Paola Posted June 27, 2019 Share Posted June 27, 2019 Hello everyone, I am trying to submit a comment in a comment box and send it to the DB but is not happening. The connection is good as I am logging in and all but no data is sent to the DB when I post the comment. It doesn't show in my comment section either. Form <!--comment section--> <?php if(isset($_SESSION['id'])) { echo "<form method='POST' action='" . setComments($conn) . "'> <input type='hidden' name='uidUsers' value='".$_SESSION['id']."'> <input type='hidden' name='posted' value='" . date('Y-m-d H:i:s') . "'> Comments: <textarea rows = '5' cols = '15' name='body'></textarea><br><br> <button name='commentSubmit' type='submit'>Comment</button> </form>"; }else { echo "Log in to comment!"; } getComments($conn); Function to set and get comments function setComments($conn) { if (isset($_POST['commentSubmit'])){ $user_id = $_POST['uidUsers']; $body = $_POST['body']; $posted = $_POST['posted']; $sql = "INSERT INTO comments (uidUsers, posted, body) VALUES ('$user_id', '$posted', '$body')"; $result = mysqli_query($conn, $sql); } } function getComments($conn) { $sql = "SELECT * FROM comments"; $result = mysqli_query($conn, $sql); while ($row = $result->fetch_assoc()){ $id = $row['uidUsers']; $sql2 ="SELECT * FROM users WHERE uidUsers='$id'"; $result2 = mysqli_query($conn, $sql2); if($row2 = $result2->fetch_assoc()){ echo "<div class='comment-box'><p>"; echo $row2['uidUsers'] . "<br>"; echo $row['posted'] . "<br>"; echo nl2br($row['body']); echo "</p></div>"; } } } Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted June 27, 2019 Share Posted June 27, 2019 the action='...' attribute in a form tag is the URL to which the form will submit. it is not the name of a php function, since the browser has absolutely no idea what the server side code is. since you should be submitting the form to the same page it is on, you can just leave the whole action='...' attribute out of the form tag. when the form is submitted, your form processing code needs to detect that a post method form was submitted, validate the submitted data, then safely supply that data to the INSERT query. to safely supply the data to a query, you will want to use a prepared query, with a place-holder in the sql query statement for each value, the supply the actual data when the query gets executed. Quote Link to comment Share on other sites More sharing options...
Paola Posted June 27, 2019 Author Share Posted June 27, 2019 Ok, the data is going into the DB now but I still cannot retrieve it Quote Link to comment Share on other sites More sharing options...
Paola Posted June 27, 2019 Author Share Posted June 27, 2019 Hello mac_gyver, Thank you for the input. The comments are being saved in DB now. I included the functions page in the page where the form is so it has access to that function. The comments are being saved in the DB now, but I can't retrieve them still =( Quote Link to comment Share on other sites More sharing options...
Paola Posted June 27, 2019 Author Share Posted June 27, 2019 I figured it out. I had to put id here not uidUsers $sql2 ="SELECT * FROM users WHERE uidUsers='$id'"; $sql2 ="SELECT * FROM users WHERE id='$id'"; Quote Link to comment Share on other sites More sharing options...
gizmola Posted June 27, 2019 Share Posted June 27, 2019 That is great, but don't forget about Mac's comment regarding prepared queries. You should not use variable interpolation for the sql string. Here's an article you can read that covers the topic in great detail. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.