im having trouble with my insert into function. i need to insert a review, logged in users email, movie id, and review date.
this is my php
----------------PHP CODE--------------------------
[php]
<?php # index.php This is the main page for the site.
//Set the page title and include the header.
$page_title = 'Reviews';
require_once ('./includes/header.php');
//Logged in.
if(isset($_SESSION['user_id']) && isset($_COOKIE['moviereviews'])){
//Make the query.
$query = "SELECT movies.movieImage, reviews.review, DATE_FORMAT(reviews.reviewDate, '%d %M %Y') AS rd , accounts.email, movies.movieName FROM reviews INNER JOIN accounts ON reviews.userID=accounts.userID INNER JOIN movies on reviews.movieID=movies.movieID";
//Get specific product.
if(isset($_GET['ID'])){//Get specific user posts
$query .= " WHERE accounts.userID=reviews.userID AND movies.movieID=".$_GET['ID']." ORDER BY DATE_FORMAT(reviewDate, '%d %M, %Y') DESC";
$result=mysqli_query($dbc, $query);
}
if(isset($_POST['moviereview'])){
$_POST['review'] = mysqli_real_escape_string($dbc, 'review');
$_GET['ID'] = mysqli_real_escape_string($dbc, 'ID');
$_GET['user_id'] = mysqli_real_escape_string($dbc, 'user_id');
$_GET['reviewDate'] = mysqli_real_escape_string($dbc, 'reviewDate');
// Escape an illigal MySql characters in the data
$query="INSERT INTO reviews (movieID, userID, reviewDate, review) values('ID', 'user_id', 'reviewDate', 'review')";
$result=mysqli_query($dbc, $query);
if($result){
// Log the new user in and send to the home page
// Get the newly generated record ID.
$newId=mysqli_insert_id($dbc);
}
}
//Table to layout the user records.
echo "
| |
Movie
|
Review
|
Member
|
ReviewDate
|
";
//Fetch and display all retrieved records.
while($row = mysqli_fetch_array($result, MYSQL_ASSOC)){
echo "", "![]()
| ";
echo "", $row['movieName'], " | ";
echo "", $row['review'], " | ";
echo "", $row['email'], " | ";
echo "", $row['rd'], " | ";
echo "";
}
//close the table
echo "
";
//Free up the resources.
mysqli_free_result ($result);
//Close the database connection.
mysqli_close($dbc);
//End of links section.
?>
<link href="styles/layout.css" rel="stylesheet" type="text/css">
</head>
<div id="Review">
<form method="POST" action="review.php">
<textarea cols="100" rows="5" id="review" name="review" placeholder="Enter your review"></textarea>
<br />
<input type="submit" name="moviereview" id="moviereview" value="Review Movie">
</form>
</div>
<?php
}else{
//display error message and include the footer then kill the script
$url = './error.php';
// re-direct to the page
header("Location: $url");
//end if logged in
}
//Include the footer file.
require_once ('./includes/footer.php');
?>
[/php]
----------------END PHP CODE--------------------------
