Gazelle/sections/reportsv2/ajax_update_comment.php

31 lines
571 B
PHP
Raw Normal View History

2011-03-28 14:21:28 +00:00
<?
// perform the back end of updating a report comment
authorize();
2013-05-04 08:00:48 +00:00
if (!check_perms('admin_reports')) {
2011-03-28 14:21:28 +00:00
error(403);
}
2013-05-04 08:00:48 +00:00
if (empty($_POST['reportid']) || !is_number($_POST['reportid'])) {
2011-03-28 14:21:28 +00:00
echo 'HAX ATTEMPT!'.$_GET['reportid'];
die();
}
$ReportID = $_POST['reportid'];
$Message = db_string($_POST['comment']);
//Message can be blank!
2013-07-10 00:08:53 +00:00
$DB->query("
SELECT ModComment
FROM reportsv2
WHERE ID = $ReportID");
2011-03-28 14:21:28 +00:00
list($ModComment) = $DB->next_record();
2013-05-04 08:00:48 +00:00
if (isset($ModComment)) {
2013-07-10 00:08:53 +00:00
$DB->query("
UPDATE reportsv2
SET ModComment = '$Message'
WHERE ID = $ReportID");
2011-03-28 14:21:28 +00:00
}