One Hat Cyber Team
Your IP :
216.73.216.186
Server IP :
93.127.173.44
Server :
Linux in-mum-web1837.main-hosting.eu 5.14.0-503.34.1.el9_5.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Mar 27 06:00:50 EDT 2025 x86_64
Server Software :
LiteSpeed
PHP Version :
8.2.28
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
home
/
u322583024
/
domains
/
awaha.in
/
public_html
/
Edit File:
submit-review.php
<?php // Connection to the database include 'connect.inc.php'; // Error handling ini_set('display_errors', 1); // Display errors on the screen error_reporting(E_ALL); // Report all types of errors // Check if the form is submitted if ($_SERVER["REQUEST_METHOD"] == "POST") { // Get form data and sanitize input to prevent XSS $user_name = htmlspecialchars($_POST['user_name']); $email = htmlspecialchars($_POST['email']); $rating = $_POST['rating']; // Rating should be numeric, be sure to validate it $product_name = isset($_POST['product_name']) ? htmlspecialchars($_POST['product_name']) : ''; // Fallback to empty string if null $product_id = isset($_POST['product_id']) ? htmlspecialchars($_POST['product_id']) : ''; // Fallback to empty string if null $review_content = htmlspecialchars($_POST['review_content']); // Get the current date and time (server's current time) $review_date = date('Y-m-d H:i:s'); // Format the date as 'YYYY-MM-DD HH:MM:SS' // Use prepared statement to insert data $sql = "INSERT INTO reviews (user_name, email, rating, product_name, product_id, review_content, review_date, status) VALUES (:user_name, :email, :rating, :product_name, :product_id, :review_content, :review_date, 'Pending')"; try { $stmt = $pdo->prepare($sql); // Bind parameters $stmt->bindParam(':user_name', $user_name); $stmt->bindParam(':email', $email); $stmt->bindParam(':rating', $rating); $stmt->bindParam(':product_name', $product_name); $stmt->bindParam(':product_id', $product_id); $stmt->bindParam(':review_content', $review_content); $stmt->bindParam(':review_date', $review_date); // Bind the review_date value // Execute the query $stmt->execute(); // Get the last inserted review and its date $lastReviewId = $pdo->lastInsertId(); // Get the ID of the last inserted review $stmt = $pdo->prepare("SELECT review_date FROM reviews WHERE id = :id"); $stmt->bindParam(':id', $lastReviewId); $stmt->execute(); $reviewData = $stmt->fetch(PDO::FETCH_ASSOC); // Format the review date to display only the date (YYYY-MM-DD) $formattedReviewDate = date('Y-m-d', strtotime($reviewData['review_date'])); // Display the submitted review data echo "Review submitted successfully!<br>"; echo "<h3>Submitted Review Details:</h3>"; echo "<p><strong>Name:</strong> " . $user_name . "</p>"; echo "<p><strong>Email:</strong> " . $email . "</p>"; echo "<p><strong>Rating:</strong> " . str_repeat('★', $rating) . str_repeat('☆', 5 - $rating) . "</p>"; echo "<p><strong>Product:</strong> " . $product_name . "</p>"; echo "<p><strong>Review:</strong> " . $review_content . "</p>"; echo "<p><strong>Date:</strong> " . $formattedReviewDate . "</p>"; // Display only the date } catch (PDOException $e) { echo "Error: " . $e->getMessage(); } } ?>
Simpan