line_comment.php

   1 <?php
   2
   3 include_once("auth_root.php");
   4
   5 //if($role != 0) { die("Account \"".$user_name."\" Is Not Authorized To View This Page.<br><br>This Event Will Be Logged And Reported."); }
   6
   7 if (!$_GET["file_id"])  { die("No File ID Sent"); }
   8 if (!$_GET["line_num"]) { die("No Line Number Sent"); }
   9 if (!$_GET["comment"])  { die("No Comment Sent"); }
  10 if ($_GET["comment"] == "")  { die("Comment of Zero Length Cannot Be Posted"); }
  11
  12 $_GET["file_id"] = mysql_real_escape_string($_GET["file_id"]);
  13 $_GET["line_num"] = mysql_real_escape_string($_GET["line_num"]);
  14
  15 // comments are being sent with double quotes on each end... remove them
  16 $comment = substr($_GET[comment], 1, -1);
  17
  18 $comment = mysql_real_escape_string($comment);
  19
  20 //TODO: Verify that this file belongs to user if role not root...
  21
  22
  23 // insert comment contents into DB
  24 $sql = 'insert into filecom values ("", '.$_GET["file_id"].','.$_GET["line_num"].','.$user_id.',"'.$comment.'",NOW())';
  25
  26 //echo $sql;
  27
  28 $result = mysql_query($sql);
  29
  30 if (!$result) { die("SQL ERROR: File Comment Insert"); }
  31
  32 $html = '';
  33 $html .= "<img src='gfx/down_arrow.png'>";
  34 $html .= "<span class=line_comment_txt>".$comment."</span>";
  35 $html .= "<span class=line_comment_name>".$user_name."</span>";
  36 $html .= "<span class=line_comment_time>Just Now</span>";
  37
  38 echo $html;
  39
  40 ?>