chandler Posted July 19, 2011 Author Share Posted July 19, 2011 Yes in the end I think it made more sense to use the db. I have fixed the duplicate entries, a lot of guess work. problems: #1 $message = stripslashes($_POST['message']); This don't work any more, is there another way to do this when using database? Is this right? I'm not getting any errors from it. #2 function make_safe($variable) { $variable = mysql_real_escape_string(trim($variable)); return $variable; } $message = make_safe($_POST['message']); $message2 = make_safe($_POST['message2']); $check = mysql_query("SELECT message, message2, UserLevel FROM Users WHERE Username = '".$message."' and message2 = '".$message2."'"); <?php require_once('config.php'); if (isset($_POST['message'])) { if (isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token']) { $message = htmlentities($_POST['message']); $message2 = htmlentities($_POST['message2']); $message = stripslashes($_POST['message']); $message2 = stripslashes($_POST['message2']); ini_set('date.timezone', 'Europe/London'); function make_safe($variable) { $variable = mysql_real_escape_string(trim($variable)); return $variable; } $message = make_safe($_POST['message']); $message2 = make_safe($_POST['message2']); $check = mysql_query("SELECT message, message2, UserLevel FROM Users WHERE Username = '".$message."' and message2 = '".$message2."'"); // Insert a row of information into the table "example" mysql_query("INSERT INTO comments (message, message2) VALUES('$message', '$message2' ) ") or die(mysql_error()); } } $token = md5(uniqid(rand(), true)); $_SESSION['token'] = $token; ?> <form id="contFrm" method="POST"> <input type="hidden" name="token" value="<?php echo $token;?>" /> <label><span class="required">*</span> Full Name:</label> <input type="text" class="box" name="message"><br /> <label><span class="required">*</span> Message: </label> <textarea name="message2" id="message" cols="25" rows="8"></textarea><br /> <input type="submit" class="button" value="Submit"> </form> <?php // Retrieve all the data from the "example" table $result = mysql_query("SELECT * FROM comments") or die(mysql_error()); while($row = mysql_fetch_assoc( $result )) { // Print out the contents of the entry echo "<div id=\"census41_messages\">"; echo "<div id=\"comments_box\">"; echo "<div id=\"comment_name\">".$row['message']." <em>Says:</em></div>"; echo "<div id=\"comment_date\">" . date ("D, M d, Y, g:i a") . "</div><br />".$row['message2']; echo "</div>"; echo "</div>"; } ?> Thank you. Quote Link to comment https://forums.phpfreaks.com/topic/242220-is-this-possible/page/2/#findComment-1244768 Share on other sites More sharing options...
chandler Posted July 19, 2011 Author Share Posted July 19, 2011 Ok I changed the loop, works nice. Fixed the CSS to get rid of the spaces. how do I get the last comment to show on top? thank you all for your help. while($row = mysql_fetch_assoc( $result )) { $message = $row['message']; $message2 = $row['message2']; // Print out the contents of the entry echo "<div id=\"census41_messages\">"; echo "<div id=\"comments_box\"><div id=\"comment_name\"><p>$message<em>Says: </em></div><div id=\"comment_date\">" . date ("D, M d, Y, g:i a") . "</div><br />$message2</p></div>"; echo "</div>"; } Quote Link to comment https://forums.phpfreaks.com/topic/242220-is-this-possible/page/2/#findComment-1244775 Share on other sites More sharing options...
wildteen88 Posted July 19, 2011 Share Posted July 19, 2011 Is this right? I'm not getting any errors from it. #2 function make_safe($variable) { $variable = mysql_real_escape_string(trim($variable)); return $variable; } $message = make_safe($_POST['message']); $message2 = make_safe($_POST['message2']); $check = mysql_query("SELECT message, message2, UserLevel FROM Users WHERE Username = '".$message."' and message2 = '".$message2."'"); What are you doing there? That query ($check) does not need to be there. However the makeSafe() is necessary to prevent SQL Injection attacks. Now that you have the makeSafe function you can remove these lines $message = htmlentities($_POST['message']); $message2 = htmlentities($_POST['message2']); $message = stripslashes($_POST['message']); $message2 = stripslashes($_POST['message2']); how do I get the last comment to show on top Change your query so it returns the comments in descending order. // Retrieve all the data from the "example" table $result = mysql_query("SELECT * FROM comments ORDER BY id DESC") or die(mysql_error()); I assume you have set up an auto_increment field called id in your comments table? Quote Link to comment https://forums.phpfreaks.com/topic/242220-is-this-possible/page/2/#findComment-1244778 Share on other sites More sharing options...
chandler Posted July 19, 2011 Author Share Posted July 19, 2011 Yes I think so, the db is set up like so The ID = id int(11) auto_increment The Name = message varchar(50) latin1_general_ci The comments = message2 mediumblob BINARY - is that ok? How do I strip the slashes to stop this ( that's - that\'s) Thanks Quote Link to comment https://forums.phpfreaks.com/topic/242220-is-this-possible/page/2/#findComment-1244785 Share on other sites More sharing options...
wildteen88 Posted July 19, 2011 Share Posted July 19, 2011 use strip_slashes Quote Link to comment https://forums.phpfreaks.com/topic/242220-is-this-possible/page/2/#findComment-1244795 Share on other sites More sharing options...
chandler Posted July 19, 2011 Author Share Posted July 19, 2011 All seems to be working fine here is the end result. <?php require_once('config.php'); if (isset($_POST['message'])) { if (isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token']) { ini_set('date.timezone', 'Europe/London'); function make_safe($variable) { $variable = mysql_real_escape_string(trim($variable)); return $variable; } $message = make_safe($_POST['message']); $message2 = make_safe($_POST['message2']); // Insert a row of information into the table "example" mysql_query("INSERT INTO comments (message, message2) VALUES('$message', '$message2' ) ") or die(mysql_error()); } } $token = md5(uniqid(rand(), true)); $_SESSION['token'] = $token; ?> <form id="contFrm" method="POST"> <input type="hidden" name="token" value="<?php echo $token;?>" /> <label><span class="required">*</span> Full Name:</label> <input type="text" class="box" name="message"><br /> <label><span class="required">*</span> Message: </label> <textarea name="message2" id="message" cols="25" rows="8"></textarea><br /> <input type="submit" class="button" value="Submit"> </form> <?php // Retrieve all the data from the "example" table $result = mysql_query("SELECT * FROM comments ORDER BY id DESC") or die(mysql_error()); while($row = mysql_fetch_assoc( $result )) { $message = $row['message']; $message2 = $row['message2']; $message = stripslashes($message); $message2 = stripslashes($message2); // Print out the contents of the entry echo "<div id=\"census41_messages\">"; echo "<div id=\"comments_box\"><div id=\"comment_name\"><p>$message<em> Says: </em></div><div id=\"comment_date\">" . date ("D, M d, Y, g:i a") . "</div><br />$message2</p></div>"; echo "</div>"; } ?> Many thanks for all your help. Quote Link to comment https://forums.phpfreaks.com/topic/242220-is-this-possible/page/2/#findComment-1244849 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.