<% // this page allows users to leave written comments for specific stories Set databaseConnection = getDatabaseConnection() userID = "666" closePage = False errorMessage = "" storyReviewing = Request("hon_com_storyID") storyTitle = "No Story Found" yourComments = "" If isLoggedIn() Then // get user id from cookie userID = CStr(Request.Cookies("hon")("hon_use_id")) Else // if none, then set a flag to close this page because you should not be here closePage = True End If // retrieve the title for display If IsNumeric(storyReviewing) Then Set getTitleRS = createRecordSet("SELECT hon_sto_title FROM hon_sto_stories WHERE hon_sto_id = " & safeDBEncode(storyReviewing), databaseConnection) If Not getTitleRS.EOF Then storyTitle = CStr(getTitleRS.Fields("hon_sto_title")) Else storyTitle = "No Story Found" End If destroyRecordSet(getTitleRS) Else storyTitle = "No Story Found" End If // if form submitted If Request.Form("command") = "Save Comments and Close Window" Then yourComments = Trim(Request.Form("hon_com_comments")) // check that you wrote something errorMessage = ternaryOperator((yourComments = ""), errorMessage & "Please type your comments in the box below or choose Close Window and Do Not Save Comments to close this window.
", errorMessage) // check that you did not go over the length limit (500 chars) errorMessage = ternaryOperator((Len(yourComments) > 500), errorMessage & "Comments must be 500 characters in length or less.
", errorMessage) // save comments If errorMessage = "" Then Call executeSQL("INSERT INTO hon_com_comments (hon_com_storyID, hon_com_commenterID, hon_com_comments) VALUES (" & storyReviewing & ", " & userID & ", '" & safeDBEncode(yourComments) & "')", databaseConnection) closePage = True End If ElseIf Request.Form("command") = "Close Window and Do Not Save Comments" Then // set flag to close window closePage = True End If %> Leave Written Comments For Submission <% If closePage Then %> <% End If %>

Leave Written Comments for the Author
of <%= safeHTMLEncode(storyTitle) %>
You can use the space below to leave comments for the author of <%= safeHTMLEncode(storyTitle) %>. As you leave these comments please keep in mind:
  • If you are offering criticism, please keep it constructive.
  • Make sure the title above is the HACK or NOT submission you are interested in commenting on.
  • When you press the button to save your comments, this window will close.
<% If errorMessage <> "" Then %> <%= errorMessage %> <% End If %>