php to store and display star ratings

ratings

<?php
session_start();
include ("connect.php");
require("checklogin.php");
$message = isset( $_GET['message'] )? $_GET['message']: "";
$formValue=array();
foreach ($_POST as $key => $value) {
$formValue[$key] = strip_tags($value);
$usercomments = nl2br($_POST['usercomments']);
$_SESSION['post_vars'][$key] = $value;
}
// empty form field validation
if(isset($_POST['Submit'])){
if($formValue['subject']=="" || $formValue['usercomments']=="" || $formValue['rating']==""){

$message = "Please enter data in the form" ;
header("Location: snickers.php?message=$message");

}else{
$Link = mysql_connect($Host, $User, $Password);
$user = $_SESSION['UserName'];

// insert data into the comments table
$query = "INSERT INTO crcomments VALUES ('0','".mysql_escape_string($user)."','".mysql_escape_string($formValue["subject"])."',NOW(),'".mysql_escape_string($usercomments)."','".mysql_escape_string($formValue["rating"])."','snickers')";

if(mysql_query ($query, $Link)){
$message = "Thank you for your comments";
header("Location: snickers.php?message=$message");
}else{
$message = "Error Inserting!" . mysql_error();
header("Location: snickers.php?message=$message");

}
}
}

// Edit comments empty form field validation
if(isset($_POST['Edit'])){
if($formValue['subject']=="" || $formValue['usercomments']=="" || $formValue['rating']==""){

$message = "Please enter data in the form" ;
header("Location: snickers.php?message=$message");

}else{
$Link = mysql_connect($Host, $User, $Password);
$user = $_SESSION['UserName'];
//update the comments table with the new data

$Query = "UPDATE crcomments SET subject = '".mysql_escape_string($formValue["subject"])."', usercomments = '".mysql_escape_string($usercomments)."', rating = '".mysql_escape_string($formValue["rating"])."' WHERE id = '".mysql_escape_string($formValue["id"])."'";

if(mysql_query ($Query, $Link)){
$message = "Comments edited";
header("Location: snickers.php?message=$message");
}else{
$message = "Error Inserting!";
header("Location: snickers.php?message=$message");
}
}
}
?>

<?php 
// create the average rating variable
$query = sprintf("SELECT CAST(AVG(CAST(rating as DECIMAL(10,2))) AS DECIMAL(10,2)) as avrating FROM crcomments WHERE product ='snickers'"); 
$Result = mysql_query($query); 
while ($row = mysql_fetch_assoc($Result)) { 
$avrating=$row['avrating']; 
} 
?>

<!doctype html>
<html>
<head>
<meta charset="utf-8">

<link rel="stylesheet" href="styles/all.css" />
<link rel="stylesheet" href="styles/forms.css" />

<script type="text/javascript" src="javascript/jquery-1.7.1.min.js"></script>

<link href='//fonts.googleapis.com/css?family=Cantora+One' rel='stylesheet' type='text/css'>
<link href='//fonts.googleapis.com/css?family=Voltaire' rel='stylesheet' type='text/css'>
<link href='//fonts.googleapis.com/css?family=Ubuntu:400,500' rel='stylesheet' type='text/css'>

<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />

<title>Chocolate Review - What is Your Favourite Chocolate Bar?</title>
<meta name="Description" content="Rate and review six of the top chocolate bars - Dairy Milk, Ferrero Rocher, Kit Kat, Mars, Snickers, Twix" />
<meta name="Keywords" content="Chocolate Review,  Dairy Milk, Ferrero Rocher, Kit Kat, Mars, Snickers, Twix" />

</head>

<br style="clear:left;"/>

<div class="container">

<div id="navigation">
<ul>
<li><a href="index.php">Home</a></li>
<li><a href="dairymilk.php">Dairy Milk</a></li>
<li><a href="ferrerorocher.php">Ferrero Rocher</a></li>
<li><a href="kitkat.php">Kit Kat</a></li>
<li><a href="mars.php">Mars</a></li>
<li><a href="snickers.php">Snickers</a></li>
<li><a href="twix.php">Twix</a></li>
<li><a href="register.php">Register</a></li>
<li><a href="profile.php">Profile</a></li>
<li><a href="logout.php">Logout</a></li>
</ul>
</div>

<figure class="imageleft"><br>
<img src="images/snickers.png" class="imgsize" alt="Snickers" title="Snickers">
<figcaption>&copy; smartcanucks.ca</figcaption></figure>

<p class="chocolate">Snickers consists of nougat topped with caramel and peanuts and covered in milk chocolate. First manufactured by the Mars family in 1942 the bar is named after their favourite horse. It was previously known as Marathon in the UK.<br /><br />

There are several different varieties including dark chocolate, almond and peanut butter but the traditional variety remains the most popular in fact Snickers is the best selling chocolate bar in the World with annual global sales of &#8364;2.00 billion (&#x000A3;1.22 billion).<br /><br />

<span class="nheader">Nutritional Information</span><br /><br />

Percentages represent the Guideline Daily Amounts (GDAs) as part of a 2,000 calorie diet and are for a standard 52.7g bar.</p>

