I have a function to comment and rate photos.

It should insert the comment into the comment table in the DB. when i check it in the table, the comment-text and user_id are correctly inserted, but the photo_id is 0. (see screenshot)

Can someone help me with this?

Thank you very much




The function is the following:

function hon_save_vote(){

$info = auth_member();

$sql_query = "SELECT photos FROM photo_votes WHERE mem_id=".$info["mem_id"];
$exclude = $GLOBALS["DB"]->single($sql_query);
$exclude_photos = handle_empties(explode(",",$exclude));

$rating = $GLOBALS["Get"]->type_val("rating","integer");
$pho_id = $GLOBALS["Get"]->type_val("rate_pho_id","integer");
$comment = $GLOBALS["Get"]->val("comment");

if(!in_array($pho_id,$exclude_photos)){

$sql_query = "UPDATE photos SET rating=rating+".$rating.",votes=votes+1 WHERE pho_id=".$pho_id;
$GLOBALS["DB"]->execute($sql_query);

$sql_query = "UPDATE photo_votes SET photos=CONCAT(photos,'".$pho_id.",') WHERE mem_id=".$info["mem_id"];
$updated = $GLOBALS["DB"]->update($sql_query);

if(!$updated){
$sql_query = "INSERT INTO photo_votes (mem_id,photos) VALUES (".$info["mem_id"].",'".$pho_id.",')";
$GLOBALS["DB"]->execute($sql_query);
}//if

}//if

if($comment){
$sql_query = "INSERT INTO photo_comments (pho_id,mem_id,comment)
VALUES (:pho_id:,:mem_id:,':comment:')";
$vals["pho_id"] = $pho_id;
$vals["mem_id"] = $info["mem_id"];
$vals["comment"] = $comment;
$GLOBALS["DB"]->values = $vals;
$GLOBALS["DB"]->execute($sql_query);
}//if

$p_details["page"] = "";
$p_details["section"] = "";
$p_details["items_file"] = "";

build_page($p_details);

}//hon_save_vote

Set the photo_id field as an auto incrementing primary key

comment_id is the key.

photo_id cannot be autoincrementing.

You really should not be using the $GLOBALS array in PHP. It's a poor way of accessing your variables.

I don't know how else to do it.

Well, using globals is generally bad practice. You should pass in your objects to the function as parameters, and use them like that :)

sorry, but i am unable to do this. i'm just glad if one way works..

Well you're leaving yourself open to security risks. Incompetence is no excuse for lack of security my friend :) Security, education first. Code second...

you're welcome to code it for me.

Dean's time (and many coders for that matter) is probably more expensive than the time it takes to learn the foundations of programming and security and then applying it to your code.

I agree with Dean, if you want to learn how to code, take his advice. If you are under a rush or a deadline, you can hire a coder to do it properly.

If you are under a rush or a deadline, you can hire a coder to do it properly.

yes, i am.

that's why i also posted in on the paid requests forum: https://vborg.vbsupport.ru/showthread.php?t=158552

thank you

now, it inserts the comment correctly, but there is an error message in the header.

can someone help me with this?

thank you