'."\n"; } $topicid = $_GET['topicid']; if ($topicid){ $submit = $_POST['submit']; if ($submit == 'Post Response'){ $posttitle = $_POST['posttitle']; $posttext = $_POST['posttext']; $insql = $dbh->prepare("insert into posts (posttitle,posttext,topicid,uid,timeofpost) values (?,?,?,?,now())"); $insql->execute(array($posttitle,$posttext,$topicid,$uid)); } $numperpage = '2'; $start = $_GET['start']; $page =$start * $numperpage ; if (!$page) $page = 0; $getnum = $dbh->prepare("select id from posts where topicid = ?"); $getnum->bindvalue(1,$topicid); $getnum->execute(); $numresults = 0; while ($getrow = $getnum->fetch()){ $numresults++; } $numlinks = ceil($numresults/$numperpage); //need to find number of links $postsql = $dbh->prepare("select posts.id,posts.posttitle, posts.posttext,date_format(posts.timeofpost,' %M %d, %Y %h : %i') ,posts.uid,users.fullname from posts,users where posts.uid = users.id and topicid = ? limit $page,$numperpage"); $postsql->bindValue(1,$topicid); $postsql->execute(); while ($maruja = $postsql->fetch()){ $postid = $maruja[0]; $posttitle = $maruja[1]; $posttext = $maruja[2]; $time = $maruja[3]; $userid = $maruja[4]; $fullname = $maruja[5]; echo '
'.$posttitle.'
'; echo ''.$posttext.'
'; if (file_exists('userpics/'.$userid.'.jpg')){ echo '
';
}
//to attack!!!
$ratsql = $dbh->prepare("select avg(rating) from forum_rating where postid = ?");
$ratsql->bindValue(1,$postid);
$ratsql->execute();
$ratrow = $ratsql->fetch();
$avgrat = ceil($ratrow[0]);
for ($i=1;$i<=5;$i++ )
{
if ($i <= $avgrat){
echo '
';
}
else {
echo '
';
}
}
echo 'Posted by '.$fullname.' at '.$time.''; } //pagination! if ($start > 0){ $last = $start-1; $url = 'prev |'; } for ($i = 0; $i<$numlinks;$i++){ $j = $i+1; $url .= ''.$j.' |'; } if ($start < $numlinks - 1){ $next= $start+1; $url .= 'next |'; } echo substr($url,0,strlen($url)-1); //if you want to strip the last character ?>