<?php
    $_id = isset($_GET['i']) ? intval($_GET['i']) : 0;
    $_back = isset($_GET['b']) ? trim(str_replace('@', '&', $_GET['b'])) : 's=home';
    $_comment = isset($_POST['comment']) ? trim(strval($_POST['comment'])) : '';

    if ($_id)
    {
        $tiles = mysqli_query_logged("SELECT * FROM tiles WHERE tile_id = " . sq($_id) . " AND user_id = '" . $GLOBALS['auth']['id'] . "'");
        if ($tiles_row = mysqli_fetch_assoc($tiles))
        {
            mysqli_query_logged("UPDATE tiles SET comment = " . sq($_comment) . " WHERE tile_id = " . sq($_id));
        }
    }

    header('Location: ./?' . $_back);
    die;
?>