Location: PHPKode > projects > mediaIndex > includes/fileComments.php
<?php
if (isset($_POST['submit']) && $_POST['submit']=="Add Comment") {
    if (!empty($_POST['name']) && !empty($_POST['body'])) {
        $sql = "INSERT INTO comments (hash,name,body,time) ";
        $sql .= "VALUES ('{$GLOBALS['file']->hash}','"._escape($_POST['name'])."','"._escape($_POST['body'])."','".time()."')";
        sqlite_query($GLOBALS['gDb'],$sql);
        _addMessage("Comment Added.");
    } else {
        _addMessage("Comment not added. Missing required fields?");
    }
}

// get comments for this file
$sql = "SELECT * FROM comments WHERE hash = '{$GLOBALS['file']->hash}'";
$result = sqlite_array_query($GLOBALS['gDb'],$sql,SQLITE_ASSOC);
if (count($result)>0) {
    echo "<br /><fieldset>\n";
    echo "<legend>User Comments</legend>\n";
    foreach ($result as $A) {
        echo "<span class=\"comment\">Posted by <b>".htmlspecialchars(stripslashes($A['name']))."</b> on ".date(_DATEFORMAT,$A['time'])."<br />\n";
        echo "<blockquote>"._parseText($A['body'])."</blockquote></span>\n";
    }
    echo "</fieldset>\n";
}

echo "<br />";
_printSubtitle("Add a Comment");
echo "<form method=\"POST\">";
echo "<table class=\"details\">\n";
echo "<tr><td width=\"20%\">Name: </td><td><input type=\"text\" name=\"name\" size=\"20\" maxlength=\"24\" /></td></tr>\n";
echo "<tr><td width=\"20%\">Comment: </td><td><textarea name=\"body\" rows=\"5\" cols=\"50\"></textarea></td></tr>\n";
echo "<tr><td colspan=\"2\"><input type=\"submit\" name=\"submit\" value=\"Add Comment\" /></td></tr>\n";
echo "</table>\n";
echo "</form>\n";
?>
Return current item: mediaIndex