85 lines
3.0 KiB
PHP
85 lines
3.0 KiB
PHP
<?php
|
|
require_once 'common.php';
|
|
session_start();
|
|
|
|
$db = initDatabase();
|
|
|
|
if (empty($_REQUEST['id_event'])) {
|
|
header('Location: evenement.php');
|
|
exit();
|
|
}
|
|
|
|
if (!empty($_GET['content'])) {
|
|
$content = htmlspecialchars($_GET['content'], ENT_QUOTES, 'UTF-8');
|
|
$id_event = intval($_GET['id_event']); // Ensure id_event is an integer
|
|
$login = $_SESSION['login']; // Assuming login is a string
|
|
|
|
if (empty($_GET['id_comment'])) { // new comment
|
|
// Use prepared statements for security
|
|
$recupid = mysqli_query($db, "SELECT MAX(id_comment) AS max_id FROM commentaire");
|
|
$row = mysqli_fetch_assoc($recupid);
|
|
$id = $row['max_id'] + 1;
|
|
$stmt = $db->prepare("INSERT INTO commentaire (id_comment, id_event, login, contenu) VALUES ($id,?, ?, ?)");
|
|
$stmt->bind_param('iss', $id_event, $login, $content);
|
|
} else { // update existing comment
|
|
$id_comment = intval($_GET['id_comment']); // Ensure id_comment is an integer
|
|
$stmt = $db->prepare("UPDATE commentaire SET contenu = ?, login = ? WHERE id_comment = ?");
|
|
$stmt->bind_param('ssi', $content, $login, $id_comment);
|
|
}
|
|
|
|
if ($stmt->execute()) {
|
|
header('Location: event.php?id=' . $id_event);
|
|
exit();
|
|
} else {
|
|
// Output SQL error for debugging
|
|
echo "Error: " . $stmt->error;
|
|
}
|
|
$stmt->close();
|
|
}
|
|
?>
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<link rel="icon" href="../img/jo2024.jpg">
|
|
<link rel="stylesheet" href="../css/style.css">
|
|
<title>Évènements - Jeux Olympiques</title>
|
|
</head>
|
|
<body>
|
|
<header>
|
|
<h1 class='Hello'>Évènement</h1>
|
|
<nav>
|
|
<?php
|
|
if (isset($_SESSION['login'])) {
|
|
echo "<a href='../' class='categorie'>Page d'accueil</a>";
|
|
echo "<a href='profil.php'><img class='profil' src='https://dwarves.iut-fbleau.fr/~ghouar-t/SaeDEV2.2/img/photo-profil.png' alt='profil'></a>";
|
|
echo "<a href='deconnexion.php' class='categorie'>Déconnexion</a>";
|
|
} else {
|
|
echo "<a href='../' class='categorie'>Page d'accueil</a>";
|
|
echo "<a href='connexion.php' class='categorie'>Connexion</a>";
|
|
echo "<a href='inscription.php' class='categorie'>Inscription</a>";
|
|
}
|
|
?>
|
|
</nav>
|
|
</header>
|
|
<div class="commentaire">
|
|
|
|
<u><i><h1>Ajouter/modifier un commentaire</h1></i></u>
|
|
<form action="" method="get">
|
|
|
|
<?php if (!empty($_GET['id_comment'])): ?>
|
|
<input name="id_comment" type="hidden" value="<?php echo htmlspecialchars($_GET['id_comment'], ENT_QUOTES, 'UTF-8'); ?>" />
|
|
<?php endif; ?>
|
|
<input name="id_event" type="hidden" value="<?php echo htmlspecialchars($_GET['id_event'], ENT_QUOTES, 'UTF-8'); ?>" />
|
|
|
|
<label>Commentaire<textarea name="content" cols="50" rows="6"></textarea></label>
|
|
<button type="submit" name="ok" value="1">Ajouter ce commentaire</button>
|
|
|
|
</form>
|
|
</div>
|
|
<footer>
|
|
<?php include 'footer.php'; ?>
|
|
</footer>
|
|
</body>
|
|
</html>
|