fredundant

Thanks Hoogie for clearing it up for me. Makes perfect sense. Matthew it is a shared server there for Im just wanting to be on the safe side. Didn't mean to offend if I did. A big thanks to you bith for taking the time to go over my code and implementing changes where needed

Not to criticise as I'm sure your PHP is superior to mine. However it appears to me all you have done is taken out the escape. As far as I'm aware you should always escape the data when passing user input into my queries? However that doesn't solve my problem. Do I need to create a new column in my table for messages? My messages table has column for author, message and the date. My user has ID name, email, username, and password. Do i not need to create a user id for the messages table and cross the data over somehow? I'm way over my knowledge in what I'm trying to create as SQL is not a strong point for me.

This will show you how long it is taking to lad the webpage. Not quote what you asked. But the only one I can think of at the moment. At the very top of the page <? $load_time = microtime(); $load_time = explode(' ',$load_time); $load_time = $load_time[1] + $load_time[0]; $page_start = $load_time; ?> Then before you close the body tag $load_time = microtime(); $load_time = explode(' ',$load_time); $load_time = $load_time[1] + $load_time[0]; $page_end = $load_time; $final_time = ($page_end - $page_start); $page_load_time = number_format($final_time, 4, '.', ''); echo("Page generated in " . $page_load_time . " seconds")

Okay so I have 2 tables in my database. One called user and one called messages. A user logs in to the message board and leaves a message (eg nice website). They write in the author name and the message then after the message is posted it says "Nice website" Posted by (author) on (date). All is good so far. It works. However if you look at my code you will see I have a session started. This session is storing the username of the logged in user. From the column username in the users table. (This table has has an id for each user). Ive played around with the code trying to make it so the user doesnt have to fill in the author box. I want rid of that box So the logged in user just leaves a message then it says "posted by (username) on (date). Im missing something from my code. Can anyone tell me what? Please? <?php session_start(); mysql_connect("*************", "*****************", "***************"); mysql_select_db("***********************"); $time = time(); //this checks to see if the $_SESSION variable has been not set //or if the $_SESSION variable has been not set to true //and if one or the other is not set then the user gets //sent to the login page if (!isset($_SESSION['username'])) { header('Location: http://***************.com/login.php'); } $query = "INSERT INTO messages VALUES( NULL, '". mysql_real_escape_string($_POST['message']) ."', '". mysql_real_escape_string($_POST['username']) ."', '$time' )";if( $result = mysql_query($query) ) { if(mysql_affected_rows() > 0 ) { echo "Message Posted.<br><a href='messageboard.php'>Return</a>"; } else { echo 'There was an error posting your message. Please try again later.'; } } else { echo "There was a database error."; // comment out next line for live site. echo "<br>Query string: $query<br>Returned error: " . mysql_error() . '<br>'; } ;

Hi thanks for the reply. Now on that page it has added "posted by on" That I understand why. I don't understand why it isn;t showing a message. I was wanting every message to be shown.

Yes on that page, under the box where you enter the message

Okay thanks Cant believe i missed that. the messages are now being entered into the database. Now I still have the problem that the messages arent shoing up in messageboard.php

Thanks if i use msg.php?id=1 I get the message that was entered manually. Pikachu2000 Thanks so much for your help. Yes its null because the id is AI. The error i get with that code is There was a database error. Query string: INSERT INTO messages VALUES( NULL, 'hello this is a test', 'Fred', '0' , '1295810965' ) Returned error: Column count doesn't match value count at row 1 Im confused

As far as I'm aware you don't need to specify columns. It takes the first value and puts it into the first column. Second into the second column etc. I may be wrong, but thats how I was taught.

