Paymemoney Posted September 14, 2009 Share Posted September 14, 2009 Hi pplz I wanted to get some help on trying to add a topic within a forum. for example, when i add a topic this will be under the id of the first forum and this will be repeated for each topic i create. I am using MySQL to perform this task. Here is a code for adding a topic: <?php //check for required fields from the form if ((!$_POST[topic_owner]) || (!$_POST[topic_title]) || (!$_POST[post_text])) { header("Location: addtopic.html"); header("Location: topiclist.php"); exit; } //connect to server and select database $conn = mysql_connect("localhost", "root", "") or die(mysql_error()); mysql_select_db("testDB",$conn) or die(mysql_error()); //create and issue the first query $add_topic = "insert into forum_topics values ('', '$_POST[topic_title]', now(), '$_POST[topic_owner]', '$_POST[forum_id]')"; mysql_query($add_topic,$conn) or die(mysql_error()); //get the id of the last query $topic_id = mysql_insert_id(); $forum_id = mysql_insert_id(); //create and issue the second query $add_post = "insert into forum_posts values ('', '$topic_id', '$_POST[post_text]', now(), '$_POST[topic_owner]', '$_POST[forum_id]')"; mysql_query($add_post,$conn) or die(mysql_error()); //create nice message for user $display_block = "<P>The <strong>$topic_title</strong> topic has been created.</p>"; $display_block = "<P><a href=\"addtopic.html\">add topic</a> <a href=\"topiclist.php\">topic list</a>" ?> <html> <head> <title>New Topic Added</title> </head> <body> <h1>New Topic Added</h1> <?php echo $display_block; ?> </body> </html> So in the above figure, when you click on first add topic link you will be directed to the add topic screen and this topic will be then added to that forum ( which i cannot do because in the database the forum_id on the table forum_topics remains at 0). extra information that may be helpful i hope this makes sense. Paymemoney Link to comment https://forums.phpfreaks.com/topic/174161-creating-a-topic-within-a-forum/ Share on other sites More sharing options...
Zyx Posted September 14, 2009 Share Posted September 14, 2009 Yes, it makes sense. I'd add some form data validation to your code, because now it is very easy to hack your script. You do not escape the string values, do not check if the ID is really an integer... Link to comment https://forums.phpfreaks.com/topic/174161-creating-a-topic-within-a-forum/#findComment-918092 Share on other sites More sharing options...
Paymemoney Posted September 14, 2009 Author Share Posted September 14, 2009 ok, what do u mean by not checking if the ID is really an integer? Link to comment https://forums.phpfreaks.com/topic/174161-creating-a-topic-within-a-forum/#findComment-918585 Share on other sites More sharing options...
kickstart Posted September 14, 2009 Share Posted September 14, 2009 ok, what do u mean by not checking if the ID is really an integer? You use $_POST[forum_id] without first checking it is an integer. Someone could have played silly b's and put "A" in there which will cause your SQL to fall over. Personally I tend to use something like:- $forum_id = ((is_numeric($_POST[forum_id])) ? intval($_POST[forum_id]) : 0); so that at worst it is just a value that will not be a valid key. They could also have entered it as something like 1');DROP TABLE forum_topics values; // if they were feeling really nasty. All the best Keith Link to comment https://forums.phpfreaks.com/topic/174161-creating-a-topic-within-a-forum/#findComment-918592 Share on other sites More sharing options...
Paymemoney Posted September 14, 2009 Author Share Posted September 14, 2009 oh ok thanks Link to comment https://forums.phpfreaks.com/topic/174161-creating-a-topic-within-a-forum/#findComment-918603 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.