Jump to content

Reply To Post ID Question

twilitegxa

By twilitegxa
in PHP Coding Help

 Share

Recommended Posts

darkfreaks Advanced Member

darkfreaks

Posted
Posted

I think i said i realized that she is only using PHP_SELF in the previous comment so using $_SESSION in her case would not work.  and from what i just read $_REQUEST is deprecated and or has security flaws with globals.

 

 

so we would need to use $_GET  ;D

 

 

Link to comment
Share on other sites
  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

twilitegxa Advanced Member

twilitegxa

Posted
  • Author
Posted

Here is the first form, that gets the comment along with generating the comment_id:

 

<?php

//connect to server and select database
$conn = mysql_connect("localhost", "root", "")
    or die(mysql_error());
$db = mysql_select_db("testimonials", $conn) or die(mysql_error());

if (isset($_POST['submit'])) {

//create and issue the first query
$name=mysql_real_escape_string($_POST['comment_owner']);
$email=mysql_real_escape_string($_POST['comment_owner_email']); 
$url=mysql_real_escape_string($_POST['url']);
$comment=mysql_real_escape_string($_POST['comment']);

$error='';//initialize $error to blank
  if(trim($_POST['comment_owner'])=='' ){
      $error.="Please enter your name!<br />"; //concatenate the $error Message with a line break
  }
  if(trim($_POST['url'])==''){
      $error.="Please enter your web address!<br />";//concatenate more to $error  
  }
  else {
        if(!preg_match('|^http(s)?://[a-z0-9-]+(.[a-z0-9-]+)*(:[0-9]+)?(/.*)?$|i', $_POST['url'])) {
        $error.="The URL you entered was not valid!<br />";
        
        }
    }
  if(trim($_POST['comment_owner_email'])==''){
    $error.="Plese enter your e-mail address!<br />";
  }
      else {
        if(!preg_match("/^[_\.0-9a-zA-Z-]+@([0-9a-zA-Z][0-9a-zA-Z-]+\.)+[a-zA-Z]{2,6}$/i", $_POST['comment_owner_email'])) {
        $error.="The e-mail you entered was not valid!<br />";
        
        }
    }
    if(trim($_POST['comment'])=='' ){
      $error.="Please enter your comment!<br />"; //concatenate the $error Message with a line break
  }
  if($error==''){
  header( 'Location: testimonials.php' ) ;
  $sql="INSERT INTO user_comments (comment_id, comment, comment_create_time, comment_owner, comment_owner_email, url) VALUES ('', '$comment', now(), '$name','$email', '$url')"; 

mysql_query($sql,$conn) or die(mysql_error());
  }
    else{
       echo "<div class=error><span style=color:red>$error</span><br /></div>";
    }    
} else {

$name= '';
$email= '';
$url= '';
$comment= '';
}
?>
<form name="comment" id="comment" onsubmit="return validateFormOnSubmit(this)" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0" cellspacing="0" cellpadding="5" width="662" class="style2">
<tr>
<td align="left"><label for="name"> Name:</label></td>
<td>
<div class="c2"><input type="text" name="comment_owner" id="comment_owner" size="30" value="<?php echo $name; ?>"/></div>
</td>
</tr>
<tr>
<td align="left"><label for="email">E-mail:</label></td>
<td>
<div class="c2"><input type="text" name="comment_owner_email" id="comment_owner_email" size="30" value="<?php echo $email; ?>"/></div>
</td>
</tr>
<tr>
<td align="left"><label for="url">URL:</label></td>
<td>
<div class="c2"><input type="text" name="url" id="url" size="30" value="<?php echo $url; ?>"/></div>
</td>
</tr>
<tr>
<td align="left">
<label for="comment">Comments:</label>
</td>
<td>
<textarea name="comment" id="comment" rows="5" cols="30" value="<?php echo $comment; ?>">
</textarea></td>
</tr>
<tr>
<td colspan="4">
<div class="c1"><input name="submit" type="submit" value="Submit" /> <input type="reset" name="reset" id="reset" value="Reset" /></div>
</td>
<td width="2"></td>
</tr>
</table>
</form>

 

Here's the page that displays all the comments and replies, and you can see in the link for the reply that it sends the comment id:

 

<?php

//connect to server and select database
$conn = mysql_connect("localhost", "root", "")
    or die(mysql_error());
mysql_select_db("testimonials", $conn) or die(mysql_error());

