SUBMIT A REVIEW
if ($_SESSION['review']) { echo "You've already sent a review, to cut down on spam we only allow you to submit a review once"; die; }
function spamcheck($field) {
// Sanitize e-mail address
$field=filter_var($field, FILTER_SANITIZE_EMAIL);
// Validate e-mail address
if(filter_var($field, FILTER_VALIDATE_EMAIL)) {
return TRUE;
} else {
return FALSE;
}
}
if ($_POST['submit']) {
if(!$_POST['name'] || !$_POST['email'] || !$_POST['review'])
{
$validated = false;
if(!$_POST['name']) { $feedbackMessage = "Please enter your name"; }
else if(!$_POST['email']) { $feedbackMessage = "Please enter your Email"; }
else if(!$_POST['review']) { $feedbackMessage = "Please enter a review"; }
} else { $validated = true; }
if ($validated) {
// Check if "from" email address is valid
$mailcheck = spamcheck($_POST["email"]);
if ($mailcheck==FALSE) {
$feedbackMessage = "Your email address is invalid. Please correct";
} else {
$from = $_POST["email"]; // sender
$subject = "Back to life cars review from " . $_POST['name'] ;
$message = "You have a new review as follows: " . $_POST["review"];
// message lines should not exceed 70 characters (PHP rule), so wrap it
$message = wordwrap($message, 70);
// send mail
mail("chris@backtolifecars.com",$subject,$message,"From: $from\n");
try {
$pdo = new PDO('mysql:host=localhost;dbname=backtolifecars_', 'backtolifecars', 'b4ckt0l1fe');
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmt = $pdo->prepare('INSERT INTO reviews (name, email, review, comments) VALUES (:name, :email, :review, :comments)');
$stmt->execute(array(
':name' => $_POST['name'],
':email' => $_POST['email'],
':review' => $_POST['review'],
':comments' => $_POST['comments']
));
$_SESSION['review'] = 1;
echo "Your review has been sent to us, we will process it soon and post it on our website. Many thanks for your support"; die;
} catch(PDOException $e) {
echo 'Error: ' . $e->getMessage();
}
}
}
}
?>
if ($feedbackMessage) { ?> } ?>