diff options
| -rw-r--r-- | includes/reply_inc.php | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/includes/reply_inc.php b/includes/reply_inc.php index d20c4ed..cf7a839 100644 --- a/includes/reply_inc.php +++ b/includes/reply_inc.php @@ -13,6 +13,10 @@ if (!isset($_SESSION['signed_in'])) { die('You must be signed in to reply to a thread.'); } +$reply_content = filter_var($_POST['reply_content'], FILTER_SANITIZE_STRING); +$reply_to = $_GET['reply_to']; +$post_author = $_SESSION['user_id']; + $sql = "INSERT INTO posts(post_content, post_date, post_thread, post_author) VALUES(?, NOW(), ?, ?)"; $stmt = mysqli_stmt_init($dbc); @@ -20,7 +24,7 @@ if (!mysqli_stmt_prepare($stmt, $sql)) { die('Failed to process statement: ' . mysqli_error($dbc)); } -mysqli_stmt_bind_param($stmt, "sii", $_POST['reply_content'], $_GET['reply_to'], $_SESSION['user_id']); +mysqli_stmt_bind_param($stmt, "sii", $reply_content, $reply_to, $post_author); mysqli_stmt_execute($stmt); mysqli_stmt_close($stmt); |