Introduced PDO-SQL and new config file into rate.php

b5d75d3b · MatrixCrawler · e0d86ffb · b5d75d3b
Commit b5d75d3b authored Mar 10, 2014 by MatrixCrawler
Hide whitespace changes
Inline Side-by-side

Showing with 28 additions and 25 deletions

rate.php rate.php +28 -25

No files found.
--- a/rate.php
+++ b/rate.php
@@ -35,31 +35,37 @@ $("#rating").prop( "value", value )
 <body>
 <div style="height:500px;width:900px;">
 <?php
- include('db/config.php');
- $dbh = pg_connect("dbname=$pgdb user=$pguser password=$pgpass");
- if (!$dbh) {
-     die("Error in connection: " . pg_last_error());
- }  
- if (is_null($_GET['domain'])) {
-     die("domain not specified");
- }
- $sql = "SELECT * FROM rating_comments WHERE domain = $1";
- $result = pg_query_params($dbh, $sql, array($_GET['domain']));
- if (!$result) {
-     die("Error in SQL query: " . pg_last_error());
- }   
- $numrows = pg_num_rows($result); 
+if (!isset($_GET['domain'])) {
+	die("domain not specified");
+}
+
+require_once 'db/config.inc.php';
+require_once 'db/db.class.php';
+ 
+$dbConnection = DB::connectDB();
+if (!$dbConnection) {
+	die("Error in connection: " . $dbConnection->errorInfo()[2]);
+}
+  
+$sql = "SELECT * FROM rating_comments WHERE domain = ".$dbConnection->quote($_GET['domain']);
+$result = $dbConnection->query($sql);
+if (!$result) {
+	die ("Error in SQL query: ".$dbConnection->errorInfo()[2]);
+}
+
+$numrows = $result->rowCount();
 echo "<input id='addrating' class='btn primary' style='float:right;margin-right:15px;' type='submit' value='Add a Rating'><h3>Podupti.me ratings for ".$_GET["domain"]." pod (beta feature)</h3><div id='ratings'><hr>"; 
 if (!$numrows) {echo "<b>This pod has no rating yet!</b>";}
- while ($row = pg_fetch_array($result)) {
- if ($row["admin"] == 1) {
-echo "Poduptime Approved Comment - User: <b>".$row["username"]."</b> Url: <a href='".$row["userurl"]."'>".$row["userurl"]."</a> Rating: <b>".$row["rating"]."</b> <br>";
-echo "<i>".$row["comment"]."</i><span class='label' title='id: ".$row["id"]."' style='float:right;margin-right:115px;'>".$row["date"]."</span><hr>";
- } elseif ($row["admin"] == 0) {
-echo "User Comment - User: <b>".$row["username"]."</b> Url: <a href='".$row["userurl"]."'>".$row["userurl"]."</a> Rating: <b>".$row["rating"]."</b> <br>";
-echo "<i>".$row["comment"]."</i><span class='label' title='id: ".$row["id"]."' style='float:right;margin-right:115px;'>".$row["date"]."</span><hr style='margin-top:0;margin-bottom:15px;'>";
- }
+foreach ($result->fetchAll() as $row) {
+	if ($row["admin"] == 1) {
+		echo "Poduptime Approved Comment - User: <b>".$row["username"]."</b> Url: <a href='".$row["userurl"]."'>".$row["userurl"]."</a> Rating: <b>".$row["rating"]."</b> <br>";
+		echo "<i>".$row["comment"]."</i><span class='label' title='id: ".$row["id"]."' style='float:right;margin-right:115px;'>".$row["date"]."</span><hr>";
+ 	} elseif ($row["admin"] == 0) {
+		echo "User Comment - User: <b>".$row["username"]."</b> Url: <a href='".$row["userurl"]."'>".$row["userurl"]."</a> Rating: <b>".$row["rating"]."</b> <br>";
+		echo "<i>".$row["comment"]."</i><span class='label' title='id: ".$row["id"]."' style='float:right;margin-right:115px;'>".$row["date"]."</span><hr style='margin-top:0;margin-bottom:15px;'>";
+ 	}
 }
+
 echo <<<EOF
 </div>
 <div id="commentform" style="display:none">
@@ -73,8 +79,5 @@ Rating (1-10 scale, 10 high)<br><div id="slider"></div><input class="disabled" d
 </div>
 EOF;

- 
- pg_free_result($result);       
- pg_close($dbh);
 ?>
 </div>