prepare("SELECT UUID()"); $stmt->execute(); $result = $stmt->fetch(PDO::FETCH_ASSOC); $uuid = $result["UUID()"]; // Prepare the statemtnt $stmt = $conn->prepare("INSERT INTO blogpost_comments ( comment_id, parent_id, blogpost_id, poster_id, content) VALUES (:comment_id, :parent_id, :blogpost_id, :poster_id, :content);"); // Bind all the parameters $stmt->bindValue(":comment_id", $uuid, PDO::PARAM_STR); $stmt->bindValue(":parent_id", $parentId == "NULL" ? NULL : $parentId, PDO::PARAM_STR); $stmt->bindValue(":blogpost_id", $blogId, PDO::PARAM_STR); $stmt->bindValue(":poster_id", $posterId == "NULL" ? NULL : $posterId, PDO::PARAM_STR); $stmt->bindValue(":content", $content, PDO::PARAM_STR); // Execute the statement $stmt->execute(); return $uuid; } // If request is not POST, show request info. if(strcmp($_SERVER["REQUEST_METHOD"], "POST") != 0) { display_header("Post Comment"); printf("

Post Comment

Request this page with POST supplying following arguments:

Argument	Comment
referer	URL, from which this page was requested, after adding the comment into the database, the page will redirect back to the referer.
blogpost_id	GUID of the blogpost, under which the comment was posted.
content	Content of the comment.
parent_id (optional)	GUID of the parent comment of the comment to be posted.

Note: takes the SESSION variable \"current_user\" into account, if set.

"); include_once($COMMONS."/footer.php"); die(); } // Check DB connection if($conn == null){ header($_SERVER["SERVER_PROTOCOL"]." 503 Service Unavailable", true, 503); include_once($_SERVER["DOCUMENT_ROOT"]."/errors/503.php"); die(); } // If one of the needed parameters isn't set, show 400 if(! (isset($_POST["referer"]) && isset($_POST["blogpost_id"]) && isset($_POST["content"]))) { header($_SERVER["SERVER_PROTOCOL"]." 400: Bad Request", true, 400); include_once($_SERVER["DOCUMENT_ROOT"]."/errors/400.php"); die; } // Get the input arguments $referer = sanitize_input($_POST["referer"]); $blogpost_id = sanitize_input($_POST["blogpost_id"]); $content = sanitize_input($_POST["content"]); $parent_id = isset($_POST["parent_id"]) ? sanitize_input($_POST["parent_id"]) : "NULL"; $poster_id = isset($_SESSION["current_user"]) ? sanitize_input($_SESSION["current_user"]->user_id) : "NULL"; // Send the comment to the database $commentId = send_comment($conn, $blogpost_id, $poster_id, $content, $parent_id); // Get the address of the blogpost $blogAddress = get_blogpost_address($conn, $blogpost_id); // Try to open the file to which to render the blogpost. if (!($fp = fopen("article/".$blogAddress.".php", 'w'))) { header($_SERVER["SERVER_PROTOCOL"]." 500 Could not open file for writing", true, 505); include_once($_SERVER["DOCUMENT_ROOT"]."/errors/500.php"); die(); } // Attempt to regenerate the blogpost $blogRendered = generate_article($conn, $fp, $blogpost_id); // Redirect back to the referrer. header("Location: ".$referer."#comment-".$commentId); ?>