prepare("SELECT * FROM cars WHERE id = ?"); $stmt->execute([$carId]); $car = $stmt->fetch(PDO::FETCH_ASSOC); if (!$car) { header("Location: car_list.php"); exit(); } // Fetch approved reviews $stmt = $pdo->prepare("SELECT r.*, u.username FROM reviews r JOIN users u ON r.user_id = u.id WHERE r.car_id = ? AND r.status = 'approved' ORDER BY r.created_at DESC"); $stmt->execute([$carId]); $reviews = $stmt->fetchAll(PDO::FETCH_ASSOC); // Handle Review POST if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['submit_review'])) { if (!isset($_SESSION['user_id'])) { header("Location: login.php"); exit(); } $rating = filter_input(INPUT_POST, 'rating', FILTER_VALIDATE_INT, ['options' => ['min_range' => 1, 'max_range' => 5]]); $review_text = trim(filter_input(INPUT_POST, 'review', FILTER_SANITIZE_SPECIAL_CHARS)); if ($rating && !empty($review_text)) { $stmt = $pdo->prepare("INSERT INTO reviews (car_id, user_id, rating, review) VALUES (?, ?, ?, ?)"); $stmt->execute([$carId, $_SESSION['user_id'], $rating, $review_text]); $message = "Your review has been submitted and is pending approval."; $message_type = 'success'; } else { $message = "Invalid rating or review text."; $message_type = 'danger'; } } $pageTitle = htmlspecialchars($car['make'] . ' ' . $car['model']); include 'partials/header.php'; ?>
<?= $pageTitle ?>

SOLD

Price $
Year
Mileage km
Color
Fuel Petrol
Description

Login to Buy
Status:

Customer Reviews

Leave a Review
Log in to write a review.

No reviews yet. Be the first to share your thoughts!