Os I've developed a Message board. A user writes a message and then it appears on the message board. However When the user enters a message it isn't inserted into the MySql. Also when the messages are entered manually directly into the MySql table they dont show on the site. Can anyone see the problem. The code is in 3 php scripts. messageboard.php <?php ; session_start(); //this checks to see if the $_SESSION variable has been not set //or if the $_SESSION variable has been not set to true //and if one or the other is not set then the user gets //sent to the login page if (!isset($_SESSION['username'])) { header('Location: http://kaaleigh.byethost15.com/login.php'); } ?> <HTML> <head><title>Message Board - Logged In</title> <link rel='stylesheet' href='layout.css'> </head> <body bgcolor="#fd8ecf"> <center><img src="headerpage.jpg"></center> <div class="navbar"> <div class="button"><a href="index.html">Home</a></div> <div class="button"><a href="news.html">News</a></div> <div class="button"><a href="gallery.html">Gallery</a></div> <div class="button"><a href="videos.html">Videos</a></div> <div class="button"><a href="contact.html">Contact</a></div> <div class="button"><a href="links.html">Links</a></div> <div class="button"><a href="msg.html">Message Kaaleigh</a></div> </div> <div class="frame"> <frameset cols="25%,75%" noresize="noresize"> <?php session_start(); $username = $_SESSION['username']; $password = $_SESSION['password']; if(isset($_SESSION['username']) && isset($_SESSION['password'])) { echo " <b>Welcome ".$username." <br><br></b>"; } else { echo "Welcome Guest! <br> <a href=login.php>Login</a> | <a href=register.php>Register</a>"; } ?> <?php mysql_connect("****************", "**********", "*********"); mysql_select_db("**************"); ?> <form action="message.php" method="POST"> Your Name: <input type="text" name="author"><br> Message:<br><textarea cols="60" rows="5" name="message"></textarea><br> <input type="submit" value="Post Message"> </form> <hr> <?php // I am selecting everything from the messages section in the database and ordering them newest to oldest. $sql = mysql_query("SELECT * FROM messages ORDER BY posted DESC"); // Now I am getting my results and making them an array while($r = mysql_fetch_array($sql)) { $posted = date("jS M Y h:i",$r[posted]); // End of Array } ?> </body> </html> message.php <?php mysql_connect("*************", "*************", "**********"); mysql_select_db("**************"); $time = time(); mysql_query("INSERT INTO messages VALUES(NULL,'$_POST[message]','$_POST[author]','0','$time')"); echo "Message Posted.<br><a href='messageboard.php'>Return</a>"; msg.php <?php mysql_connect("********", "********", "*************"); mysql_select_db("**************"); echo "<a href='messageboard.php'>Go Back...</a>"; $sql = mysql_query("SELECT * FROM messages WHERE id = '$_GET[id]'"); // Now I am getting our results and making them an array while($r = mysql_fetch_array($sql)) { // Everything within the two curly brackets can read from the database using $r[] // I need to convert the UNIX Timestamp entered into the database for when a thread... // ... is posted into a readable date, using date(). $posted = date("jS M Y h:i",$r[posted]); // Now this shows the thread with a horizontal rule after it. echo "$r[message]<h4>Posted by $r[author] on $posted</h4><hr>"; // End of Array } Any thoughts?

EDIT: PLEASE IGNORE/MOD DELETE. SPOTTED SO MUCH WRONG WITH THIS Sorry to post again so soon But you'll see I've been working hard since my last problem. What I'm trying to achieve is a message board where a user posts a message and the message appears at the top of previously added messages. And at the end it says who posted it and when. This is my code <?php ; session_start(); //this checks to see if the $_SESSION variable has been not set //or if the $_SESSION variable has been not set to true //and if one or the other is not set then the user gets //sent to the login page if (!isset($_SESSION['username'])) { header('Location: http://mydomain/login.php'); } ?> <HTML> <head><title>Message Board - Logged In</title> <link rel='stylesheet' href='layout.css'> </head> <body bgcolor="#fd8ecf"> <center><img src="headerpage.jpg"></center> <div class="navbar"> <div class="button"><a href="index.html">Home</a></div> <div class="button"><a href="news.html">News</a></div> <div class="button"><a href="gallery.html">Gallery</a></div> <div class="button"><a href="videos.html">Videos</a></div> <div class="button"><a href="contact.html">Contact</a></div> <div class="button"><a href="links.html">Links</a></div> <div class="button"><a href="msg.html">Message Kaaleigh</a></div> </div> <div class="frame"> <frameset cols="25%,75%" noresize="noresize"> <?php session_start(); $username = $_SESSION['username']; $password = $_SESSION['password']; if(isset($_SESSION['username']) && isset($_SESSION['password'])) { echo " <b>Welcome ".$username." <br><br></b>"; } else { echo "Welcome Guest! <br> <a href=login.php>Login</a> | <a href=register.php>Register</a>"; } ?> <?php mysql_connect("******", "*********", "*********"); mysql_select_db("**********"); ?> <form action="commentboard.php" method="POST"> Your Name: <input type="text" name="author"><br> Message:<br><textarea cols="60" rows="5" name="message"></textarea><br> <input type="submit" value="Post Thread"> </form> <?php mysql_connect("*********", "*********", "******"); mysql_select_db("**********"); $time = time(); mysql_query("INSERT INTO messages VALUES(NULL,'$_POST[message]','$_POST[author]','0','$time')"); echo "Message Posted.<br><a href='messageboard.php'>Return</a>"; <?php // I am selecting everything from the messages section in the database and ordering them newest to oldest. $sql = mysql_query("SELECT * FROM messages ORDER BY posted DESC"); // Now I am getting my results and making them an array while($r = mysql_fetch_array($sql)) { $posted = date("jS M Y h:i",$r[posted]); // End of Array } ?> </body> </html> This page is /messageboard.php Nothing is happening. It seems to just not work and I cant for the life of me see why. Also What I'd prefer is instead of the user typing author into the form is they just type a message into the message database and the user name automatically fills itself in from the session of the users table. But for now my main concern is nothing working Any ideas?

