diff --git a/add_review.php b/add_review.php
index bce9f75dcb252812a40510426a6852455b3f1f10..b89e01cd91812bad0b3e9693582b55090133298f 100644
--- a/add_review.php
+++ b/add_review.php
@@ -1,57 +1,47 @@
-<?php
+<?php
+error_reporting(E_ALL);
+ini_set('display_errors', 1);
include 'components/connect.php';
+session_start(); // ตรวจสอบว่ามี session หรือไม่
+$user_id = $_SESSION['user_id'] ?? ''; // ตรวจสอบว่าผู้ใช้ล็อกอินหรือไม่
if(isset($_GET['get_id'])){
$get_id = $_GET['get_id'];
-}else{
- $get_id = '';
+} else {
header('location:all_posts.php');
+ exit();
}
if(isset($_POST['submit'])){
-
- // ตรวจสอบว่าผู้ใช้ได้เข้าสู่ระบบหรือไม่
- if($user_id != ''){
-
- // ฟังก์ชันสร้าง ID ที่ไม่ซ้ำ
+ if(!empty($user_id)){
function create_unique_id(){
return uniqid();
}
-
+
$id = create_unique_id();
- $title = $_POST['title'];
- $title = filter_var($title, FILTER_SANITIZE_STRING);
- $description = $_POST['description'];
- $description = filter_var($description, FILTER_SANITIZE_STRING);
- $rating = $_POST['rating'];
- $rating = filter_var($rating, FILTER_SANITIZE_STRING);
-
- // ตรวจสอบว่ารีวิวของผู้ใช้คนนี้ได้ถูกเพิ่มไปแล้วหรือไม่
- $verify_review = $conn->prepare("SELECT * FROM `reviews` WHERE post_id = ? AND user_id = ?");
- $verify_review->execute([$get_id, $user_id]);
-
- if($verify_review->rowCount() > 0){
- // ถ้ามีรีวิวแล้วจะแสดงข้อความเตือน
- $warning_msg[] = 'Your review already added!';
- }else{
- // ถ้าไม่มีรีวิวเพิ่มเข้าไปในฐานข้อมูล
- try {
+ $title = filter_var($_POST['title'], FILTER_SANITIZE_STRING);
+ $description = filter_var($_POST['description'], FILTER_SANITIZE_STRING);
+ $rating = filter_var($_POST['rating'], FILTER_SANITIZE_STRING);
+
+ try {
+ $verify_review = $conn->prepare("SELECT * FROM `reviews` WHERE post_id = ? AND user_id = ?");
+ $verify_review->execute([$get_id, $user_id]);
+
+ if($verify_review->rowCount() > 0){
+ $warning_msg[] = 'Your review already added!';
+ } else {
$add_review = $conn->prepare("INSERT INTO `reviews`(id, post_id, user_id, rating, title, description) VALUES(?,?,?,?,?,?)");
$add_review->execute([$id, $get_id, $user_id, $rating, $title, $description]);
$success_msg[] = 'Review added!';
- } catch (Exception $e) {
- // ถ้ามีข้อผิดพลาดจะจับข้อผิดพลาดและแสดงข้อความ
- $error_msg[] = 'Error: ' . $e->getMessage();
}
+ } catch (PDOException $e) {
+ die("Error: " . $e->getMessage());
}
-
- }else{
+ } else {
$warning_msg[] = 'Please login first!';
}
-
}
-
?>
<!DOCTYPE html>
<html lang="en">
@@ -60,21 +50,13 @@ if(isset($_POST['submit'])){
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>add review</title>
-
- <!-- custom css file link -->
<link rel="stylesheet" href="css/style.css">
-
</head>
<body>
-
-<!-- header section starts -->
-<?php include 'components/header.php'; ?>
-<!-- header section ends -->
-<!-- add review section starts -->
+<?php include 'components/header.php'; ?>
<section class="account-form">
-
<form action="" method="post">
<h3>post your review</h3>
<p class="placeholder">review title <span>*</span></p>
@@ -90,20 +72,12 @@ if(isset($_POST['submit'])){
<option value="5">5</option>
</select>
<input type="submit" value="submit review" name="submit" class="btn">
- <a href="view_post.php?get_id=<?= $get_id; ?>" class="option-btn">go back</a>
+ <a href="view_post.php?get_id=<?= htmlspecialchars($get_id); ?>" class="option-btn">go back</a>
</form>
-
</section>
-<!-- add review section ends -->
-
-<!-- sweetalert cdn link -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/sweetalert/2.1.2/sweetalert.min.js"></script>
-
-<!-- custom js file link -->
<script src="js/script.js"></script>
-
-<?php include 'components/alers.php'; ?>
-
+<?php include 'components/alerts.php'; ?>
</body>
-</html>
+</html>
\ No newline at end of file