Code: Select all
<?php
function mysql_prep( $value ) {
$magic_quotes_active = get_magic_quotes_gpc();
$new_enough_php = function_exists( "mysql_real_escape_string" ); // i.e. PHP >= v4.3.0
if( $new_enough_php ) { // PHP v4.3.0 or higher
// undo any magic quote effects so mysql_real_escape_string can do the work
if( $magic_quotes_active ) { $value = stripslashes( $value ); }
$value = mysql_real_escape_string( $value );
} else { // before PHP v4.3.0
// if magic quotes aren't already on then add slashes manually
if( !$magic_quotes_active ) { $value = addslashes( $value ); }
// if magic quotes are active, then the slashes already exist
}
return $value;
}
if (isset($_POST['submit'])) { // Form has been submitted.
$errors = array();
$revid = $_SESSION['user_id'];
$artist = trim(mysql_prep($_POST['artistName']));
$cd = trim(mysql_prep($_POST['album']));
$label = trim(mysql_prep($_POST['label']));
$genre = $_POST['genre'];
$rating = $_POST['rating'];
$review = mysql_prep($_POST['review'], ENT_QUOTES);
$web = trim(mysql_prep(htmlentities($_POST['webSite'])));
$today = date("y/m/d");
$image = getImage('file_upload', true, 200, 300);
if($_SESSION['type'] == 'admin'){
$query = sprintf("INSERT INTO reviews (RevId, ArtistName, CDTitle, Label, Genre, Rating, Review, ArtistSite, DateAdded, Image)
VALUES ('". $revid ."', '". $artist ."', '". $cd ."', '". $label ."', '". $genre ."', '". $rating ."', '".$review."', '". $web ."',
'". $today ."', '". $image ."')");
} elseif ($_SESSION['type'] == 'reviewer'){
$query = "INSERT INTO revcheck (RevId, ArtistName, CDTitle, Label, Genre, Rating, Review, ArtistSite, DateAdded, Image)
VALUES ('". $revid ."', '". $artist ."', '". $cd ."', '". $label ."', '". $genre ."', '". $rating ."', '". $review ."', '". $web ."',
'". $today ."', '". $image ."')";
}
mysql_query($query);
$id = mysql_insert_id();
$thumb = getImage('file_upload', true, 100, 100);
if(is_array($image)){
array_merge($errors, $image);
}
if($_SESSION['type'] == 'admin'){
$query = "UPDATE reviews SET Thumb = '{$thumb}' WHERE id ={$id} LIMIT 1";
} elseif ($_SESSION['type'] == 'reviewer'){
$query = "UPDATE revcheck SET Thumb = '{$thumb}' WHERE id ={$id} LIMIT 1";
}
mysql_query($query);
//$review = stripslashes($review);
if($_SESSION['type'] == 'reviewer'){
echo "<h1>Thank You For Your Submition</h1>
<h3>Your review will be checked for errors, and then posted. This may take up to 24 hours.</h3>";
}
echo "
<p>
Below is what you submitted, if you notice any errors below, please email us at ***
</p>
<p>
<div style='float:left; width=300;'>
Image:<br />
";
if($_SESSION['type'] == 'admin'){
echo "
<img src='../images/image.php?id=$id&type=review' /><br />
</div>
<div style='float:left; margin-left:10px; width:600px;'>
Thumbnail:<br />
<img src='../images/image.php?id=$id&type=reviewThumb' /><br />
</p>";
} elseif ($_SESSION['type'] == 'reviewer'){
echo "
<img src='../images/image.php?id=$id&type=reviewCheck' /><br />
</div>
<div style='float:left; margin-left:10px; width:600px;'>
Thumbnail:<br />
<img src='../images/image.php?id=$id&type=reviewThumbCheck' /><br />
</p>";
}
echo"
Artist Name: $artist<br />
Album Title: $cd<br />
Label: $label<br />
Genre: $genre<br />
Rating: $rating<br />
Artist's Website Address: $web<br />
Review: $review<br />
</p>
</div>";
}
?>
<div style="clear:both;">
