将图像添加到评论框

时间:2015-11-15 15:09:30

标签: javascript php

感谢您的时间。 我有以下代码适用于我的评论系统,虽然我现在无法确定安全性。但我需要你的帮助:

  1. 允许任何评论的人将他们的图片添加到他们的评论中,无论是注册用户还是访问者
  2. 构建内部评论或回复框。这就是我得到的。
  3. 对评论计数器的评论
  4. 以下是评论的PHP代码:

    <?php 
    // Connect to the database
    include('config.php'); 
    $id_post = "1"; //the post or the page id
    ?>
    <div class="cmt-container" >
        <?php 
        $sql = mysql_query("SELECT * FROM comments WHERE id_post = '$id_post'") or die(mysql_error());;
        while($affcom = mysql_fetch_assoc($sql)){ 
            $name = $affcom['name'];
            $email = $affcom['email'];
            $comment = $affcom['comment'];
            $date = $affcom['date'];
    
            // Get gravatar Image 
            // https://fr.gravatar.com/site/implement/images/php/
            $default = "mm";
            $size = 35;
            $grav_url = "http://www.gravatar.com/avatar/".md5(strtolower(trim($email)))."?d=".$default."&s=".$size;
    
        ?>
        <div class="cmt-cnt">
            <a href="<?php echo $file_path; ?>"><img src="<?php echo $file_path; ?>"  height="250" /></a>
            <div class="thecom">
                <h5><?php echo $name; ?></h5><span data-utime="1371248446" class="com-dt"><?php echo $date; ?></span>
                <br/>
                <p>
                    <?php echo $comment; ?>
                </p>
            </div>
        </div><!-- end "cmt-cnt" -->
        <?php } ?>
    
    
        <div class="new-com-bt">
            <span>Write a comment ...</span>
        </div>
        <div class="new-com-cnt">
            <input type="text" id="name-com" name="name-com" value="" placeholder="Your name" />
            <input type="text" id="mail-com" name="mail-com" value="" placeholder="Your e-mail adress" />
            <textarea class="the-new-com"></textarea>
            <div class="bt-add-com">Post comment</div>
            <div class="bt-cancel-com">Cancel</div>
        </div>
        <div class="clear"></div>
    </div><!-- end of comments container "cmt-container" -->
    
    
    <script type="text/javascript">
       $(function(){ 
            //alert(event.timeStamp);
            $('.new-com-bt').click(function(event){    
                $(this).hide();
                $('.new-com-cnt').show();
                $('#name-com').focus();
            });
    
            /* when start writing the comment activate the "add" button */
            $('.the-new-com').bind('input propertychange', function() {
               $(".bt-add-com").css({opacity:0.6});
               var checklength = $(this).val().length;
               if(checklength){ $(".bt-add-com").css({opacity:1}); }
            });
    
            /* on clic  on the cancel button */
            $('.bt-cancel-com').click(function(){
                $('.the-new-com').val('');
                $('.new-com-cnt').fadeOut('fast', function(){
                    $('.new-com-bt').fadeIn('fast');
                });
            });
    
            // on post comment click 
            $('.bt-add-com').click(function(){
                var theCom = $('.the-new-com');
                var theName = $('#name-com');
                var theMail = $('#mail-com');
    
                if( !theCom.val()){ 
                    alert('You need to write a comment!'); 
                }else{ 
                    $.ajax({
                        type: "POST",
                        url: "ajax/add-comment.php",
                        data: 'act=add-com&id_post='+<?php echo $id_post; ?>+'&name='+theName.val()+'&email='+theMail.val()+'&comment='+theCom.val(),
                        success: function(html){
                            theCom.val('');
                            theMail.val('');
                            theName.val('');
                            $('.new-com-cnt').hide('fast', function(){
                                $('.new-com-bt').show('fast');
                                $('.new-com-bt').before(html);  
                            })
                        }  
                    });
                }
            });
    
        });
    </script>
    

    和Ajax脚本:

    <?php
    extract($_POST);
    if($_POST['act'] == 'add-com'):
        $name = htmlentities($name);
        $email = htmlentities($email);
        $comment = htmlentities($comment);
    
        // Connect to the database
        include('../config.php'); 
    
        // Get gravatar Image 
        // https://fr.gravatar.com/site/implement/images/php/
        $default = "mm";
        $size = 35;
        $grav_url = "http://www.gravatar.com/avatar/" . md5( strtolower( trim( $email ) ) ) . "?d=" . $default . "&s=" . $size;
    
        if(strlen($name) <= '1'){ $name = 'Guest';}
        //insert the comment in the database
        mysql_query("INSERT INTO comments (name, email, comment, id_post)VALUES( '$name', '$email', '$comment', '$id_post')");
        if(!mysql_errno()){
    ?>
    
        <div class="cmt-cnt">
            <img src="<?php echo $grav_url; ?>" alt="" />
            <div class="thecom">
                <h5><?php echo $name; ?></h5><span  class="com-dt"><?php echo date('d-m-Y H:i'); ?></span>
                <br/>
                <p><?php echo $comment; ?></p>
            </div>
        </div><!-- end "cmt-cnt" -->
    
        <?php } ?>
    <?php endif; ?>
    

0 个答案:

没有答案