source: review-add.php@ 0791611

Last change on this file since 0791611 was 0791611, checked in by sstalevska <sara.stalevska@…>, 2 years ago

Push the entire project.

  • Property mode set to 100644
File size: 2.3 KB
Line 
1<?php
2require_once('./inc/common.php');
3
4/**
5 * Only logged in reviewers can submit a review. If the user is not a reviewer, redirect to the list of businesses with an appropriate error message. Otherwise, continue with the checks.
6 */
7if (! isset($_SESSION['is_reviewer'])) {
8 header('Location: /businesses.php?err=permission_error');
9 exit;
10}
11
12/**
13 * Did the reviewer post a form?
14 */
15if (($_SERVER['REQUEST_METHOD'] == 'POST')) {
16 /**
17 * Perform data validation: are all required fields posted and do they have values?
18 */
19 if (
20 (isset($_POST['business'])) && (! empty($_POST['business'])) &&
21 (isset($_POST['address'])) && (! empty($_POST['address'])) &&
22 (isset($_POST['rating'])) && (! empty($_POST['rating'])) &&
23 (isset($_POST['title'])) && (! empty($_POST['title'])) &&
24 (isset($_POST['text'])) && (! empty($_POST['text']))
25 ) {
26 /**
27 * For security reasons, treat all user input as malicious. Strip any tags before inserting that data into the database.
28 */
29 $business = strip_tags($_POST['business']);
30 $address = strip_tags($_POST['address']);
31 $rating = strip_tags($_POST['rating']);
32 $title = strip_tags($_POST['title']);
33 $text = strip_tags($_POST['text']);
34
35 /**
36 * Insert the values that the reviewer posted into the database.
37 */
38 $sql = '
39 insert into review (
40 review_title,
41 review_text,
42 review_stars,
43 business_id,
44 address_id,
45 reviewer_id)
46 values (
47 :title,
48 :text,
49 :rating,
50 :business,
51 :address,
52 :reviewer
53 )';
54 $stm = $conn->prepare($sql);
55 $stm->execute([
56 ':title' => $title,
57 ':text' => $text,
58 ':rating' => $rating,
59 ':business' => $business,
60 ':address' => $address,
61 ':reviewer' => $_SESSION['reviewer_id'],
62 ]);
63
64 /**
65 * All is well, so redirect back to the business with the message that the review was added.
66 */
67 header('Location: /business.php?id=' . $_POST['business'] . '&msg=review_added');
68 exit;
69 } else {
70 /**
71 * Redirect back to the business with the error message that some parameters were missing.
72 */
73 header('Location: /business.php?id=' . $_POST['business'] . '&err=missing_params#add-review');
74 exit;
75 }
76}
77
78/**
79 * If the code execution reaches this point, then some parameters were incorrect or missing. Redirect to the list of businesses with an appropriate error message.
80 */
81header('Location: /businesses.php?err=missing_params');
82exit;
Note: See TracBrowser for help on using the repository browser.