<? // perform the back end of updating a report comment authorize(); if (!check_perms('admin_reports')) { error(403); } if (empty($_POST['reportid']) || !is_number($_POST['reportid'])) { echo 'HAX ATTEMPT!'.$_GET['reportid']; die(); } $ReportID = $_POST['reportid']; $Message = db_string($_POST['comment']); //Message can be blank! $DB->query(" SELECT ModComment FROM reportsv2 WHERE ID = $ReportID"); list($ModComment) = $DB->next_record(); if (isset($ModComment)) { $DB->query(" UPDATE reportsv2 SET ModComment = '$Message' WHERE ID = $ReportID"); }