<h1>Post New Review</h1>
<form action='reviewSubmitForm.php' enctype='multipart/form-data' method='post'>
<label for='artistName'>Artist Name:</label><br />
<input type='text' name='artistName' id='artistName' /><br />
<label for='album'>Album Title:</label><br />
<input type='text' name='album' id='album' /><br />
<label for='label'>Label:</label><br />
<input type='text' name='label' id='label' /><br />
<label for='genre'>Genre:</label><br />
<select name='genre' id='genre'>
<option value='Bluegrass' selected='selected'>Bluegrass</option>
<option value='Blues'>Blues</option>
<option value='Folk'>Folk</option>
<option value='Gospel'>Gospel</option>
<option value='Jazz'>Jazz</option>
<option value='Mixed Genres'>Mixed Genres</option>
<option value='Reggae'>Reggae</option>
<option value='Roots Country'>Roots Country</option>
<option value='Roots Rock'>Roots Rock</option>
<option value='True Country'>True Country</option>
<option value='Western Swing'>Western Swing</option>
<option value='Zydeco'>Zydeco</option>
</select><br />
Rating:<br />
<label for='rating'>3</label>
<input name='rating' type='radio' value='3' />
<label for='rating'>4</label>
<input name='rating' type='radio' value='4' />
<label for='rating'>5</label>
<input name='rating' type='radio' value='5' /><br />
<input type='hidden' name='MAX_FILE_SIZE' value='1000000' />
<label for='file'>Upload CD Image: (in .jpg format please)</label><br />
<input name='file_upload' id='file_upload' type='file' /><br />
<label for='webSite'>Artist's Website Address: (Don't forget the http://)</label><br />
<input name='webSite' type='text' value='http://' /><br />
<label for='review'>Review:</label><br />
<textarea name='review' cols='100' rows='15' id='review'></textarea><br />
<input type="submit" name="submit" value="Submit Review" />
</form>
to output:
<?php
$id = $_GET['id'];
$query = "SELECT id, RevId, ArtistName, CDTitle, Label, Genre, Rating, Review, ArtistSite, DateAdded FROM reviews WHERE id = {$id}";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);
$query2 = "SELECT id, RevId, ArtistName, CDTitle, Label, Genre, Rating, Review, ArtistSite, DateAdded FROM reviewers WHERE id = {$id}";
$result = mysql_query($query);
if($result){
$lastWeek = time() - (7 * 24 * 60 * 60);
echo "<div style=\"margin-top:10px;\">
<div style=\"float:left; width:200px; color:#fff;\">
<img style=\"float:left; width:200px; height:200px;\"
src=\"images/image.php?id=".$row['id']."&type=review\" alt=\"Review of ".$row['ArtistName']."'s CD: ".$row['CDTitle']. "\" />
<b>Label:</b> ".$row['Label']."<br />
<b>Genre:</b> ".$row['Genre']."<br />
<b>Rating:</b> ".$row['Rating']."
</div>
<div style=\"float:left; margin:0 0 0 7px;\" >
<span style=\"color: #fff; font-size:22px; font-weight:bold; \">" .$row['ArtistName']."</span>";
if(strtotime($row['DateAdded']) > $lastWeek)
echo "<span style=\"color:#F00; font-weight:bold; vertical-align:super;\">*NEW*</span>";
echo "<br />
<span style=\"color: #febd01; font-size:18px; font-weight:bold; \">".$row['CDTitle']."</span><br />
</div>
<div style=\"background-color:#4975B6; border: 2px #fff solid; float:left; width:485px; font-size:12px; margin:7px 0 7px 7px; padding:10px; text-align:justify;\">
".htmlentities($row['Review'])."<br /><br />Reviewed By:
</div>
</div>
</div>";
}
?>