<br style="clear:left;"/>

<div class="ntable">

<table style="width: 75%">
<tr>
<td class="header" style="width: 180px">Calories</td>
<td class="header" style="width: 180px">Fat</td>
<td class="header" style="width: 180px">Sat Fat</td>
<td class="header" style="width: 180px">Sugars</td>
<td class="header" style="width: 180px">Sodium</td>
  </tr>
  <tr>
    <td class="cells">250</td>
    <td class="cells">12g</td>
    <td class="cells">4.5g</td>
    <td class="cells">27g</td>
    <td class="cells">120mg</td>
  </tr>
  <tr>
    <td class="cells">13%</td>
    <td class="cells">18%</td>
    <td class="cells">23%</td>
    <td class="cells">30%</td>
    <td class="cells">5%</td>
  </tr>
</table>

</div>
</div>

<br style="clear:left;"/>
<br style="clear:left;"/>

<div class="formcontainer">

<p class="confirmation"><?php print $message ; ?></p>

<form action="snickers.php?CreateRecord=1" method="post" enctype="multipart/form-data" name="reviewform" id="reviewform">

<fieldset>
<div class="legendcomments">Post a Comment</div>

<div class="registerform">
<div><input id="subject" class="insetsubject" name="subject" type="text" placeholder="Subject" value="<?php isset($_GET['subject']) ? print($_GET['subject']) : print(''); ?>"/></div>
<input type="hidden" name="id" value="<?php isset($_GET['id']) ? print($_GET['id']) : print(''); ?>"> 
<div><textarea id="usercomments" name="usercomments" class="addcomment" placeholder="Enter your comments"><?php isset($_GET['usercomment']) ? print($_GET['usercomment']) : print('');?></textarea></div>

<div class="submit"><input name="Reset" type="reset" class="resetcbtn" value="Reset"/></div>
<div class="submit"><input name="Filter" type="submit" class="filterbtn" value="Filter Rating"/></div>
<div class="submit"><input name="Submit" type="submit" class="submitcbtn" value="Post"></div>
<div class="submit"><input name="Edit" type="submit" class="editbtn" value="Update"/></div>

</div>
</fieldset>

<p class="averagerating">Product Average Rating: </p>
<div class="average"><?php print $avrating ?></div>

<div class="dropdown">
<select name="value" class="ddfont">
	<option value="1">One Bar</option>
	<option value="2">Two Bars</option>
	<option value="3">Three Bars</option>
	<option value="4">Four Bars</option>
	<option value="5">Five Bars</option>
</select>
</div>

<div class="rating">
<div class="ratingpos">
<p class="rating">Your Rating</p>
    <input name="rating" type="radio" value="1" /><span></span>
    <input name="rating" type="radio" value="2" /><span></span>
    <input name="rating" type="radio" value="3" checked /><span></span>
    <input name="rating" type="radio" value="4" /><span></span>
    <input name="rating" type="radio" value="5" /><span></span>
</div>
</div>

</form>

<br style="clear:left;"/>

<?php 
$result = mysql_connect($Host, $User, $Password);
if(isset($_POST['Filter'])){
if($_POST['value'] == '1') { 
    // query to get all 1 bar ratings
    $query = mysql_query("SELECT * FROM crcomments WHERE product='snickers' AND rating='1'"); 
} 
elseif($_POST['value'] == '2') { 
    // query to get all 2 bar ratings
    $query = mysql_query("SELECT * FROM crcomments WHERE product='snickers' AND rating='2'"); 
} 	
elseif($_POST['value'] == '3') { 
    // query to get all 3 bar ratings
    $query = mysql_query("SELECT * FROM crcomments WHERE product='snickers' AND rating='3'"); 
	} 	
elseif($_POST['value'] == '4') { 
    // query to get all 4 bar ratings
    $query = mysql_query("SELECT * FROM crcomments WHERE product='snickers' AND rating='4'"); 
	} 	
elseif($_POST['value'] == '5') { 
    // query to get all 5 bar ratings
    $query = mysql_query("SELECT * FROM crcomments WHERE product='snickers' AND rating='5'"); 
}
showComments($query);
}else{
//query the database and display the comments by descending order with the latest comment first
$query = mysql_query("SELECT * FROM crcomments WHERE product='snickers' ORDER BY dateofcomment DESC");
showComments($query);
}

// loop through the table and get the field data
function showComments($result){
WHILE($board = mysql_fetch_array($result)):
$cmtusername = $board['username'];
$cmtsubject = $board['subject'];
$usercomments = $board['usercomments'];
$rating = $board['rating'];
$cmtdate = $board['dateofcomment'];
$timestamp = strtotime($cmtdate); 
$new_date = date('j F Y, g:i a', $timestamp);
$id = $board['id'];
// generate the chocolate images with a count
$chocolates = $stars = null;
$stars = $rating;
for( $i=0; $i<$stars; $i++ ){
$chocolates .= "<img src=images/chocolate_small.png alt='Chocolate Piece'>";
}

// pair the comments with the logged in user then create an edit link
if ($_SESSION['UserName'] == $cmtusername){
$editcomment = '<a href="?action=editcomment&subject='.urlencode($cmtsubject).'&usercomment='.urlencode($usercomments).'&rating='.$stars.'&id='.$id.'">Edit Comment</a>';
}else{
$editcomment = ''; 
}

// display the data using the echo statement
echo '
<br style="clear:left;"/>
<div class="formcomments">
<h3>Subject : '.$cmtsubject.'. Posted by '.$cmtusername.' on '.$new_date.' '.$editcomment.'</h3><br />
'.$usercomments.'<br />
<div class="storedrating">'.$chocolates.'</div><br /><br />
</div>';
endwhile;
}
?>

<footer id="homefooter">
<span class="footertext">&copy; 2014</span>
</footer>
</div>

<br style="clear:left;"/>
<br style="clear:left;"/>

</body>
</html>