File size: 1.6Kb
<?php
/**********************************************/
/* Автор скрипта: Александр Есин */
/* E-Mail: [email protected] ([email protected]) */
/* ICQ: 6464729 */
/* Site: http://ticlove.ru */
/**********************************************/
?>
<?php define ('SECURED', true); ?>
<?php require (dirname(__FILE__).'/../_inc/sql.php'); ?>
<?php require (dirname(__FILE__).'/../_inc/config.php'); ?>
<?php require (dirname(__FILE__).'/../_inc/function.php'); ?>
<?php
if (!empty($_SESSION['auth_id']) && (intval($_POST['user_id']) == $_SESSION['auth_id']))
{
if (!empty($_POST['news_id']))
{
if (!empty($_POST['msg']))
{
$msg = trim($_POST['msg']);
$msg = iconv('utf-8', 'windows-1251', $msg);
if (strlen($msg) > 1000) $msg = substr($msg, 0, 1000);
$msg = iconv('windows-1251', 'utf-8', $msg);
if (mysql_query("INSERT INTO `q_news_comm` (`id_news`, `id_user`, `comments`, `date_comm`) VALUES ('".intval($_POST['news_id'])."', '".$_SESSION['auth_id']."', '".function_sql($msg)."', '".time()."');"))
{
mysql_query("UPDATE `q_news` SET `comments` = `comments` + '1' WHERE `id_news` = '".intval($_POST['news_id'])."';");
echo '<script type="text/javascript">location="/news.php?page=comments&news_id='.intval($_POST['news_id']).'";</script>';
echo 'Комментарий добавлен';
}
exit;
} else echo '<div style="color: #ff0000;">Вы не написали комментарий</div>';
}
}
?>