load_lang(); $db = new Database(); $sec = new security(); $table = $sec->retrieve_table_from_coll($_REQUEST['coll_id']); $date = $db->current_datetime(); $query = "INSERT INTO " . NOTES_TABLE . "(identifier, note_text, date_note, user_id, coll_id, tablename) VALUES(".$_REQUEST['id'] . ", '" . $_REQUEST['fieldNotes']. "', " . $date . ", '" . functions::xssafe($_SESSION['user']['UserId']) . "', '" . functions::xssafe($_REQUEST['coll_id']) . "', '" . functions::xssafe($table) . "')"; $returnId = $db->query($query); if (!$returnId) { $return['status'] = 0; $return['msg'] = 'fail'; echo json_encode($return); exit; } $return['status'] = 1; $return['msg'] = 'note ajoutée'; $return['newNote'] = ''; $return['newNote'] .= '

'; $return['newNote'] .= '

'.functions::xssafe($_SESSION['user']['FirstName']).' '.functions::xssafe($_SESSION['user']['LastName']).' le '.date('Y-m-d').'

'; $return['newNote'] .= '

' . $_REQUEST['fieldNotes'] . '

'; $return['newNote'] .= '

'; echo json_encode($return);