chandler Posted July 19, 2011 Author Share Posted July 19, 2011 Yes in the end I think it made more sense to use the db. I have fixed the duplicate entries, a lot of guess work. problems: #1 $message = stripslashes($_POST['message']); This don't work any more, is there another way to do this when using database? Is this right? I'm not getting any errors from it. #2 function make_safe($variable) { $variable = mysql_real_escape_string(trim($variable)); return $variable; } $message = make_safe($_POST['message']); $message2 = make_safe($_POST['message2']); $check = mysql_query("SELECT message, message2, UserLevel FROM Users WHERE Username = '".$message."' and message2 = '".$message2."'"); <?php require_once('config.php'); if (isset($_POST['message'])) { if (isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token']) { $message = htmlentities($_POST['message']); $message2 = htmlentities($_POST['message2']); $message = stripslashes($_POST['message']); $message2 = stripslashes($_POST['message2']); ini_set('date.timezone', 'Europe/London'); function make_safe($variable) { $variable = mysql_real_escape_string(trim($variable)); return $variable; } $message = make_safe($_POST['message']); $message2 = make_safe($_POST['message2']); $check = mysql_query("SELECT message, message2, UserLevel FROM Users WHERE Username = '".$message."' and message2 = '".$message2."'"); // Insert a row of information into the table "example" mysql_query("INSERT INTO comments (message, message2) VALUES('$message', '$message2' ) ") or die(mysql_error()); } } $token = md5(uniqid(rand(), true)); $_SESSION['token'] = $token; ?> <form id="contFrm" method="POST"> <input type="hidden" name="token" value="<?php echo $token;?>" /> <label><span class="required">*</span> Full Name:</label> <input type="text" class="box" name="message"><br /> <label><span class="required">*</span> Message: </label> <textarea name="message2" id="message" cols="25" rows="8"></textarea><br /> <input type="submit" class="button" value="Submit"> </form> <?php // Retrieve all the data from the "example" table $result = mysql_query("SELECT * FROM comments") or die(mysql_error()); while($row = mysql_fetch_assoc( $result )) { // Print out the contents of the entry echo "<div id=\"census41_messages\">"; echo "<div id=\"comments_box\">"; echo "<div id=\"comment_name\">".$row['message']." <em>Says:</em></div>"; echo "<div id=\"comment_date\">" . date ("D, M d, Y, g:i a") . "</div><br />".$row['message2']; echo "</div>"; echo "</div>"; } ?> Thank you. Link to comment https://forums.phpfreaks.com/topic/242220-is-this-possible/page/2/#findComment-1244768 Share on other sites More sharing options...
chandler Posted July 19, 2011 Author Share Posted July 19, 2011 Ok I changed the loop, works nice. Fixed the CSS to get rid of the spaces. how do I get the last comment to show on top? thank you all for your help. while($row = mysql_fetch_assoc( $result )) { $message = $row['message']; $message2 = $row['message2']; // Print out the contents of the entry echo "<div id=\"census41_messages\">"; echo "<div id=\"comments_box\"><div id=\"comment_name\"><p>$message<em>Says: </em></div><div id=\"comment_date\">" . date ("D, M d, Y, g:i a") . "</div><br />$message2</p></div>"; echo "</div>"; } Link to comment https://forums.phpfreaks.com/topic/242220-is-this-possible/page/2/#findComment-1244775 Share on other sites More sharing options...
wildteen88 Posted July 19, 2011 Share Posted July 19, 2011 Is this right? I'm not getting any errors from it. #2 function make_safe($variable) { $variable = mysql_real_escape_string(trim($variable)); return $variable; } $message = make_safe($_POST['message']); $message2 = make_safe($_POST['message2']); $check = mysql_query("SELECT message, message2, UserLevel FROM Users WHERE Username = '".$message."' and message2 = '".$message2."'"); What are you doing there? That query ($check) does not need to be there. However the makeSafe() is necessary to prevent SQL Injection attacks. Now that you have the makeSafe function you can remove these lines $message = htmlentities($_POST['message']); $message2 = htmlentities($_POST['message2']); $message = stripslashes($_POST['message']); $message2 = stripslashes($_POST['message2']); how do I get the last comment to show on top Change your query so it returns the comments in descending order. // Retrieve all the data from the "example" table $result = mysql_query("SELECT * FROM comments ORDER BY id DESC") or die(mysql_error()); I assume you have set up an auto_increment field called id in your comments table? Link to comment https://forums.phpfreaks.com/topic/242220-is-this-possible/page/2/#findComment-1244778 Share on other sites More sharing options...
chandler Posted July 19, 2011 Author Share Posted July 19, 2011 Yes I think so, the db is set up like so The ID = id int(11) auto_increment The Name = message varchar(50) latin1_general_ci The comments = message2 mediumblob BINARY - is that ok? How do I strip the slashes to stop this ( that's - that\'s) Thanks Link to comment https://forums.phpfreaks.com/topic/242220-is-this-possible/page/2/#findComment-1244785 Share on other sites More sharing options...
wildteen88 Posted July 19, 2011 Share Posted July 19, 2011 use strip_slashes Link to comment https://forums.phpfreaks.com/topic/242220-is-this-possible/page/2/#findComment-1244795 Share on other sites More sharing options...
chandler Posted July 19, 2011 Author Share Posted July 19, 2011 All seems to be working fine here is the end result. <?php require_once('config.php'); if (isset($_POST['message'])) { if (isset($_SESSION['token']) && $_POST['token'] == $_SESSION['token']) { ini_set('date.timezone', 'Europe/London'); function make_safe($variable) { $variable = mysql_real_escape_string(trim($variable)); return $variable; } $message = make_safe($_POST['message']); $message2 = make_safe($_POST['message2']); // Insert a row of information into the table "example" mysql_query("INSERT INTO comments (message, message2) VALUES('$message', '$message2' ) ") or die(mysql_error()); } } $token = md5(uniqid(rand(), true)); $_SESSION['token'] = $token; ?> <form id="contFrm" method="POST"> <input type="hidden" name="token" value="<?php echo $token;?>" /> <label><span class="required">*</span> Full Name:</label> <input type="text" class="box" name="message"><br /> <label><span class="required">*</span> Message: </label> <textarea name="message2" id="message" cols="25" rows="8"></textarea><br /> <input type="submit" class="button" value="Submit"> </form> <?php // Retrieve all the data from the "example" table $result = mysql_query("SELECT * FROM comments ORDER BY id DESC") or die(mysql_error()); while($row = mysql_fetch_assoc( $result )) { $message = $row['message']; $message2 = $row['message2']; $message = stripslashes($message); $message2 = stripslashes($message2); // Print out the contents of the entry echo "<div id=\"census41_messages\">"; echo "<div id=\"comments_box\"><div id=\"comment_name\"><p>$message<em> Says: </em></div><div id=\"comment_date\">" . date ("D, M d, Y, g:i a") . "</div><br />$message2</p></div>"; echo "</div>"; } ?> Many thanks for all your help. Link to comment https://forums.phpfreaks.com/topic/242220-is-this-possible/page/2/#findComment-1244849 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.