Hello and welcome to our community! Is this your first visit?
Register
Page 1 of 4 1234 LastLast
Results 1 to 10 of 37
  1. #1
    Fanatic Enthusiast The Inzuki's Avatar

    Join Date
    Oct 2006
    Location
    ???
    Posts
    4,690

    Comment System Help

    I'm creating a comment system on my website which allows users to comment on people's profiles. I have a table called "comment" (forgot the "s") and have these in it:
    id, to, from, title, and message,
    but for some reason when I insert a comment into their, "to" does not get updated, and "to" is supposed to be the ID of the profile page (i.e. if I'm trying to comment on my profile page which the ID is 1, the "to" in the table should b3 1). Any solutions?

    If you need to find any errors (which I couldn't find any), here's the script:

    Code:
    <?php
    
    $from = $_SESSION['username'];
    $title = $_POST['title'];
    $message = $_POST['comment'];
    $pid = $_GET['id'];
    
    $sql2 = "SELECT * FROM `users` WHERE `id`='".$pid."'";
    $res2 = mysql_query($sql2) or die(mysql_error());
    
    if ($_POST['submit']){
    	if (!$title || !$message) {
    		die('You did not complete all of the required fields!');
    	}
    	
    	$sql3 = "INSERT INTO `comment` (`to`,`from`,`title`,`message`) VALUES('".$pid."','".$from."','".$title."','".$message."')";
    	$res3 = mysql_query($sql3) or die(mysql_error());
    ?>
    
    
    
    Comment Sent</br>
    Thank you for commenting on this user's profile!
    
    NOTE: Ignore the "This user does not exist!" message.
    
    
    <?php
    }else {
    ?>
    
    <table border="0" cellspacing="1" cellpadding="1">
    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    <tr><td style="color: #336666;">Comment On This Users Profile: </td></tr>
    <tr><td style="color: #336666;"><u>Title: </u></td><td><input type="text" name="title" maxlength="32"></td></tr>
    <tr><td style="color: #336666;"><u>Comment: </u></td><td><textarea type="text" name="comment" maxlength="255" rows="8" cols="22">Please insert your comment here!</textarea></td></tr>
    <tr><td></td><td><input type="submit" name="submit" value="Add Comment"></td></tr>
    </form></table>
    
    <?php
    }
    ?>
    Thanks to whomever figures it out and helps!
    hi.

  2. #2
    Obsessed Veteran Adam's Avatar



    Join Date
    Nov 2004
    Location
    UK / England
    Posts
    17,271

    Re: Comment System Help

    Firstly that's some terrible code. Lack of validation and open to mysql injections, you may want to secure it.

    If the ID is not getting inserted, simply do some debugging. Echo out $pid if you don't see anything then it's not successfully getting the GET 'id' parameter.

  3. #3
    Fanatic Enthusiast The Inzuki's Avatar

    Join Date
    Oct 2006
    Location
    ???
    Posts
    4,690

    Re: Comment System Help

    Quote Originally Posted by Adam
    Firstly that's some terrible code. Lack of validation and open to mysql injections, you may want to secure it.

    If the ID is not getting inserted, simply do some debugging. Echo out $pid if you don't see anything they it's not successfully getting the GET 'id' parameter.
    It outputs the number it should, but I still don't understand why it doesn't take that number and place it in the table.

    And thanks about the tip about SQL injections, I'll use magic quotes and pconnect, if that helps in any way.
    hi.

  4. #4
    Obsessed Veteran Adam's Avatar



    Join Date
    Nov 2004
    Location
    UK / England
    Posts
    17,271

    Re: Comment System Help

    No use http://uk.php.net/mysql_real_escape_string

    Check the field names again, so it doesn't throw any error?

  5. #5
    Obsessed Veteran Adam's Avatar



    Join Date
    Nov 2004
    Location
    UK / England
    Posts
    17,271

    Re: Comment System Help

    Ah, in fact rename the field "to" to something else and try again, i.e like destination.

  6. #6
    Fanatic Enthusiast The Inzuki's Avatar

    Join Date
    Oct 2006
    Location
    ???
    Posts
    4,690

    Re: Comment System Help

    Quote Originally Posted by Adam
    Ah, in fact rename the field "to" to something else and try again, i.e like destination.
    Hmm, that didn't work either. And I made sure every word was changed from "to" to "destination."
    EDIT: Also, I did use "mysql_real_escape_string"
    hi.

  7. #7
    Obsessed Veteran Adam's Avatar



    Join Date
    Nov 2004
    Location
    UK / England
    Posts
    17,271

    Re: Comment System Help

    So you've change the field name "to" to destination correct? and all the other fields have data being inserted into them correctly bar, the destination field?

    What datatypes are the fields? i.e VARCHAR etc.

  8. #8
    Fanatic Enthusiast The Inzuki's Avatar

    Join Date
    Oct 2006
    Location
    ???
    Posts
    4,690

    Re: Comment System Help

    Quote Originally Posted by Adam
    So you've change the field name "to" to destination correct? and all the other fields have data being inserted into them correctly bar, the destination field?
    Yes, "to" is changed to "destination" in every spot needed, and all the other fields besides "destination" are having data sent to them.

    And as for the types, "id" and "destination" are ints, "from" is text, and "title" and "message are varchars.
    hi.

  9. #9
    Obsessed Veteran Adam's Avatar



    Join Date
    Nov 2004
    Location
    UK / England
    Posts
    17,271

    Re: Comment System Help

    I'll lock this. I'll help you directly via pm so I can see the script running. Drop me a pm with the url of the script and I'll help you out, details to FTP, and MYPHPADMIN I'll fix it in no time.

    --- I rarely do this for anyone.

  10. #10
    Obsessed Veteran Adam's Avatar



    Join Date
    Nov 2004
    Location
    UK / England
    Posts
    17,271

    Re: Comment System Help

    Just thought I would post again for any onlookers.

    I didn't initially spot the problem, you often have to see the code running first. If you look, $_GET will never get set, or at least it won't under insertion due to the submission of "submit" which is being fired upon by a $_POST call, so we loose the GET data therefore no ID.


    Unlocked -- issue solved. Any more problems Teh Inzuki post here.


 
Page 1 of 4 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •