40 lines
865 B
PHP
40 lines
865 B
PHP
<?php
|
|
//reply.php
|
|
include 'connect.php';
|
|
include 'header.php';
|
|
|
|
if($_SERVER['REQUEST_METHOD'] != 'POST')
|
|
{
|
|
//someone is calling the file directly, which we don't want
|
|
echo 'This file cannot be called directly.';
|
|
}
|
|
else
|
|
{
|
|
//check for sign in status
|
|
if(!$_SESSION['signedIn'])
|
|
{
|
|
echo 'You must be signed in to post a reply.';
|
|
}
|
|
else
|
|
{
|
|
//a real user posted a real reply
|
|
$sql = "INSERT INTO posts(postContent, postDate, postTopic, postBy)
|
|
VALUES (?, NOW(), ?, ?)";
|
|
|
|
$stmt = $conn->prepare($sql);
|
|
$stmt->bind_param('sii', $_POST['replyContent'], $_GET['id'], $_SESSION['userNo']);
|
|
|
|
if(!$stmt->execute())
|
|
{
|
|
echo 'Your reply has not been saved, please try again later.';
|
|
}
|
|
else
|
|
{
|
|
echo 'Your reply has been saved, check out <a href="topic.php?id=' . htmlentities($_GET['id']) . '">the topic</a>.';
|
|
}
|
|
}
|
|
}
|
|
|
|
include 'footer.php';
|
|
?>
|