SaeDEV2.2/php/créer_commentaire.php

85 lines
3.0 KiB
PHP

<?php
require_once 'common.php';
session_start();
$db = initDatabase();
if (empty($_REQUEST['id_event'])) {
header('Location: evenement.php');
exit();
}
if (!empty($_GET['content'])) {
$content = htmlspecialchars($_GET['content'], ENT_QUOTES, 'UTF-8');
$id_event = intval($_GET['id_event']); // Ensure id_event is an integer
$login = $_SESSION['login']; // Assuming login is a string
if (empty($_GET['id_comment'])) { // new comment
// Use prepared statements for security
$recupid = mysqli_query($db, "SELECT MAX(id_comment) AS max_id FROM commentaire");
$row = mysqli_fetch_assoc($recupid);
$id = $row['max_id'] + 1;
$stmt = $db->prepare("INSERT INTO commentaire (id_comment, id_event, login, contenu) VALUES ($id,?, ?, ?)");
$stmt->bind_param('iss', $id_event, $login, $content);
} else { // update existing comment
$id_comment = intval($_GET['id_comment']); // Ensure id_comment is an integer
$stmt = $db->prepare("UPDATE commentaire SET contenu = ?, login = ? WHERE id_comment = ?");
$stmt->bind_param('ssi', $content, $login, $id_comment);
}
if ($stmt->execute()) {
header('Location: event.php?id=' . $id_event);
exit();
} else {
// Output SQL error for debugging
echo "Error: " . $stmt->error;
}
$stmt->close();
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<link rel="icon" href="../img/jo2024.jpg">
<link rel="stylesheet" href="../css/style.css">
<title>Évènements - Jeux Olympiques</title>
</head>
<body>
<header>
<h1 class='Hello'>Évènement</h1>
<nav>
<?php
if (isset($_SESSION['login'])) {
echo "<a href='../' class='categorie'>Page d'accueil</a>";
echo "<a href='profil.php'><img class='profil' src='https://dwarves.iut-fbleau.fr/~ghouar-t/SaeDEV2.2/img/photo-profil.png' alt='profil'></a>";
echo "<a href='deconnexion.php' class='categorie'>Déconnexion</a>";
} else {
echo "<a href='../' class='categorie'>Page d'accueil</a>";
echo "<a href='connexion.php' class='categorie'>Connexion</a>";
echo "<a href='inscription.php' class='categorie'>Inscription</a>";
}
?>
</nav>
</header>
<div class="commentaire">
<u><i><h1>Ajouter/modifier un commentaire</h1></i></u>
<form action="" method="get">
<?php if (!empty($_GET['id_comment'])): ?>
<input name="id_comment" type="hidden" value="<?php echo htmlspecialchars($_GET['id_comment'], ENT_QUOTES, 'UTF-8'); ?>" />
<?php endif; ?>
<input name="id_event" type="hidden" value="<?php echo htmlspecialchars($_GET['id_event'], ENT_QUOTES, 'UTF-8'); ?>" />
<label>Commentaire<textarea name="content" cols="50" rows="6"></textarea></label>
<button type="submit" name="ok" value="1">Ajouter ce commentaire</button>
</form>
</div>
<footer>
<?php include 'footer.php'; ?>
</footer>
</body>
</html>