Commit 26af3af4 authored by MatrixCrawler's avatar MatrixCrawler

Introduced PDO-SQL and new Config

parent 73406691
......@@ -12,35 +12,37 @@ if (!$_POST['userurl']){
}
if (!$_POST['domain']){
echo "no pod domain given";
die;
echo "no pod domain given";
die;
}
if (!$_POST['comment']){
echo "no comment";
die;
echo "no comment";
die;
}
if (!$_POST['rating']){
echo "no rating given";
die;
echo "no rating given";
die;
}
$dbConnection = DB::connectDB();
if (!$dbh) {
die("Error in connection: " . $dbConnection->errorInfo()[2]);
}
$sql = "INSERT INTO rating_comments (domain, comment, rating, username, userurl)"
. " VALUES(".$dbConnection->quote($_POST['domain']).", ".$dbConnection->quote($_POST['comment']).", ".$dbConnection->quote($_POST['rating']). ","
. " ".$dbConnection->quote($_POST['username']).", ".$dbConnection->quote($_POST['userurl']).")";
if (!$result) {
die("Error in SQL query: " . pg_last_error());
}
$dbh = pg_connect("dbname=$pgdb user=$pguser password=$pgpass");
if (!$dbh) {
die("Error in connection: " . pg_last_error());
}
$sql = "INSERT INTO rating_comments (domain, comment, rating, username, userurl) VALUES($1, $2, $3, $4, $5)";
$result = pg_query_params($dbh, $sql, array($_POST['domain'], $_POST['comment'], $_POST['rating'], $_POST['username'], $_POST['userurl']));
if (!$result) {
die("Error in SQL query: " . pg_last_error());
}
$to = $adminemail;
$subject = "New rating added to poduptime ";
$message = "Pod:" . $_POST["domain"] . "\n\n";
$headers = "From: ".$_POST["email"]."\r\n";
@mail( $to, $subject, $message, $headers );
echo "Comment posted!";
pg_free_result($result);
pg_close($dbh);
$subject = "New rating added to poduptime ";
$message = "Pod:" . $_POST["domain"] . "\n\n";
$headers = "From: ".$_POST["email"]."\r\n";
@mail( ADMIN_EMAIL, $subject, $message, $headers );
echo "Comment posted!";
?>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment