29 lines
858 B
PHP
29 lines
858 B
PHP
<?php
|
|
|
|
require_once($_SERVER['DOCUMENT_ROOT']."/config.php");
|
|
|
|
if($_SESSION['id'] && $_POST['message'] && $_POST['object_id'] && is_numeric($_POST['object_id'])) {
|
|
$post = clearInputData($_POST);
|
|
|
|
$sql = "SELECT objects.id_add_user FROM objects WHERE objects.id=$post[object_id]";
|
|
$res = mysql_query($sql);
|
|
$obj = mysql_fetch_assoc($res);
|
|
|
|
$user_id = $_SESSION['id'];
|
|
if ($post['note_id']) {
|
|
$sql = "UPDATE object_notes SET message = '$post[message]'
|
|
WHERE id = $post[note_id] AND object_id = $post[object_id]";
|
|
} else {
|
|
$sql = "INSERT INTO object_notes (
|
|
object_id,
|
|
message,
|
|
created_by
|
|
) VALUES (
|
|
$post[object_id],
|
|
'$post[message]',
|
|
$user_id
|
|
)";
|
|
}
|
|
|
|
mysql_query($sql);
|
|
} |