//gather the comments
$get_comments = "select comment_id, comment,
date_format(comment_create_time, '%b %e, %Y at %r') as fmt_comment_create_time,
comment_owner, comment_owner_email, url from user_comments order by comment_create_time desc";
$get_comments_res = mysql_query($get_comments, $conn) or die(mysql_error());
if (mysql_num_rows($get_comments_res) < 1) {
    //there are no comments, so say so
    $display_block = "<p><em>No comments currently exist. Please submit your testimonial!</em></p>";
} else {
    //create the display string
    $display_block = "
    <table cellpadding=3 cellspacing=2 border=0 width=100%>
    <tr>
    <th>COMMENT</th>
    <th># OF REPLIES</th>
    </tr>";
    
    while ($comment_info = mysql_fetch_array($get_comments_res)) {
        $comment_id = $comment_info['comment_id'];
        $comment = stripslashes($comment_info['comment']);
        $comment_create_time = $comment_info['fmt_comment_create_time'];
        $comment_owner = stripslashes($comment_info['comment_owner']);
        $comment_owner_email = stripslashes($comment_info['comment_owner_email']);
        $url = stripslashes($comment_info['url']);
        
//get number of replies
    $get_num_posts = "select count(reply_id) from replies where comment_id = $comment_id";
        $get_num_posts_res = mysql_query($get_num_posts, $conn)
            or die(mysql_error());
        $num_posts = mysql_result($get_num_posts_res, 0, 'count(reply_id)');

                if ($num_posts == '0') {
        $num_posts = ' ';}
        
    //add to display
        $display_block .= "
        <tr>
        <td><b>Comment By: $comment_owner</b><br>
        <em>Created on $comment_create_time</em><br>
        URL: <a href=\"$url\" target=\"_blank\">$url</a><br><br>
        $comment
        </td>
        <td align=center valign=top>$num_posts <a href=\"reply.php?comment_id=$comment_id\">Reply</a></td>
        </tr>
                <tr>
                <td colspan=2><hr></td>
                </tr>";
        
        
    //gather the replies
$get_replies = "select reply_id, comment_id, reply,
date_format(reply_create_time, '%b %e, %Y at %r') as fmt_reply_create_time,
reply_owner, reply_owner_email from replies where comment_id = $comment_id order by reply_create_time desc";
$get_replies_res = mysql_query($get_replies, $conn) or die(mysql_error());

while ($reply_info = mysql_fetch_array($get_replies_res)) {
        $reply_id = $reply_info['reply_id'];
        $reply = stripslashes($reply_info['reply']);
        $reply_create_time = $reply_info['fmt_reply_create_time'];
        $reply_owner = stripslashes($reply_info['reply_owner']);
        $reply_owner_email = stripslashes($reply_info['reply_owner_email']);

//add to display
        $display_block .= "
        <tr>
        <td><div id=reply>Reply</div><div class=reply><b>Comment By: $reply_owner</b><br>
        <em>Created on $reply_create_time</em><br><br>
        $reply</div>
        </td>
        <td> </td>
        </tr>
                <tr>
                <td colspan=2><hr>
                </td>
                </tr>";
        }
                }
        
        //close up the table
        $display_block .= "</table>";
}
?>

 

And here is again the reply form, that should take the comment_id from the last page and send it along with this form data upon submit:

 

<?php

session_start();

//connect to server and select database
$conn = mysql_connect("localhost", "root", "")
    or die(mysql_error());
$db = mysql_select_db("testimonials", $conn) or die(mysql_error());

if (isset($_POST['submit'])) {

//create and issue the first query
$name=mysql_real_escape_string($_POST['comment_owner']);
$email=mysql_real_escape_string($_POST['comment_owner_email']); 
$reply=mysql_real_escape_string($_POST['reply']);
$reply_comment_id = $_GET['comment_id'];

$error='';//initialize $error to blank
  if(trim($_POST['comment_owner'])=='' ){
      $error.="Please enter your name!<br />"; //concatenate the $error Message with a line break
  }
   if(trim($_POST['comment_owner_email'])==''){
    $error.="Plese enter your e-mail address!<br />";
  }
      else {
        if(!preg_match("/^[_\.0-9a-zA-Z-]+@([0-9a-zA-Z][0-9a-zA-Z-]+\.)+[a-zA-Z]{2,6}$/i", $_POST['comment_owner_email'])) {
        $error.="The e-mail you entered was not valid!<br />";
        
