diff --git a/add_review.php b/add_review.php
index 821c84c72a0cc31a8a26daeb2f8f5fd68638bcaf..9cb91a5b01135cac1c22bf5518343b8cf01fb16e 100644
--- a/add_review.php
+++ b/add_review.php
@@ -1,44 +1,41 @@
-<?php
-
+<?php
+session_start();
include 'components/connect.php';
+$user_id = $_SESSION['user_id'] ?? ''; // ตรวจสอบว่ามีการ login หรือไม่
+
if(isset($_GET['get_id'])){
$get_id = $_GET['get_id'];
}else{
- $get_id = '';
header('location:all_posts.php');
+ exit();
}
if(isset($_POST['submit'])){
-
if($user_id != ''){
- $id = create_unique_id();
- $title = $_POST['title'];
- $title = filter_var($title, FILTER_SANITIZE_STRING);
- $description = $_POST['description'];
- $description = filter_var($description, FILTER_SANITIZE_STRING);
- $rating = $_POST['rating'];
- $rating = filter_var($rating, FILTER_SANITIZE_STRING);
+ $title = filter_var($_POST['title'], FILTER_SANITIZE_STRING);
+ $description = filter_var($_POST['description'], FILTER_SANITIZE_STRING);
+ $rating = filter_var($_POST['rating'], FILTER_SANITIZE_STRING);
$verify_review = $conn->prepare("SELECT * FROM `reviews` WHERE post_id = ? AND user_id = ?");
$verify_review->execute([$get_id, $user_id]);
if($verify_review->rowCount() > 0){
$warning_msg[] = 'Your review already added!';
- }else{
- $add_review = $conn->prepare("INSERT INTO `reviews`(id, post_id, user_id, rating, title, description) VALUES(?,?,?,?,?,?)");
- $add_review->execute([$id, $get_id, $user_id, $rating, $title, $description]);
+ } else {
+ // ไม่ต้องระบุ id เพราะมัน AUTO_INCREMENT
+ $add_review = $conn->prepare("INSERT INTO `reviews`(post_id, user_id, rating, title, description) VALUES(?,?,?,?,?)");
+ $add_review->execute([$get_id, $user_id, $rating, $title, $description]);
$success_msg[] = 'Review added!';
}
- }else{
+ } else {
$warning_msg[] = 'Please login first!';
}
-
}
-
?>
+
<!DOCTYPE html>
<html lang="en">
<head>