37 lines
938 B
PHP
37 lines
938 B
PHP
|
<?PHP
|
||
|
|
||
|
// do I need to do additional security checks to make sure the script is being called appropriately?
|
||
|
|
||
|
include("config.php");
|
||
|
|
||
|
if (!$_POST){ header('Location: '.$site_url); }
|
||
|
|
||
|
// error checking
|
||
|
if(!isset($_POST)) exit();
|
||
|
|
||
|
if (isset($_POST[delete])) {
|
||
|
// convert the array to a SQL friendly format
|
||
|
$deleteList = "(".implode(",", $_POST[delete]).")";
|
||
|
|
||
|
// build the SQL query to delete the edits that are bad
|
||
|
$sql = "DELETE FROM ".$prefix."FittersComment WHERE comment_id IN $deleteList";
|
||
|
|
||
|
mysql_query($sql) or die(mysql_error());
|
||
|
}
|
||
|
|
||
|
if (isset($_POST[validate])) {
|
||
|
// convert the array to a SQL friendly format
|
||
|
$comment_idlist = "(".implode(",", $_POST[validate]).")";
|
||
|
|
||
|
// build the SQL query
|
||
|
$sql = "UPDATE ".$prefix."FittersComment
|
||
|
SET comment_valid = 1
|
||
|
WHERE comment_id IN $comment_idlist;";
|
||
|
|
||
|
mysql_query($sql) or die(mysql_error());
|
||
|
}
|
||
|
|
||
|
|
||
|
header('Location: '.$site_url.'/comments_validate.php');
|
||
|
|
||
|
?>
|