File size: 1.44Kb
<?php
include 'includes/config.php';
include 'includes/connect.php';
include 'includes/admin.valid.php';
$news_id = mysql_escape_string(trim(intval($_GET['news_id'])));
$date = date("d.m.Y, H:i");
$text = mysql_escape_string(trim($_POST['text']));
if (!empty($_USER['login'])) {
$user = $_USER['login'].' [Администратор]';
} else {
$user = 'Гость';
}
$sql = mysql_query("SELECT * FROM `".$db_pref."news` WHERE `id` = '$news_id'");
if (mysql_num_rows($sql) < '1') {
header("Location: $home_url");
}
if (empty($text)) {
include 'themes/head.php';
echo <<<HTML
<div class="t">Добавить комментарий</div>
<div class="m">
<div class="menu2">
<form action="" method="POST">
<textarea name="text" class="form" rows="5"></textarea>
<br /><br />
<input type="submit" class="form" value="Добавить" />
</form>
[<a href="$home_url/smiles.php">смайлы</a>]
</div></div>
HTML;
} else {
$sql_add = @mysql_query("INSERT INTO `".$db_pref."comment` VALUES ('', '$news_id', '$user', '$date', '$text', '')");
$sql_update = @mysql_query("UPDATE `".$db_pref."news` SET `comm` = `comm` + 1 WHERE `id` = '$news_id'");
if ($sql_add && $sql_update) {
header("Location: index.php");
} else {
include 'themes/head.php';
echo <<<HTML
<div class="t">Добавить комментарий</div>
<div class="m">
<div class="menu2">
Произошла ошибка!
</div></div>
HTML;
}
}
include 'themes/foot.php';
?>