prepare("SELECT * FROM `users` WHERE `users`.`id` = :id");
$userQuery->bindParam(":id", $_COOKIE["user_id"]);
$userQuery->execute();
$user = $userQuery->fetch(PDO::FETCH_ASSOC);
if (!isset($user["id"])) {
echo "You are not logged in!";
exit;
}
/* Now we know the user is logged in, insert the message to the database */
$subject = $_POST["subject"];
$message = $_POST["message"];
$userID = $user["id"];
$insertSQL = "INSERT INTO `messages` (`id`, `subject`, `message`, `user`, `date`) VALUES (NULL, $subject, $message, $userID, NOW())";
$db->query($insertSQL);
/* Display the new updated list */
$messageQuery = $db->prepare("SELECT * FROM `messages` INNER JOIN `users` ON (`messages`.`user` = `users`.`id`) ORDER BY `date` DESC LIMIT 10");
$messageQuery->execute();
$messages = $messageQuery->fetchAll(PDO::FETCH_ASSOC);
foreach ($messages as $message) {
echo '' . $message["subject"] . ' ' . $message["user_name"] . '
';
echo '' . $message["message"] . '
';
echo '
';
}
?>