ofcourse. When trying to go to messageboard without being logged in it timed out as would redirect it back to messageboard and loop round. didn't realise I had the header set back to messageboard. Thankyou for your help.

Thankyou thorpe. That answered my question brilliantly. One more thing. How do I redirect the user to another page that says you need to be logged in to access the message board? lets called this page notlogged.html As far as I was aware my users who are not logged in should have been sent back to log in page

Hi there. I created a registration and login script which works fine. However if the user knows the url of the page they do not need to login which is huge security flaw on my side Here is the login page <HTML> <head><title>Login</title> <link rel='stylesheet' href='layout.css'> </head> <body bgcolor="#fd8ecf"> <center><img src="headerpage.jpg"></center> <div class="navbar"> <div class="button"><a href="index.html">Home</a></div> <div class="button"><a href="news.html">News</a></div> <div class="button"><a href="gallery.html">Gallery</a></div> <div class="button"><a href="videos.html">Videos</a></div> <div class="button"><a href="contact.html">Contact</a></div> <div class="button"><a href="links.html">Links</a></div> <div class="button"><a href="msg.html">Message Kaaleigh</a></div> </div> <div class="frame"> <frameset cols="25%,75%" noresize="noresize"> <? session_start(); //initialize session mechanism if(!isset($_POST['ok'])) { // if the form is not completed, display it echo" <table width='100%'> <form method='POST' action='login.php'> <tr><td align=center> <table> <tr><td> <table> <tr><td>Login:</td><td><input type='text' name='username' size='15'></td></tr> <tr><td>Password:</td><td><input type='password' name='password' size='15'></td></tr> </table> </td></tr> <tr><td align=center><input type='submit' name='ok' value='Enter'></td></tr> </table> </td></tr> </form> </table> "; } else{ //supposed that user data //is saved in database, in users table, that includes id, login, pass fields $db=mysql_pconnect('******','********') or die(mysql_error()); mysql_select_db('*******') or die(mysql_error()); //check if there is a user with such login and password $res=mysql_query("SELECT * FROM users WHERE username='".$_POST['username']."' AND password='".$_POST['password']."'", $db); if(mysql_num_rows($res)!=1){ //such user doesn’t exist echo "Incorrect login and password"; } else{ //user is found $_SESSION['username']=$_POST['username']; //set login & pass $_SESSION['password']=$_POST['password']; header("Location: messageboard.php"); // redirect him to messageboard.php } mysql_close(); } ?> </body> </html> and here is the "protected" page <?php session_start(); //this checks to see if the $_SESSION variable has been not set //or if the $_SESSION variable has been not set to true //and if one or the other is not set then the user gets //sent to the login page if(!isset($_SESSION)){ header('Location: messageboard.php'); } ?> HTML Placed here What I want is effectively 2 messageboard.php pages one for a logged in user and one which tells a user to login what am i missing?