<?phperror_reporting(E_ALL);$pdo = new PDO("mysql:host=localhost;dbname=

1. <?php
2.  
3. error_reporting(E_ALL);
4.  
5. $pdo = new PDO("mysql:host=localhost;dbname=_fantapc", '_fpcroot', '');
6.  
7. $query = $pdo->prepare("SELECT * FROM users WHERE id=:id");
8. $query->bindValue(":id", $_GET['id'], PDO::PARAM_INT);
9. $query->execute();
10. $profile = $query->fetch();
11.  
12. if(isset($_POST['formsub'])) {
13.     $comment = $_POST['comment'];
14.     $rating = $_POST['rating'];
15.     $judge = $_SESSION['user_id'];
16.     $victim = $_GET['id'];
17.  
18.   $query = $pdo->prepare("INSERT INTO profile_comments(user_id_judge,user_id_victim,comment, rating) VALUES (:user_id_judge,:user_id_victim,:comment,:rating)");
19.   $query->bindValue(":comment", $comment, PDO::PARAM_STR);
20.   $query->bindValue(":rating", $rating, PDO::PARAM_INT);
21.   $query->bindValue(":user_id_judge", $judge, PDO::PARAM_INT);
22.   $query->bindValue(":user_id_victim", $victim, PDO::PARAM_INT);
23.   $query->execute();
24.  
25. }
26.  
27. ?>
28.  
29. <table><tr><td><p class='lead'>PROFILE PIC</p></td><td>
30. <h1><? echo strtoupper($profile['username']); ?></h1><br />
31. <img class='pull-right' src='img/abel.gif' />
32. Fantasica ID: <? echo $profile['gameid']; ?><br />
33. Member since: <? echo $profile['signUpDate']; ?></p>
34. </td></tr>
35. </table>
36.  
37. <? if($_SESSION['username']) {
38. echo "<table><td>";
39. echo "<form action='index.php?page=profile&id={$_GET['id']}' method='post'>";
40. echo "<input type='text' name='comment'><br>";
41. echo "<input type='hidden' name='formsub' value='1'>";
42. echo '<tr><td></td><td><input type="image" src="img/send.png" alt="Submit Form" /></td></tr>';
43.  
44. echo "</form></td>";
45.  
46. } ?>