        }
    }
    if(trim($_POST['reply'])=='' ){
      $error.="Please enter your reply!<br />"; //concatenate the $error Message with a line break
  }
  if($error==''){

$sql="INSERT INTO replies (comment_id, reply, reply_create_time, reply_owner, reply_owner_email) VALUES ( '$reply_comment_id', '$reply', now(), '$name','$email')"; 
  
mysql_query($sql,$conn) or die(mysql_error());

header('Location: testimonials.php');

  // mysql_query($sql,$conn) or die(mysql_error());
  }
    else{
       echo "<div class=error><span style=color:red>$error</span><br /></div>";
    }    
} else {

$name= '';
$email= '';
$reply= '';
}
?>
<form name="comment" id="comment" onsubmit="return validateFormOnSubmit(this)" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0" cellspacing="0" cellpadding="5" width="662" class="style2">
<tr>
<td align="left"><label for="name"> Name:</label></td>
<td>
<div class="c2"><input type="text" name="comment_owner" id="comment_owner" size="30" value="<?php echo $name; ?>"/></div></td>
</tr>
<tr>
<td align="left"><label for="email">E-mail:</label></td>
<td>
<div class="c2"><input type="text" name="comment_owner_email" id="comment_owner_email" size="30" value="<?php echo $email; ?>"/></div></td>
</tr>
<tr>
<td align="left">
<label for="reply">Reply:</label></td>
<td>
<textarea name="reply" id="reply" rows="5" cols="30" value="<?php echo $reply; ?>"></textarea></td>
</tr>
<tr>
<td colspan="4">
<div class="c1"><input name="submit" type="submit" value="Submit" /> <input type="reset" name="reset" id="reset" value="Reset" /></div></td>
<td width="2"></td>
</tr>
</table>
</form>

 

I haven't made any of the suggested modifications yet.

Link to comment
Share on other sites
twilitegxa Advanced Member

twilitegxa

Posted
  • Author
Posted

So on the first page the viewer comes to (second code listed above), they can select a comment to reply to. The link sends with it to the next page (the third code listed above) the comment_id from the comment they have chosen to reply to. So the comment_id comes from the previous page but should be accessible from the reply page. I can't figure out why it's not working. I have another page that is similar and it works on that page. It is using the same basic principle, so I don't know what I'm doing wrong.  :shrug::confused:

Link to comment
Share on other sites
twilitegxa Advanced Member

twilitegxa

Posted
  • Author
Posted

Dark:

 

I think this example is basically what I am doing. On the first page, it displays all the comments and replies. There is a link to reply to each post, which does exactly what your suggested example does: it sends in the link to the url the comment id:

 

<a href=\"reply.php?comment_id=$comment_id\">Reply</a>

 

If you look at my page, when you hover over the link, it will show you the url:

 

Example: http://webdesignsbyliz.com/reply.php?comment_id=59

 

And when you click the actual link, you see in the url the comment has been sent through:

 

http://webdesignsbyliz.com/reply.php?comment_id=59

 

So, this should mean that I can use the $_GET['comment_id'] to send in the form for the reply to insert that value into my table when the form submits the rest of the posted data, but it's not able to access it for some reason. That is what we're trying to figure out.

Link to comment
Share on other sites
darkfreaks Advanced Member

darkfreaks

Posted
Posted

why not use a hidden input for comment_id  within the form  that way it passes right  8)

 

This will pass the comment_id onto the same page:

 <form method="post" action="$_SERVER["PHP_SELF"]">
<input type="hidden" name="<?= $_GET["comment_id"] ?>"></form>

 

 

Link to comment
Share on other sites
Hussam Newbie

Hussam

Posted
Posted

I know it is getting the comment_id because I tried echoing it and it is getting it, so I can't figure out why I can't insert it???

 

I don't think that we could echo $_GET['comment_id'] and also when we tried to echo out the $_GET array, it was an empty array, so the value is not in the $_GET array to begin with.

Link to comment
Share on other sites
Hussam Newbie

Hussam

Posted
Posted

why not use a hidden input for comment_id  within the form  that way it passes right  8)

 

This will pass the comment_id onto the same page:

 <form method="post" action="$_SERVER["PHP_SELF"]">


<input type="hidden" name="<?= $_GET["comment_id"] ?>"></form>

 

you can do that but you need php tags around the form action value and single quotes for the array index, but anyway this won't solve the problem because the $_GET array is showing that its empty in the page.

