if ($comment == "Comment...") why does this not work?! ):

[Minimeallolla]

<form name="commentbox" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0">
<textarea name="comment" cols="20" rows="2" 
onclick="document.commentbox.comment.value='';" 
onfocus="this.style.borderColor='yellow';" 
onblur="this.style.borderColor='blue';" 
/>Comment...</textarea>
</td></tr>

$commentcheck = $_POST['comment'];

if ($commentcheck == "Comment...")
{
die(' <META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=index.php\"> ');
}else

why does this not refresh if i comment "Comment..." it just dies and doesnt echo anything

[Pikachu2000]

Get rid of the <?php echo $_SERVER['PHP_SELF'] ?> in the action attribute of the form tag. It is a known XSS vulnerability. Also, note that you have php code in the html that is not enclosed in <?php ?> tags.

[Minimeallolla]

ok so i got rid of the php self and it was just an outake from my whole code.. here it is

<div id="mydiv">

	  <a href="javascript:;" onmousedown="if(document.getElementById('mydiv').style.display == 'block')
	{ document.getElementById('mydiv').style.display = 'block'; }
	else{ document.getElementById('mydiv').style.display = 'none'; }">Hide/Show comments</a>

<div class='navbar'><br>

<?php
include ("database.php");
$query = ("SELECT * FROM homecomments");
$result = mysql_query("SELECT * FROM homecomments");
while($row = mysql_fetch_array($result))
{
include ("echocomments.php");
}

	ini_set ("display_errors", "1");
	error_reporting(E_ALL);

		if (isset($_POST['submit'])) {

$check = mysql_query("SELECT active FROM users WHERE active ='1' AND username='$username'") or die(mysql_error());

$check2 = mysql_num_rows($check);
if ($check2 != 1) {
       die('You are not allowed to comment untill your account is activated.');
   }else{

$comment = mysql_real_escape_string(stripslashes(trim($_POST['comment'])));
$username = mysql_real_escape_string(stripslashes(trim($_COOKIE['ID_my_site'])));

$usercheck = ( $_COOKIE['ID_my_site'] ); 
$commentcheck = $_POST['comment'];
$check = mysql_query("SELECT * FROM homecomments WHERE comment = '$commentcheck' AND username = '$usercheck'") or die(mysql_error());
$check2 = mysql_num_rows($check);



if ($check2 != 0) {
die('Anti Spam has detected multiple comments posted.');	
				}else{

if ($commentcheck == "Comment...")
{
die(' <META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=index.php\"> ');
}else{

        	// now we insert it into the database
$insert = "INSERT INTO homecomments (username, comment)
VALUES ('$username', '$comment')";

$add_member = mysql_query($insert);
{
echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=index.php\">";
    }
   }
  }
}
} 
?>

<br>
<p>
<center>

<form name="commentbox" method="post">
<table border="0">
<textarea name="comment" cols="20" rows="2" 
onclick="document.commentbox.comment.value='';" 
onfocus="this.style.borderColor='yellow';" 
onblur="this.style.borderColor='blue';" 
/>Comment...</textarea>
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Submit">
<colspan=2><input type="submit" name="refresh" value="Refresh"></th></tr> </table>
</form><br />
</div></div>
<a href="javascript:;" onmousedown="if(document.getElementById('mydiv').style.display == 'none')
{ document.getElementById('mydiv').style.display = 'block'; }
else{ document.getElementById('mydiv').style.display = 'none'; }">Hide/Show comments</a>


<br>

[Pikachu2000]

I didn't mean to remove the entire action tag. It should be simply action="" when you're submitting a form to itself.

[Minimeallolla]

ok, it still didnt do anything ):

 

<form name="commentbox" action="" method="post">

[Pikachu2000]

As I said in your other thread, handling errors with die() is a bad way of doing things, but since you insist, your quoting and quote escapement is off.

 

die('<META HTTP-EQUIV="Refresh" CONTENT="1"; URL="index.php">');
// AND //
echo '<META HTTP-EQUIV="Refresh" CONTENT="1"; URL="index.php">';

[Minimeallolla]

sorry but could you please elaborate?

and if you are the person that said to use echo instead of die, as i said, echo allows the php to execute when it is not intended.

[Pikachu2000]

Killing the script with die() prevents html that is needed for proper structure from echoing also. Therein lies the problem with using die() for handling errors rather than controlling the script with conditionals.

 

If I had a script that consisted of header.html, body.php, and footer.html files, and it was set up like this:

 

// body.php
<?php
include( 'header.html' );

if( $problem === TRUE ) {
     die('Oh noes! There was a problem!');   
}

include( 'footer.html' );

 

When the script is killed, it not only prevents php code from running, it prevents the rest of the html from being presented, leaving the document incomplete. These types of problems are best handled with conditionals so the mere fact that an error occurred doesn't have to crater everything, and make a mess of the output.[/code]

[JakeTheSnake3.0]

Would it not be easy to just echo the variable to see what it's currently holding?