
$result = $stmt->get_result();
$author = $result->fetch_assoc();
//post
$query = "INSERT INTO posts (body, parent, author) VALUES (?, ?, ?)";
$stmt = $dbc->prepare($query);
$sanitized_body = htmlspecialchars($_POST['body']);
$stmt->bind_param("sss", $sanitized_body, $_POST['topic'], $author['id']);
$stmt->execute();
$result = $stmt->get_result();
print " <p>Reply posted. Click <a href=\"topic.php?id={$_POST['topic']}\">here</a> to view it.</p>\n";
}
else {
if (!isset($_GET['topic']))
print " <p>Invalid topic specified.</p>\n";
elseif (!isset($u) || !isLoggedin($u,$dbc))
print " <p>You must be logged in to reply to a topic.</p>\n";
else {
?>
<form action="reply.php" method="post" enctype="multipart/form-data">
<p><textarea name="body" cols="30" rows="5"></textarea></p>
<p><input name="" type="submit"></p>
<input name="topic" type="hidden" value="<?=$_GET['topic']?>">
</form>
<?php
}
}
include("includes/footer.php");
?>