<?phpinclude('connection.php');include('restrict-login.php');if(isset($_

1. <?php
2. include('connection.php');
3. include('restrict-login.php');
4.  
5. if(isset($_POST['comments'])) {
6.  
7. $query = $dbh->prepare('INSERT into comments (user, report, body) VALUES (?, ?, ?)');
8. $query->execute(array($_SESSION['id'], $_POST['report'], $_POST['body']));
9.  
10. } elseif(isset($_GET['id'])) {
11.  
12. $query = $dbh->prepare('SELECT * FROM reports WHERE id = ?');
13. $qyuery->execute(array($_GET['id']));
14. $report = $query->fetchAll();
15.  
16. if(!$report) die('Report not found!');
17.  
18. $report = $report[0];
19.  
20. $query = $dbh->prepare('SELECT * FROM comments where report = ?');
21. $query->execute(array($_GET['id']));
22. $comments = $query->fetchAll();
23.  
24. ?><!DOCTYPE html>
25. <html>
26. <head>
27. <title>reports</title>
28. </head>
29. <body>
30. <div>
31. <?php echo $report['user'], $report['doctor'], $report['timestamp'], $report['speciality'], $report['appointment'], $report['treatment']; ?>
32. </div>
33. <h2>Comments</h2>
34. <?php foreach($comments as $row) { ?>
35. <div>
36. <?php echo $row['user'], $row['report'], $row['body'], $row['timestamp'] ?>
37. </div>
38. <?php } ?>
39. <form action="" method="POST">
40. <textarea name="body"></textarea>
41. <input type="hidden" name="report" value="<?php echo $report['id']; ?>">
42. <input type="submit"></input>
43. </form>
44. </body>
45. </html>
46. <?php } ?>