placement TPSecu

TP/TPSecurite/comment_create.php

@@ -0,0 +1,50 @@
+<?php
+require_once 'lib/common.php';
+session_start();
+
+$db = initDatabase();
+
+if (empty($_REQUEST['id_article'])) {
+	header('Location: article_list.php');
+	exit();
+}
+if (!empty($_GET['title']) && !empty($_GET['content'])) {
+	$title = $_GET['title'];
+	$content = $_GET['content'];
+	if (empty($_GET['id_comment'])) { // nouveau ou modif ?
+		$sql = "INSERT INTO comment (id_article, title, content, id_user) "
+			."VALUES (".$_GET['id_article'].", '$title', '$content', ".$_SESSION['user']['id'].")";
+	} else {
+		$sql = "UPDATE comment SET title='$title', content='$content', id_user=". $_SESSION['user']['id']
+			." WHERE id = " . $_GET['id_comment'];
+	}
+	if (mysqli_query($db,$sql)) {
+		header('Location: article_view.php?id=' . $_GET['id_article']);
+		exit();
+	} else {
+		die("Erreur  : $sql");
+	}
+}
+?>
+<?php
+include './templates/header.php';
+?>
+<body container>
+
+<h1>Ajouter/modifier un commentaire</h1>
+<form action="" method="get">
+<fieldset>
+<?php if (!empty($_REQUEST['id_comment'])) {
+echo '<input name="id_comment" type="hidden" value="' . $_REQUEST['id_comment'] ."\" />\n";
+} ?>
+		<input name="id_article" type="hidden" value="<?php echo $_REQUEST['id_article']; ?>" />
+<div><label>        Titre  <input name="title" type="text" value="" size="60" /></label></div>
+<div> <label>       Texte  <textarea name="content" cols="60" rows="6"></textarea></label></div>
+		<button type="submit" name="ok" value="1">Ajouter ce commentaire</button>
+</fieldset>
+</form>
+<?php
+	include './templates/footer.php';
+?>
+</body>
+</html>