<?PHP // do I need to do additional security checks to make sure the script is being called appropriately? if (!$_POST){ header('Location: https://slowtwitch.com/calendar/?error=no_post'); } include("config.php"); // error checking if (isset($_POST[Review_Subject]) && isset($_POST[Review_Contents])) { if ($_SERVER['HTTP_X_FORWARD_FOR']) { $ip = $_SERVER['HTTP_X_FORWARD_FOR']; } else { $ip = $_SERVER['REMOTE_ADDR']; } $tsNow = time(); $uid = $_POST[uid]; $editor_id = $_POST[editor_id]; $subject = mysql_escape_string(trim($_POST[Review_Subject])); $message = mysql_escape_string(nl2br(htmlspecialchars(substr(trim($_POST[Review_Contents]), 0, 4096)))); // build the SQL query to delete the edits that are bad $sql = "INSERT INTO gforum_TriathlonsComment (triathlon_id_fk, comment_time, user_id_fk, comment_subject, comment_message, comment_ip, comment_valid) VALUES ($uid, '$tsNow', '$editor_id', '$subject', '$message', '$ip', 0)"; //echo $sql; mysql_query($sql) or die(mysql_error()); } header('Location: https://slowtwitch.com/calendar/individual.php?uid='.$uid.'&review_add=ok'); exit(); ?>