-
Notifications
You must be signed in to change notification settings - Fork 0
/
review.php
28 lines (24 loc) · 959 Bytes
/
review.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
<?php
include "includes/sessioncheck.php";
include_once "includes/database.php";
$productId = mysqlidb::escape($_POST['productid']);
if (mysqlidb::checkRecordExists("SELECT * FROM product WHERE ProductId=$productId")) {
$userId = $_SESSION["userid"];
$reviewRating = mysqlidb::escape($_POST["review-rating"]);
$reviewTitle = mysqlidb::escape($_POST["review-title"]);
$reviewBody = mysqlidb::escape($_POST["review-body"]);
if (empty($reviewRating) || empty($reviewTitle) || empty($reviewBody)) {
die(header("Location: error.php?error=review"));
}
if (mysqlidb::query(
"INSERT INTO review
(`ProductId`, `UserId`, `ReviewTitle`, `ReviewRating`, `ReviewComment`)
VALUES
($productId,$userId,'$reviewTitle',$reviewRating,'$reviewBody')")) {
die(header("Location: item.php?id=$productId"));
} else {
die(header("Location: error.php?error=review"));
}
} else {
die(header("Location: error.php?error=review"));
}