Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if ((!empty($_POST['save'])) && ($_POST['save']=='ok')){
- $chyby='';
- $_POST['komentar']=trim($_POST['komentar']);
- if ($_POST['komentar']==''){
- $chyby.='<p>Je nutné zadat text!</p>';
- }
- if ($chyby==''){
- // nejaka obrana proti sql injection, mozna zbytecne vytvareni novych promenncyh
- $komentar = mysql_real_escape_string($_POST['komentar']);
- $komentar = htmlspecialchars($komentar);
- $sql="INSERT INTO komentare".
- "(uzivatel_id, kapela_id,komentar)".
- "VALUES ".
- "('$_SESSION[id]','$_GET[kapela]','$komentar')";
- mysql_query($sql) or die("Nelze provést". mysql_error());
- header("Location: index.php?page=home");
- exit();
- }
- }
- if(isset($_SESSION["id"])) {
- if (!empty($chyby)){
- echo '<div style="color:red;">'.$chyby.'</div>';
- }
- echo '<form action="index.php?page=komentare&kapela='. $_GET['kapela'] . '" method="post" >
- <input type="hidden" name="save" value="ok" />
- <label for="komentar">Text:</label>
- <input type="text" name="komentar" id="komentar" value="'. htmlspecialchars(@$_POST['komentar']).'" required="required" />
- <input type="submit" value="Odeslat komentář">
- </br></br>
- </form>
- ';
- }
- else {
- echo "Nemůžete komentovat pokud nejste přihlášen!";
- }
- $vysledek=mysql_query("SELECT * FROM komentare JOIN uzivatel ON (komentare.uzivatel_id = uzivatel.id_uzivatele) WHERE komentare.kapela_id = " . $_GET["kapela"]) or die (mysql_error());
- while ($zaznam = mysql_fetch_array($vysledek)):
- ?>
- <h2>
- <?php echo $zaznam["jmeno"]; ?>
- <?php echo $zaznam["prijmeni"]; ?>
- </h2>
- <p>
- <?php echo $zaznam["komentar"]; ?>
- </p>
- <?php if($zaznam['id_uzivatele'] == $_SESSION['id']): ?>
- <a href="vymazkomentar.php?id=<?php echo $zaznam["id_komentare"];?>">Vymaz me</a>
- <?php endif; ?>
- <?php
- endwhile;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement