mcorkum · May 13, 2016 00:09
diff --git a/gistfile1.txt b/gistfile1.txt
    function handleComments() {
        global $conn;
        $success = false;
        $err = "";

        if(isset($_POST["send"])) {
            //echo "you have pressed submit </br>";
            if (!empty($_POST["fullname"])) {
                $fn = sanitize_input($_POST["fullname"]);
                //echo "You have entered your name. </br>";
            } else {
                $success = false;
                $err .= "Please enter your name. </br>";
            }

            if (trim($_POST["email"])) {
                $_POST["email"] = sanitize_input($_POST["email"]);

                    if (filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
                        $em = sanitize_input($_POST["email"]);
                        $sql = mysqli_query($conn, "SELECT * FROM feedback WHERE email='$em'");
                        if (mysqli_num_rows($sql)>0) {
                            $err .= "We're sorry that EMAIL has already been submitted.";
                            $em = null;
                        } 
                    } else {
                        $em = null;
                        $err .= "Please enter a VALID email. </br>";
                        $success = false;
                    }
                
            } else {
                    $err .= "Please enter your email.</br>";  
                    $success = false;   
            } 
            if (trim($_POST["comment"])) {
                
                $comm = sanitize_input($_POST["comment"]);
            } else {
                $success = false;
                $err .= "Please enter your feedback. </br>";
            }
            if (!empty($fn) && !empty($em) && !empty($comm)) {
                $success = true;
                
                $query = "INSERT INTO feedback (name, email, comment) VALUES ('$fn', '$em', '$comm')";

                if (mysqli_query($conn, $query)) {
                    //echo "New record created successfully";
                } else {
                    //echo "Error: " . $query . "<br>" . mysqli_error($conn);
                }
                echo "<h2>Thank you for your Comment!</h2>";
            } 
            if (isset($err) && !empty($err)) {
                $error = "<div class=\"err-msg\"><h4>I'm sorry, but we found the following errors:</h4><p class=\"error\">" . $err . "</p></div>";
                return $error;
            } else {
                return false;
            }
        }

    }
	function handleComments() {
	global $conn;
	$success = false;
	$err = "";

	if(isset($_POST["send"])) {
	//echo "you have pressed submit </br>";
	if (!empty($_POST["fullname"])) {
	$fn = sanitize_input($_POST["fullname"]);
	//echo "You have entered your name. </br>";
	} else {
	$success = false;
	$err .= "Please enter your name. </br>";
	}

	if (trim($_POST["email"])) {
	$_POST["email"] = sanitize_input($_POST["email"]);

	if (filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
	$em = sanitize_input($_POST["email"]);
	$sql = mysqli_query($conn, "SELECT * FROM feedback WHERE email='$em'");
	if (mysqli_num_rows($sql)>0) {
	$err .= "We're sorry that EMAIL has already been submitted.";
	$em = null;
	}
	} else {
	$em = null;
	$err .= "Please enter a VALID email. </br>";
	$success = false;
	}

	} else {
	$err .= "Please enter your email.</br>";
	$success = false;
	}
	if (trim($_POST["comment"])) {

	$comm = sanitize_input($_POST["comment"]);
	} else {
	$success = false;
	$err .= "Please enter your feedback. </br>";
	}
	if (!empty($fn) && !empty($em) && !empty($comm)) {
	$success = true;

	$query = "INSERT INTO feedback (name, email, comment) VALUES ('$fn', '$em', '$comm')";

	if (mysqli_query($conn, $query)) {
	//echo "New record created successfully";
	} else {
	//echo "Error: " . $query . "<br>" . mysqli_error($conn);
	}
	echo "<h2>Thank you for your Comment!</h2>";
	}
	if (isset($err) && !empty($err)) {
	$error = "<div class=\"err-msg\"><h4>I'm sorry, but we found the following errors:</h4><p class=\"error\">" . $err . "</p></div>";
	return $error;
	} else {
	return false;
	}
	}

	}