line_comment.php

   1 <?php
   2
   3 include_once("auth_root.php");
   4
   5 //if($role != 0) { die("Account \"".$user_name."\" Is Not Authorized To View This Page.<br><br>This Event Will Be Logged And Reported."); }
   6
   7 if (!$_GET["file_id"])  { die("No File ID Sent"); }
   8 if (!$_GET["line_num"]) { die("No Line Number Sent"); }
   9 if (!$_GET["comment"])  { die("No Comment Sent"); }
  10 if ($_GET["comment"] == "")  { die("Comment of Zero Length Cannot Be Posted"); }
  11
  12 $_GET["file_id"] = mysql_real_escape_string($_GET["file_id"]);
  13 $_GET["line_num"] = mysql_real_escape_string($_GET["line_num"]);
  14 //$_GET["comment"] = mysql_real_escape_string($_GET["comment"]);
  15
  16 //TODO: Verify that this file belongs to user if role not root...
  17
  18 // insert comment contents into DB
  19 $sql = 'insert into filecom values ("", '.$_GET["file_id"].','.$_GET["line_num"].','.$user_id.','.$_GET["comment"].',NOW())';
  20
  21 //echo $sql;
  22
  23 $result = mysql_query($sql);
  24
  25 if (!$result) { die("SQL ERROR: File Comment Insert"); }
  26
  27 // strip quotes off ends of comment.
  28 $comment = substr($_GET[comment], 1, -1);
  29
  30 $html = '';
  31 $html .= "<img src='gfx/down_arrow.png'>";
  32 $html .= "<span class=line_comment_txt>".$comment."</span>";
  33 $html .= "<span class=line_comment_name>".$user_name."</span>";
  34 $html .= "<span class=line_comment_time>Just Now</span>";
  35
  36 echo $html;
  37
  38 ?>