Jump to content

Recommended Posts

Yes in the end I think it made more sense to use the db. I have fixed the duplicate entries, a lot of guess work.

problems:

#1 

$message = stripslashes($_POST['message']); 

This don't work any more, is there another way to do this when using database?

 

Is this right? I'm not getting any errors from it.

#2

function make_safe($variable) { 
	$variable = mysql_real_escape_string(trim($variable)); 
	return $variable; }

$message = make_safe($_POST['message']); $message2 = make_safe($_POST['message2']); 

$check = mysql_query("SELECT message, message2, UserLevel FROM Users WHERE Username = '".$message."' and message2 = '".$message2."'");

 

 

 

		<?php
require_once('config.php');

if (isset($_POST['message']))
{

if (isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token'])
{
$message = htmlentities($_POST['message']);
$message2 = htmlentities($_POST['message2']);
$message = stripslashes($_POST['message']); 
$message2 = stripslashes($_POST['message2']); 

ini_set('date.timezone', 'Europe/London');

function make_safe($variable) { 
	$variable = mysql_real_escape_string(trim($variable)); 
	return $variable; }

$message = make_safe($_POST['message']); $message2 = make_safe($_POST['message2']); 

$check = mysql_query("SELECT message, message2, UserLevel FROM Users WHERE Username = '".$message."' and message2 = '".$message2."'");


// Insert a row of information into the table "example"
mysql_query("INSERT INTO comments 
(message, message2) VALUES('$message', '$message2' ) ") 
or die(mysql_error());  


}
}

$token = md5(uniqid(rand(), true));
$_SESSION['token'] = $token;



?>


<form id="contFrm" method="POST">
<input type="hidden" name="token" value="<?php echo $token;?>" />
<label><span class="required">*</span> Full Name:</label>
<input type="text" class="box"  name="message"><br />
<label><span class="required">*</span> Message: </label>
<textarea name="message2" id="message" cols="25" rows="8"></textarea><br />
<input type="submit" class="button" value="Submit">
</form> 



<?php

// Retrieve all the data from the "example" table
$result = mysql_query("SELECT * FROM comments")
or die(mysql_error());  

while($row = mysql_fetch_assoc( $result ))
{
    // Print out the contents of the entry 
    echo "<div id=\"census41_messages\">";
echo "<div id=\"comments_box\">";
    echo "<div id=\"comment_name\">".$row['message']." <em>Says:</em></div>";
    echo "<div id=\"comment_date\">" . date ("D, M d, Y, g:i a") . "</div><br />".$row['message2'];
echo "</div>";
    echo "</div>";
}
?> 	

 

Thank you.

Ok I changed the loop, works nice. Fixed the CSS to get rid of the spaces. how do I get the last comment to show on top?  thank you all for your help.

 

while($row = mysql_fetch_assoc( $result ))
{
    $message  = $row['message'];
    $message2 = $row['message2'];

    // Print out the contents of the entry 
    echo "<div id=\"census41_messages\">";
    echo "<div id=\"comments_box\"><div id=\"comment_name\"><p>$message<em>Says: </em></div><div id=\"comment_date\">" . date ("D, M d, Y, g:i a") . "</div><br />$message2</p></div>";




    echo "</div>";
}

Is this right? I'm not getting any errors from it.

#2

function make_safe($variable) { 
	$variable = mysql_real_escape_string(trim($variable)); 
	return $variable; }

$message = make_safe($_POST['message']); $message2 = make_safe($_POST['message2']); 

$check = mysql_query("SELECT message, message2, UserLevel FROM Users WHERE Username = '".$message."' and message2 = '".$message2."'");

What are you doing there? That query ($check) does not need to be there. However the  makeSafe() is necessary to prevent SQL Injection attacks.

 

Now that you have the makeSafe function you can remove these lines

$message = htmlentities($_POST['message']);
$message2 = htmlentities($_POST['message2']);
$message = stripslashes($_POST['message']); 
$message2 = stripslashes($_POST['message2']);

 

how do I get the last comment to show on top

Change your query so it returns the comments in descending order.

// Retrieve all the data from the "example" table
$result = mysql_query("SELECT * FROM comments ORDER BY id DESC")
or die(mysql_error()); 

I assume you have set up an auto_increment field called id in your comments table?

Yes I think so, the db is set up like so

 

The ID  = id int(11) auto_increment

The Name  = message varchar(50) latin1_general_ci

The comments = message2 mediumblob BINARY  - is that ok?

 

How do I strip the slashes to stop this  ( that's - that\'s)

 

Thanks

 

 

All seems to be working fine here is the end result.

 

<?php
require_once('config.php');

if (isset($_POST['message']))
{

if (isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token'])
{


ini_set('date.timezone', 'Europe/London');





function make_safe($variable) { 
	$variable = mysql_real_escape_string(trim($variable)); 
	return $variable; }

$message = make_safe($_POST['message']); $message2 = make_safe($_POST['message2']); 




// Insert a row of information into the table "example"
mysql_query("INSERT INTO comments 
(message, message2) VALUES('$message', '$message2' ) ") 
or die(mysql_error());  


}
}

$token = md5(uniqid(rand(), true));
$_SESSION['token'] = $token;



?>


<form id="contFrm" method="POST">
<input type="hidden" name="token" value="<?php echo $token;?>" />
<label><span class="required">*</span> Full Name:</label>
<input type="text" class="box"  name="message"><br />
<label><span class="required">*</span> Message: </label>
<textarea name="message2" id="message" cols="25" rows="8"></textarea><br />
<input type="submit" class="button" value="Submit">
</form> 



<?php


// Retrieve all the data from the "example" table
$result = mysql_query("SELECT * FROM comments ORDER BY id DESC")
or die(mysql_error()); 

while($row = mysql_fetch_assoc( $result ))
{
    $message  = $row['message'];
    $message2 = $row['message2'];

$message = stripslashes($message);
$message2 = stripslashes($message2);


    // Print out the contents of the entry 
    echo "<div id=\"census41_messages\">";
    echo "<div id=\"comments_box\"><div id=\"comment_name\"><p>$message<em> Says: </em></div><div id=\"comment_date\">" . date ("D, M d, Y, g:i a") . "</div><br />$message2</p></div>";
echo "</div>";
}
?> 	

 

Many thanks for all your help.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.