Help with php forum

[Infectious]

Hello everybody.

I successfully got a forum up and running a bit ago, but there is only 1 problem.

when 1 user posts, it duplicates that post from every other user registered.

heres is the link you can make an account and test it yourself.

http://www.gameblaze.net/forum

 

 

Please if you can help I would be oh so greatful.

Sincerely,

Infectious

[Muddy_Funster]

it would be more practical if you could let us see the code that deals with the post submit.  Is this a forum you have coded your self or an off the shelf solution?

[Maq]

Probably your code is wrong.

[Infectious]

here is the reply.php code

<?php

include 'connect.php';
include 'header.php';

if($_SERVER['REQUEST_METHOD'] != 'POST')
{
	
	echo 'This file cannot be called directly.';
}
else
{
	
	if(!$_SESSION['signed_in'])
	{
		echo 'You must be signed in to post a reply.';
	}
	else
	{
		
		$sql = "INSERT INTO 
					posts(post_content,
						  post_date,
						  post_topic,
						  post_by) 
				VALUES ('" . $_POST['reply-content'] . "',
						NOW(),
						" . mysql_real_escape_string($_GET['id']) . ",
						" . $_SESSION['user_id'] . ")";
						
		$result = mysql_query($sql);
						
		if(!$result)
		{
			echo 'Your reply has not been saved, please try again later.';
		}
		else
		{
			echo 'Your reply has been saved, check out <a href="topic.php?id=' . htmlentities($_GET['id']) . '">the topic</a>.';
		}
	}
}

include 'footer.php';
?>

Edited September 12, 2013 by Infectious

[Monkuar]

You need to cast proper variables on those id's and check for integer/etc.  mysql_real_escape_string wont help you from XSS.

 

Also you need to have a primary key that is SET TO AUtO INcREMNET in that database, lol. (for new postS)

Edited September 12, 2013 by Monkuar

[Infectious]

would you be able to help me with that?

[Infectious]

I was able to make it not duplicate but now the sot wont show the user ID of whom who posted it

[Infectious]

Okay nvm guys I figured it all out it 100% functional now.