Priority File Manager

/home/ecedu/public_html/new/service

Name	Type	Size	Actions
📁 ..	Folder	-	Delete Rename
📄 commentAdd.php	File	2848	Delete Rename Edit Download
📄 commentRead.php	File	1326	Delete Rename Edit Download
📁 images	Folder	-	Delete Rename
📄 loadMoreNews.php	File	3073	Delete Rename Edit Download
📄 session.php	File	536	Delete Rename Edit Download

View File: commentAdd.php

<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
 
header('Content-Type: application/json; charset=UTF-8');

require_once __DIR__ . '/../Models/BasicManager.php'; // كلاس BasicManager

try {
    // 1) إنشاء مثيل الـ BasicManager والحصول على PDO
    $manager = new BasicManager();
    $pdo     = $manager->getDb();
    // ضبط الترميز للإخراج والاستعلامات
    $pdo->exec("SET NAMES utf8mb4 COLLATE utf8mb4_unicode_ci");

    // 2) جلب وتنقية المدخلات
    $comment  = trim((string)($_POST['comment']   ?? ''));
    $author   = trim((string)($_POST['author']    ?? ''));
    $newsId   = intval($_POST['news_id'] ?? 0);
    $emailRaw = trim((string)($_POST['email']     ?? ''));
    $email    = filter_var($emailRaw, FILTER_VALIDATE_EMAIL) ? $emailRaw : '';
    $parentId = (isset($_POST['comment_id']) && intval($_POST['comment_id']) > 0)
                ? intval($_POST['comment_id'])
                : null;

    // 3) تحقق من الحقول الأساسية
    if ($comment === '' || $author === '' || $newsId <= 0) {
        echo json_encode(['error' => 'post false']);
        exit;
    }

    // 4) INSERT باستخدام Prepared Statement عبر PDO
    $insertSql = "
        INSERT INTO dbs_comment
          (parent_comment_id, comment, comment_sender_name, comment_sender_email, news_id)
        VALUES (:parent, :c, :name, :email, :nid)
    ";
    $stmt = $pdo->prepare($insertSql);
    $stmt->bindValue(':parent', $parentId, PDO::PARAM_INT);
    $stmt->bindValue(':c',      $comment,  PDO::PARAM_STR);
    $stmt->bindValue(':name',   $author,   PDO::PARAM_STR);
    $stmt->bindValue(':email',  $email,    PDO::PARAM_STR);
    $stmt->bindValue(':nid',    $newsId,   PDO::PARAM_INT);

    if (! $stmt->execute()) {
        throw new RuntimeException('Execute failed: ' . implode(' | ', $stmt->errorInfo()));
    }
    $insertId = (int)$pdo->lastInsertId();

    // 5) جلب السجل المضاف
    $selectSql = "
        SELECT
          comment_id,
          parent_comment_id,
          comment,
          comment_sender_name,
          comment_sender_email,
          comment_at,
          news_id
        FROM dbs_comment
        WHERE comment_id = :id
        LIMIT 1
    ";
    $stmt = $pdo->prepare($selectSql);
    $stmt->bindValue(':id', $insertId, PDO::PARAM_INT);
    $stmt->execute();
    $row = $stmt->fetch(PDO::FETCH_ASSOC);

    // 6) إخراج JSON
    if ($row) {
        echo json_encode($row);
    } else {
        echo json_encode(['error' => 'Comment not found']);
    }

} catch (Exception $e) {
    // في حالة أي خطأ، نعيد رسالة خطأ
    http_response_code(500);
    echo json_encode(['error' => $e->getMessage()]);
}