Edit add_review.php

9cb16792 · 65160023 · ef5639b3 · 9cb16792
Commit 9cb16792 authored 4 months ago by 65160023
--- a/add_review.php
+++ b/add_review.php
@@ -17,19 +17,11 @@ if(isset($_GET['get_id'])){
   exit();
 }

-// ตรวจสอบว่าฟังก์ชัน create_unique_id() มีอยู่จริงหรือไม่
-if (!function_exists('create_unique_id')) {
-    function create_unique_id() {
-        return uniqid();
-    }
-}
-
 // ตรวจสอบว่ามีการส่งแบบฟอร์มหรือไม่
 if(isset($_POST['submit'])) {
-    $id = create_unique_id();
-    $title = filter_var($_POST['title'], FILTER_SANITIZE_STRING);
-    $description = filter_var($_POST['description'], FILTER_SANITIZE_STRING);
-    $rating = filter_var($_POST['rating'], FILTER_SANITIZE_STRING);
+    $title = htmlspecialchars($_POST['title']);
+    $description = htmlspecialchars($_POST['description']);
+    $rating = htmlspecialchars($_POST['rating']);

    // ตรวจสอบว่าตาราง reviews มีอยู่หรือไม่
    $check_table = $conn->query("SHOW TABLES LIKE 'reviews'");
@@ -44,8 +36,9 @@ if(isset($_POST['submit'])) {
    if ($verify_review->rowCount() > 0) {
        $warning_msg[] = 'Your review already added!';
    } else {
-        $add_review = $conn->prepare("INSERT INTO `reviews` (id, post_id, user_id, rating, title, description) VALUES (?, ?, ?, ?, ?, ?)");
-        $add_review->execute([$id, $get_id, $user_id, $rating, $title, $description]);
+        // แทรกข้อมูลโดยไม่ต้องส่ง id เนื่องจากฐานข้อมูลจัดการให้
+        $add_review = $conn->prepare("INSERT INTO `reviews` (post_id, user_id, rating, title, description) VALUES (?, ?, ?, ?, ?)");
+        $add_review->execute([$get_id, $user_id, $rating, $title, $description]);
        $success_msg[] = 'Review added!';
    }
 }