<?php 
// start the session 
session_start(); 
header("Cache-control: private"); //IE 6 Fix 

// Get the user's input from the form 
$name = $_POST['name']; 

// Register session key with the value 
$_SESSION['name'] = $name; 

?>
<html>
<head>
<title> Add comment </title>
</head>
<body bgcolor="#FF0000" topmargin="3">
<font face = "Verdana" size = "-2">
<center>
 
<?php
include("comments.inc.php"); 
$ip = $_SERVER['REMOTE_ADDR'];
// Connect to the database server
if (!$dbcnx) {
die( '<p>Unable to connect to the database server at this time.</p>' );
}
// Select the comments database
if (! @mysql_select_db($dbname) ) {
die( '<p>Unable to locate the comments database at this time.</p>' );
}
// check name - can't be the same as the site owners
if ($_SESSION['name'] == $display_name) {
echo('The name you used is reserved by the site owner. <a href= "commentform.php">Go back </a>and use another name.'); 
exit();}
//check that someone isn't simply hitting the add comment button
$nametext = $_SESSION['name'];
$commenttext = $_POST['comment'];
if ($nametext == 'name' or $commenttext == 'comment') {echo ('<a href = "commentform.php">Go Back </a> and enter your name and comment.');
exit();}
else
{
// If a comment has been submitted,
// add it to the database.
if (isset($_POST['addcomment'])) {
$nametext = $_SESSION['name'];
$commenttext = $_POST['comment'];
$sql = "INSERT INTO comments SET
name='$nametext',
comment='$commenttext',
date=NOW(),
ip='$ip' " ;
if (@mysql_query($sql)) {
echo('Your comment has been added, ' . $nametext . '.  Thank You!'); 
} else {
echo('<p>Error adding submitted comment: ' .
mysql_error() . '</p>');
}
}
}
?>
<a href = "commentform.php">Say Some More!</a></center>
</font>
</body>
</html>