comment.php

   1 <?php
   2
   3 include_once("auth.php");
   4 include_once("header.php");
   5
   6 if (!$_GET["comment"]) { die("No Comment Sent");     }
   7 if (!$_GET["sched"])   { die("No Schedule ID Sent"); }
   8
   9 $_GET["user"] = mysql_real_escape_string($_GET["user"]);
  10 $_GET["sched"] = mysql_real_escape_string($_GET["sched"]);
  11 $_GET["comment"] = mysql_real_escape_string($_GET["comment"]);
  12
  13 // faculty must submit not only the schedule, but the user commented about as well
  14 if($role == 0 && !$_GET["user"]) {  die("No User ID Sent"); }
  15
  16 if($_GET["comment"] == "") { die("Comment Must Not Be Empty"); }
  17
  18 if($role == 0) { // faculty comment to student
  19         $sql = 'insert into comments values("", '.$_GET["user"].', '.$_GET["sched"].','.$user_id.','.$role.', "'.$_GET["comment"].'", NOW())';
  20 } else { // student comment to faculty
  21         $sql = 'insert into comments values("", '.$user_id.', '.$_GET["sched"].', NULL,'.$role.', "'.$_GET["comment"].'", NOW())';
  22 }
  23
  24 //echo $sql;
  25
  26 $result = mysql_query($sql);
  27
  28 if (!$result) { die("SQL ERROR"); } else {
  29
  30 echo "Data Posted Sucessfully<br><br>";
  31
  32 echo 'Click <a href=detail_root.php?sched='.$_GET["sched"].'>Here</a> To Return to Assignment Details';
  33
  34
  35 //echo '<html><meta http-equiv="refresh" content="0; detail.php?sched='.$_GET["sched"].'" /></html>';
  36
  37 }
  38
  39
  40 ?>