Unable to send data to mysqli from PHP

[Paola]

Hello everyone,

I am trying to submit a comment in a comment box and send it to the DB but is not happening. The connection is good as I am logging in and all but no data is sent to the DB when I post the comment. It doesn't show in my comment section either. 

 

Form

    <!--comment section-->
<?php
if(isset($_SESSION['id'])) {
    echo "<form method='POST' action='" . setComments($conn) . "'>
        <input type='hidden' name='uidUsers' value='".$_SESSION['id']."'>
        <input type='hidden' name='posted' value='" . date('Y-m-d H:i:s') . "'>
        Comments: <textarea rows = '5' cols = '15' name='body'></textarea><br><br>
        <button name='commentSubmit' type='submit'>Comment</button>
        </form>";
}else {
    echo "Log in to comment!";
}
 getComments($conn);

 

 

Function to set and get comments

function setComments($conn) {
    if (isset($_POST['commentSubmit'])){
        $user_id = $_POST['uidUsers'];
        $body = $_POST['body'];
        $posted = $_POST['posted'];
        $sql = "INSERT INTO comments (uidUsers, posted, body) VALUES ('$user_id', '$posted', '$body')";
        $result = mysqli_query($conn, $sql);
    }
    
}

function getComments($conn) {
    $sql = "SELECT * FROM comments";
    $result = mysqli_query($conn, $sql);
    while ($row = $result->fetch_assoc()){
        $id = $row['uidUsers'];
        $sql2 ="SELECT * FROM users WHERE uidUsers='$id'";
        $result2 = mysqli_query($conn, $sql2);
        if($row2 = $result2->fetch_assoc()){
            echo "<div class='comment-box'><p>";
            echo $row2['uidUsers'] . "<br>";
            echo $row['posted'] . "<br>";
            echo nl2br($row['body']);
            echo "</p></div>";


        }

    
    }

}

[mac_gyver]

the action='...' attribute in a form tag is the URL to which the form will submit. it is not the name of a php function, since the browser has absolutely no idea what the server side code is. since you should be submitting the form to the same page it is on, you can just leave the whole action='...' attribute out of the form tag.

when the form is submitted, your form processing code needs to detect that a post method form was submitted, validate the submitted data, then safely supply that data to the INSERT query. to safely supply the data to a query, you will want to use a prepared query, with a place-holder in the sql query statement for each value, the supply the actual data when the query gets executed.

[Paola]

Ok, the data is going into the DB now but I still cannot retrieve it 

[Paola]

Hello mac_gyver,

Thank you for the input.

The comments are being saved in DB now. I included the functions page in the page where the form is so it has access to that function. 

The comments are being saved in the DB now, but I can't retrieve them still =(

[Paola]

I figured it out.

 

I had to put id here not uidUsers

$sql2 ="SELECT * FROM users WHERE uidUsers='$id'";

 

$sql2 ="SELECT * FROM users WHERE id='$id'";

[gizmola]

That is great, but don't forget about Mac's comment regarding prepared queries.  You should not use variable interpolation for the sql string.  Here's an article you can read that covers the topic in great detail.