Jump to content

Help with php forum


Go to solution Solved by Infectious,

Recommended Posts

Hello everybody.

I successfully got a forum up and running a bit ago, but there is only 1 problem.

when 1 user posts, it duplicates that post from every other user registered.

heres is the link you can make an account and test it yourself.

http://www.gameblaze.net/forum

 

 

Please if you can help I would be oh so greatful.

Sincerely,

Infectious

Link to comment
https://forums.phpfreaks.com/topic/282088-help-with-php-forum/
Share on other sites

here is the reply.php code

<?php

include 'connect.php';
include 'header.php';

if($_SERVER['REQUEST_METHOD'] != 'POST')
{
	
	echo 'This file cannot be called directly.';
}
else
{
	
	if(!$_SESSION['signed_in'])
	{
		echo 'You must be signed in to post a reply.';
	}
	else
	{
		
		$sql = "INSERT INTO 
					posts(post_content,
						  post_date,
						  post_topic,
						  post_by) 
				VALUES ('" . $_POST['reply-content'] . "',
						NOW(),
						" . mysql_real_escape_string($_GET['id']) . ",
						" . $_SESSION['user_id'] . ")";
						
		$result = mysql_query($sql);
						
		if(!$result)
		{
			echo 'Your reply has not been saved, please try again later.';
		}
		else
		{
			echo 'Your reply has been saved, check out <a href="topic.php?id=' . htmlentities($_GET['id']) . '">the topic</a>.';
		}
	}
}

include 'footer.php';
?>
Edited by Infectious
Link to comment
https://forums.phpfreaks.com/topic/282088-help-with-php-forum/#findComment-1449283
Share on other sites

You need to cast proper variables on those id's and check for integer/etc.  mysql_real_escape_string wont help you from XSS.

 

Also you need to have a primary key that is SET TO AUtO INcREMNET in that database, lol. (for new postS)

Edited by Monkuar
Link to comment
https://forums.phpfreaks.com/topic/282088-help-with-php-forum/#findComment-1449307
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.