Link to comment
Share on other sites
Hussam Newbie

Hussam

Posted
Posted

why are we using $_GET when she could pass it via hidden input then echo it out using $_POST  :wtf:

 

you have to use hidden input element but you still have to assign the value $_GET['comment_id'] to it, so you are using $_GET anyway.

Link to comment
Share on other sites
Hussam Newbie

Hussam

Posted
Posted

I tried echoing the comment id like this and it worked:

 

I added this right after the first php tag at the beginning and it printed the right comment_id.

 

 

echo $_GET['comment_id'];

 

 

Great, retry to post it again and send me the exact code that is printing the right comment_id.

 

send me both pages with their name in the top.

 

Thanks,

Hussam

 

Link to comment
Share on other sites
twilitegxa Advanced Member

twilitegxa

Posted
  • Author
Posted

Here is the reply page:

 

<?php
$reply_comment_id = $_GET['comment_id'];

echo $reply_comment_id;

//connect to server and select database
$conn = mysql_connect("localhost", "root", "")
    or die(mysql_error());
$db = mysql_select_db("testimonials", $conn) or die(mysql_error());

if (isset($_POST['submit'])) {

//create and issue the first query
$name=mysql_real_escape_string($_POST['comment_owner']);
$email=mysql_real_escape_string($_POST['comment_owner_email']); 
$reply=mysql_real_escape_string($_POST['reply']);
$reply_comment_id = $_GET['comment_id'];

$error='';//initialize $error to blank
  if(trim($_POST['comment_owner'])=='' ){
      $error.="Please enter your name!<br />"; //concatenate the $error Message with a line break
  }
   if(trim($_POST['comment_owner_email'])==''){
    $error.="Plese enter your e-mail address!<br />";
  }
      else {
        if(!preg_match("/^[_\.0-9a-zA-Z-]+@([0-9a-zA-Z][0-9a-zA-Z-]+\.)+[a-zA-Z]{2,6}$/i", $_POST['comment_owner_email'])) {
        $error.="The e-mail you entered was not valid!<br />";
        
        }
    }
    if(trim($_POST['reply'])=='' ){
      $error.="Please enter your reply!<br />"; //concatenate the $error Message with a line break
  }
  if($error==''){

$sql="INSERT INTO replies (comment_id, reply, reply_create_time, reply_owner, reply_owner_email) VALUES ( '$reply_comment_id', '$reply', now(), '$name','$email')"; 
  
mysql_query($sql,$conn) or die(mysql_error());

header('Location: testimonials.php');

  // mysql_query($sql,$conn) or die(mysql_error());
  }
    else{
       echo "<div class=error><span style=color:red>$error</span><br /></div>";
    }    
} else {

$name= '';
$email= '';
$reply= '';
}
?>
<form name="comment" id="comment" onsubmit="return validateFormOnSubmit(this)" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0" cellspacing="0" cellpadding="5" width="662" class="style2">
<tr>
<td align="left"><label for="name"> Name:</label></td>
<td>
<div class="c2"><input type="text" name="comment_owner" id="comment_owner" size="30" value="<?php echo $name; ?>"/></div></td>
</tr>
<tr>
<td align="left"><label for="email">E-mail:</label></td>
<td>
<div class="c2"><input type="text" name="comment_owner_email" id="comment_owner_email" size="30" value="<?php echo $email; ?>"/></div></td>
</tr>
<tr>
<td align="left">
<label for="reply">Reply:</label></td>
<td>
<textarea name="reply" id="reply" rows="5" cols="30" value="<?php echo $reply; ?>"></textarea></td>
</tr>
<tr>
<td colspan="4">
<div class="c1"><input name="submit" type="submit" value="Submit" /> <input type="reset" name="reset" id="reset" value="Reset" /></div></td>
<td width="2"></td>
</tr>
</table>
</form>

Link to comment
Share on other sites
darkfreaks Advanced Member

darkfreaks

Posted
Posted

The data is not being escaped properly in the SQL thats why it wont insert. 8)

 

<?php
//try backticks and doube quotes and dots to escape string
$sql="INSERT INTO `replies` (`comment_id`, `reply`, `reply_create_time`, `reply_owner`, `reply_owner_email`) VALUES ( '".$reply_comment_id."', '".$reply."', now(), '".$name."','".$email."')"; 
  ?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.