-
Notifications
You must be signed in to change notification settings - Fork 0
/
updateMark.php
38 lines (30 loc) · 960 Bytes
/
updateMark.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
<?php
session_start();
require_once('common.php');
$db = connectToDB();
//make sure that this is the admin user!
if ($username != ADMINUSER) {
header("Location: main.php");
}
if ($_SESSION["authkey"] != AUTHKEY) {
header("Location:index.php?ERROR=Failed%20Auth%20Key");
}
## This will go to xmlhttp.responsetext
## so we can't use "die" or "echo" here.
//die("HERE in updateUser!");
$error_message="";
$frmID = $frmMark = $frmComment = "";
$frmID = clean_input($_POST['fileid']);
$frmMark = clean_input($_POST['mark']);
#$frmComment = clean_input($_POST['comment']);
$frmComment = clean_html($_POST['comment']);
$sql = "UPDATE fileinfo SET mark=?, comment=? WHERE id=?";
if ($stmt = $db->prepare($sql)) {
$stmt->bind_param("ssi", $frmMark, $frmComment, $frmID );
$stmt->execute();
$stmt->close();
} else {
$message_ = 'Invalid query: ' . mysqli_error($db) . "\n<br>";
$message_ .= 'SQL: ' . $sql;
die($message_);
}