Web/TP/TPSecurite/comment_create.php

51 lines
1.5 KiB
PHP
Raw Permalink Normal View History

2023-05-25 11:50:30 +02:00
<?php
require_once 'lib/common.php';
session_start();
$db = initDatabase();
if (empty($_REQUEST['id_article'])) {
header('Location: article_list.php');
exit();
}
if (!empty($_GET['title']) && !empty($_GET['content'])) {
$title = $_GET['title'];
$content = $_GET['content'];
if (empty($_GET['id_comment'])) { // nouveau ou modif ?
$sql = "INSERT INTO comment (id_article, title, content, id_user) "
."VALUES (".$_GET['id_article'].", '$title', '$content', ".$_SESSION['user']['id'].")";
} else {
$sql = "UPDATE comment SET title='$title', content='$content', id_user=". $_SESSION['user']['id']
." WHERE id = " . $_GET['id_comment'];
}
if (mysqli_query($db,$sql)) {
header('Location: article_view.php?id=' . $_GET['id_article']);
exit();
} else {
die("Erreur : $sql");
}
}
?>
<?php
include './templates/header.php';
?>
<body container>
<h1>Ajouter/modifier un commentaire</h1>
<form action="" method="get">
<fieldset>
<?php if (!empty($_REQUEST['id_comment'])) {
echo '<input name="id_comment" type="hidden" value="' . $_REQUEST['id_comment'] ."\" />\n";
} ?>
<input name="id_article" type="hidden" value="<?php echo $_REQUEST['id_article']; ?>" />
<div><label> Titre <input name="title" type="text" value="" size="60" /></label></div>
<div> <label> Texte <textarea name="content" cols="60" rows="6"></textarea></label></div>
<button type="submit" name="ok" value="1">Ajouter ce commentaire</button>
</fieldset>
</form>
<?php
include './templates/footer.php';
?>
</body>
</html>