From 9e20ea7ade227354611a3927f2e9bee5a23fc98b Mon Sep 17 00:00:00 2001
From: 65160023 <65160023@go.buu.ac.th>
Date: Tue, 25 Mar 2025 11:54:59 +0000
Subject: [PATCH] Edit add_review.php
---
add_review.php | 76 +++++++++++++++++++++++++++++---------------------
1 file changed, 44 insertions(+), 32 deletions(-)
diff --git a/add_review.php b/add_review.php
index cb452f3..821c84c 100644
--- a/add_review.php
+++ b/add_review.php
@@ -1,47 +1,43 @@
-<?php
-error_reporting(E_ALL);
-ini_set('display_errors', 1);
+<?php
include 'components/connect.php';
-session_start(); // ตรวจสอบว่ามี session หรือไม่
-$user_id = $_SESSION['user_id'] ?? ''; // ตรวจสอบว่าผู้ใช้ล็อกอินหรือไม่
if(isset($_GET['get_id'])){
$get_id = $_GET['get_id'];
-} else {
+}else{
+ $get_id = '';
header('location:all_posts.php');
- exit();
}
if(isset($_POST['submit'])){
- if(!empty($user_id)){
- function create_unique_id(){
- return uniqid();
- }
-
+
+ if($user_id != ''){
+
$id = create_unique_id();
- $title = filter_var($_POST['title'], FILTER_SANITIZE_STRING);
- $description = filter_var($_POST['description'], FILTER_SANITIZE_STRING);
- $rating = filter_var($_POST['rating'], FILTER_SANITIZE_STRING);
-
- try {
- $verify_review = $conn->prepare("SELECT * FROM `reviews` WHERE post_id = ? AND user_id = ?");
- $verify_review->execute([$get_id, $user_id]);
-
- if($verify_review->rowCount() > 0){
- $warning_msg[] = 'Your review already added!';
- } else {
- $add_review = $conn->prepare("INSERT INTO `reviews`(id, post_id, user_id, rating, title, description) VALUES(?,?,?,?,?,?)");
- $add_review->execute([$id, $get_id, $user_id, $rating, $title, $description]);
- $success_msg[] = 'Review added!';
- }
- } catch (PDOException $e) {
- die("Error: " . $e->getMessage());
+ $title = $_POST['title'];
+ $title = filter_var($title, FILTER_SANITIZE_STRING);
+ $description = $_POST['description'];
+ $description = filter_var($description, FILTER_SANITIZE_STRING);
+ $rating = $_POST['rating'];
+ $rating = filter_var($rating, FILTER_SANITIZE_STRING);
+
+ $verify_review = $conn->prepare("SELECT * FROM `reviews` WHERE post_id = ? AND user_id = ?");
+ $verify_review->execute([$get_id, $user_id]);
+
+ if($verify_review->rowCount() > 0){
+ $warning_msg[] = 'Your review already added!';
+ }else{
+ $add_review = $conn->prepare("INSERT INTO `reviews`(id, post_id, user_id, rating, title, description) VALUES(?,?,?,?,?,?)");
+ $add_review->execute([$id, $get_id, $user_id, $rating, $title, $description]);
+ $success_msg[] = 'Review added!';
}
- } else {
+
+ }else{
$warning_msg[] = 'Please login first!';
}
+
}
+
?>
<!DOCTYPE html>
<html lang="en">
@@ -50,13 +46,21 @@ if(isset($_POST['submit'])){
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>add review</title>
+
+ <!-- custom css file link -->
<link rel="stylesheet" href="css/style.css">
+
</head>
<body>
-
+
+<!-- header section starts -->
<?php include 'components/header.php'; ?>
+<!-- header section ends -->
+
+<!-- add review section starts -->
<section class="account-form">
+
<form action="" method="post">
<h3>post your review</h3>
<p class="placeholder">review title <span>*</span></p>
@@ -72,11 +76,19 @@ if(isset($_POST['submit'])){
<option value="5">5</option>
</select>
<input type="submit" value="submit review" name="submit" class="btn">
- <a href="view_post.php?get_id=<?= htmlspecialchars($get_id); ?>" class="option-btn">go back</a>
+ <a href="view_post.php?get_id=<?= $get_id; ?>" class="option-btn">go back</a>
</form>
+
</section>
+<!-- add review section ends -->
+<!-- sweetalert cdn link -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/sweetalert/2.1.2/sweetalert.min.js"></script>
+
+<!-- custom js file link -->
<script src="js/script.js"></script>
+
+<?php include 'components/alers.php'; ?>
+
</body>
</html>
\ No newline at end of file
--
GitLab