<?php
session_start();
$link = mysql_connect("localhost", "***", "***") or die("Could not connect: " . mysql_error());
mysql_select_db("***", $link);
$_SESSION[full_url]=mysql_real_escape_string(basename($_SERVER['REQUEST_URI']));
$_SESSION[mess_url]=strtok($_SESSION[full_url], '?');
if (isset($_POST[user_text])) {
$_SESSION[comment_user_text]=$_POST[user_text];
if (get_magic_quotes_gpc()=="0") $_SESSION[comment_user_text]=mysql_real_escape_string($_POST[user_text]);
$_SESSION[comment_user_text]=htmlspecialchars($_SESSION[comment_user_text]);
$result = mysql_query("insert into comment (date,theme,message) values ('".date("Y-m-d H:i:s")."','".$_SESSION[mess_url]."','".$_SESSION[comment_user_text]."')");
$_SESSION[send]='Комментарий принят и ожидает модерации.';
header("Location: $_SESSION[mess_url]#last");
exit;
}
?>