Facebook like messaging system

[lional]

Hi

I found this facebook like messaging system tutorial  that seems to be just but what I need, however when I press the reply button to send the new message it seems to be stuck on that page

I am attaching all the related code.

The Script.js looks like this

$(document).ready(function(){
    /*post message via ajax*/
    $("#reply").on("click", function(){
        var message = $.trim($("#message").val()),
            conversation_id = $.trim($("#conversation_id").val()),
            user_form = $.trim($("#user_form").val()),
            user_to = $.trim($("#user_to").val()),
            error = $("#error");
 
        if((message != "") && (conversation_id != "") && (user_form != "") && (user_to != "")){
            error.text("Sending...");
            $.post("post_message_ajax.php",{message:message,conversation_id:conversation_id,user_form:user_form,user_to:user_to}, function(data){
                error.text(data);
                //clear the message box
                $("#message").val("");
            });
        }
    });
 
 
    //get message
    c_id = $("#conversation_id").val();
    //get new message every 2 second
    setInterval(function(){
        $(".display-message").load("get_message_ajax.php?c_id="+c_id);
    }, 2000);
 
    $(".display-message").scrollTop($(".display-message")[0].scrollHeight);
});

I am sure it is something smaal, I have been looking at it for a few hours now and I will continue to look to see if I can solve the problem

 

get_message_ajax.php

index.php

logout.php

message.php

post_message_ajax.php

[mac_gyver]

the point of a programming tutorial should be to teach the steps/logic needed to accomplish a task. you would then take the information you learned from the tutorial and implement the steps yourself, i.e. actually write, test, and debug the code needed to accomplish the task.

 

the reason i mention this concept of what a tutorial should do is because the implementation code you found contains a number of problems and shortcomings that could prevent it from working on any particular php setup or of telling you why it isn't working.

 

so, rather than to find and then dump someone else's badly written code on a help forum, write, test, and debug some code yourself, one step at a time, and ask questions about problems with the code you have written or ask questions about how to implement specific features that you cannot figure out yourself.

 

btw - this code is seriously insecure. putting the decoded base64 data directly into the sql query statement will allow sql injection. passing the encoded base64 data through the mysqli escape string function doesn't do anything because the encoded data doesn't consist of any characters that the escape string function has an effect on. the best way of preventing sql injection is to use prepared queries, with place-holders in the sql query statement for data values, then supply the actual data when the query is executed.