class ReviewController extends Places_Controller_Action
{
Licensed to Menshu You
Please post comments or corrections to the Author Online forum at
http://www.manning-sandbox.com/forum.jspa?forumID=329
public function feedbackAction()
{
$id = (int)$this->_request->getParam('id'); #1
if ($id == 0) {
$return = Zend_Json::encode(array('result'=>false));
$this->_response->appendBody($return); #2
return;
}
$helpful = (int)$this->_request->getParam('helpful');
$helpful = $helpful == 0 ? 0 : 1; //ensure is only 0 or 1
$reviewsFinder = new Reviews();
$review = $reviewsFinder->fetchRow('id='.$id);
if ($review->id != $id) {
$return = Zend_Json::encode(array('result'=>false));
$this->_response->appendBody($return);
return;
}
if ($helpful) {
$sql = "Update reviews SET helpful_yes = (helpful_yes+1),
helpful_total = (helpful_total+1)
WHERE id=$id";
} else {
$sql = "Update reviews SET helpful_total = (helpful_total+1)
WHERE id=$id";
}
$reviewsFinder->getAdapter()->query($sql);
$review = $reviewsFinder->fetchRow('id='.$id);
$return = array('result'=>true, 'id'=>$id,
'helpful_yes'=>$review->helpful_yes,
'helpful_total'=>$review->helpful_total);
$this->_response->appendBody(Zend_Json::encode($return));
$this->_helper->viewRenderer->setNoRender(); #3
}
}
(annotation) <#1 Casting to an integer ensures that the id is ???safe??? to use in SQL statements.
Pages:
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147