Edit add_review.php

1f127d96 · 65160023 · 590a7455 · 1f127d96
Commit 1f127d96 authored 3 months ago by 65160023
--- a/add_review.php
+++ b/add_review.php
 <?php  
+error_reporting(E_ALL);
+ini_set('display_errors', 1);
 include 'components/connect.php';
+session_start(); // ตรวจสอบว่ามี session หรือไม่
+$user_id = $_SESSION['user_id'] ?? ''; // ตรวจสอบว่าผู้ใช้ล็อกอินหรือไม่
 if(isset($_GET['get_id'])){
   $get_id = $_GET['get_id'];
 } else {
-   $get_id = '';
   header('location:all_posts.php');
+   exit();
 }
 if(isset($_POST['submit'])){
+   if(!empty($user_id)){
-   // ตรวจสอบว่าผู้ใช้ได้เข้าสู่ระบบหรือไม่
-   if($user_id != ''){
-      // ฟังก์ชันสร้าง ID ที่ไม่ซ้ำ
      function create_unique_id(){
         return uniqid();
      }
      $id = create_unique_id();
-      $title = $_POST['title'];
+      $title = filter_var($_POST['title'], FILTER_SANITIZE_STRING);
-      $title = filter_var($title, FILTER_SANITIZE_STRING);
+      $description = filter_var($_POST['description'], FILTER_SANITIZE_STRING);
-      $description = $_POST['description'];
+      $rating = filter_var($_POST['rating'], FILTER_SANITIZE_STRING);
-      $description = filter_var($description, FILTER_SANITIZE_STRING);
-      $rating = $_POST['rating'];
-      $rating = filter_var($rating, FILTER_SANITIZE_STRING);
-      // ตรวจสอบว่ารีวิวของผู้ใช้คนนี้ได้ถูกเพิ่มไปแล้วหรือไม่
+      try {
         $verify_review = $conn->prepare("SELECT * FROM `reviews` WHERE post_id = ? AND user_id = ?");
         $verify_review->execute([$get_id, $user_id]);
         if($verify_review->rowCount() > 0){
-         // ถ้ามีรีวิวแล้วจะแสดงข้อความเตือน
            $warning_msg[] = 'Your review already added!';
         } else {
-         // ถ้าไม่มีรีวิวเพิ่มเข้าไปในฐานข้อมูล
-         try {
            $add_review = $conn->prepare("INSERT INTO `reviews`(id, post_id, user_id, rating, title, description) VALUES(?,?,?,?,?,?)");
            $add_review->execute([$id, $get_id, $user_id, $rating, $title, $description]);
            $success_msg[] = 'Review added!';
-         } catch (Exception $e) {
-            // ถ้ามีข้อผิดพลาดจะจับข้อผิดพลาดและแสดงข้อความ
-            $error_msg[] = 'Error: ' . $e->getMessage();
         }
+      } catch (PDOException $e) {
+         die("Error: " . $e->getMessage());
      }
   } else {
      $warning_msg[] = 'Please login first!';
   }
 }
 ?>
 <!DOCTYPE html>
 <html lang="en">
@@ -60,21 +50,13 @@ if(isset($_POST['submit'])){
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
   <title>add review</title>
-   <!-- custom css file link  -->
   <link rel="stylesheet" href="css/style.css">
 </head>
 <body>
-<!-- header section starts  -->
 <?php include 'components/header.php'; ?>
-<!-- header section ends -->
-<!-- add review section starts  --> 
 <section class="account-form">
   <form action="" method="post">
      <h3>post your review</h3>
      <p class="placeholder">review title <span>*</span></p>
@@ -90,20 +72,12 @@ if(isset($_POST['submit'])){
         <option value="5">5</option>
      </select>
      <input type="submit" value="submit review" name="submit" class="btn">
-      <a href="view_post.php?get_id=<?= $get_id; ?>" class="option-btn">go back</a>
+      <a href="view_post.php?get_id=<?= htmlspecialchars($get_id); ?>" class="option-btn">go back</a>
   </form>
 </section>
-<!-- add review section ends -->
-<!-- sweetalert cdn link  -->
 <script src="https://cdnjs.cloudflare.com/ajax/libs/sweetalert/2.1.2/sweetalert.min.js"></script>
-<!-- custom js file link  -->
 <script src="js/script.js"></script>
+<?php include 'components/alerts.php'; ?>
-<?php include 'components/alers.php'; ?>
 </body>
 </html>
\ No newline at end of file