-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrate.php
37 lines (27 loc) · 1.2 KB
/
rate.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
<?php
session_start();
require "db.inc.php";
$POST = filter_var_array($_POST, FILTER_SANITIZE_STRING);
$POSTI = filter_var_array($_POST, FILTER_SANITIZE_NUMBER_INT);
if(isset($POST['starRate'])) {
$starRate = mysqli_real_escape_string($conn, $POSTI['starRate'] ?? "");
$rateMsg = mysqli_real_escape_string($conn, $POST['rateMsg'] ?? "");
$date = mysqli_real_escape_string($conn, $POST['date'] ?? "");
$useName = mysqli_real_escape_string($conn, $POST['name'] ?? "");
$sql = $conn->prepare("SELECT * from rate WHERE userName=?");
$sql->bind_param("s", $useName);
$sql->execute();
$res = $sql->get_result();
$rst = $res->fetch_assoc();
$pCode = $rst['userName'];
if(!$pCode) {
$stmt = $conn->prepare("INSERT INTO rate (userName, userReview, userMessage, dateReviewed) VALUES ( ?, ?, ?, ?)");
$stmt->bind_param("ssss", $useName, $starRate, $rateMsg, $date);
$stmt->execute();
}
else {
$stmt = $conn->prepare("UPDATE rate SET userName=?, userReview=?, userMessage=?, dateReviewed=? WHERE userName=?");
$stmt->bind_param("sssss", $useName, $starRate, $rateMsg, $date, $useName);
$stmt->execute();
}
}