View file news/comm.add.php

File size: 1.44Kb
<?php

include 'includes/config.php';
include 'includes/connect.php';
include 'includes/admin.valid.php';

$news_id	=	mysql_escape_string(trim(intval($_GET['news_id'])));
$date		=	date("d.m.Y, H:i");
$text		=	mysql_escape_string(trim($_POST['text']));

if (!empty($_USER['login'])) {
	$user	=	$_USER['login'].' [Администратор]';
} else {
	$user	=	'Гость';
}

$sql	=	mysql_query("SELECT * FROM `".$db_pref."news` WHERE `id` = '$news_id'");
if (mysql_num_rows($sql) < '1') {
	header("Location: $home_url");
}

if (empty($text)) {
	include 'themes/head.php';
echo 	<<<HTML
<div class="t">Добавить комментарий</div>
<div class="m">
<div class="menu2">
<form action="" method="POST">
<textarea name="text" class="form" rows="5"></textarea>
<br /><br />
<input type="submit" class="form" value="Добавить" />
</form>
[<a href="$home_url/smiles.php">смайлы</a>]
</div></div>
HTML;
	
} else {
	
	$sql_add	=	@mysql_query("INSERT INTO `".$db_pref."comment` VALUES ('', '$news_id', '$user', '$date', '$text', '')");
	$sql_update	=	@mysql_query("UPDATE `".$db_pref."news` SET `comm` = `comm` + 1 WHERE `id` = '$news_id'");
	
	if ($sql_add && $sql_update) {
		
		header("Location: index.php");
		
	} else {
		include 'themes/head.php';
echo 	<<<HTML
<div class="t">Добавить комментарий</div>
<div class="m">
<div class="menu2">
Произошла ошибка!
</div></div>
HTML;
		
	}
	
}

include 'themes/foot.php';

?>