Jump to content

Addslashes to Post Comments? Help Please

iikatii

By iikatii
in PHP Coding Help

Recommended Posts

iikatii Newbie

iikatii

Posted
Posted

I have the following code to add a comment to videos on my site, but I can't seem to figure out how to allow ' and " characters to it!

 

I've tried all combination of addslahes commands, but none seem to work.

 

Any ideas?

 

//ADD COMMENT

if($_REQUEST[action]=="comment" || $_REQUEST[action]=="addfavour")chk_member_login($_REQUEST['viewkey']);



if($_POST[commentpost]!="")

{

if($addcomment=="")$err="Please type something in the comment box.";

if($_SESSION[uID]==$list[1])$err="You can not post comment to your own videos.";

if($err=="")

{

		$sql="insert into comments set VID=$list[0], UID=$_SESSION[uID], commen='$addcomment', addtime='".time()."'";


		$conn->execute($sql);



		if(mysql_affected_rows()==1){$sql="update video set com_num=com_num+1 WHERE VID=$list[0]";$conn->execute($sql);}


		if(mysql_affected_rows()>=1) $msg="Your comment has been successfully placed!";

		else $msg="You already posted comment on this video.";

}



}



//END

 

Thanks in advance!

 

Link to comment
https://forums.phpfreaks.com/topic/41036-addslashes-to-post-comments-help-please/
Share on other sites
genericnumber1 Member

genericnumber1

Posted
Posted

you could do something like...

 

<?php
//ADD COMMENT

if($_REQUEST[action]=="comment" || $_REQUEST[action]=="addfavour")chk_member_login($_REQUEST['viewkey']);



if($_POST[commentpost]!="")

{

if($addcomment=="")$err="Please type something in the comment box.";

if($_SESSION[uID]==$list[1])$err="You can not post comment to your own videos.";

if($err=="")

{
		$addcomment = mysql_real_escape_string(stripslashes($addcomment)); // Added

		$sql="insert into comments set VID=$list[0], UID=$_SESSION[uID], commen='$addcomment', addtime='".time()."'";



		$conn->execute($sql);



		if(mysql_affected_rows()==1){$sql="update video set com_num=com_num+1 WHERE VID=$list[0]";$conn->execute($sql);}


		if(mysql_affected_rows()>=1) $msg="Your comment has been successfully placed!";

		else $msg="You already posted comment on this video.";

}



}



//END
?>

 

are you using dreamweaver to edit your files remotely?

iikatii Newbie

iikatii

Posted
  • Author
Posted

Still didn't work. :(

 

Yes, using dreamweaver.

 

Even adding

 

$addcomment = mysql_real_escape_string(stripslashes($addcomment)); // Added

 

I get reverted back to:

 

if($_SESSION[uID]==$list[1])$err="You can not post comment to your own videos.";

 

(I get that message when I try to post a comment with ' or ")

iikatii Newbie

iikatii

Posted
  • Author
Posted

Do you mean doing something like this?

 

<?php
    echo "Welcome to our site, ";
    echo $_SESSION[uID];
    echo "!<br>";
    echo "This is the list: ";
    echo $list[1];
?>

 

Basically $_SESSION[uID] is the member's session ID, and what that does is if that video is in his list, he can't post comments to his own video.

 

But even if I am commenting on others' videos (not my own), when I add comments with ' or ", it doesn't work. :(

iikatii Newbie

iikatii

Posted
  • Author
Posted

I tried using addslashes, but still same deal. I now get this message: "You already posted your comments." (even though I haven't.. the comment will go thru fine if I don't use ' or ", but when I do, it now gives me the message that I already posted it)

 

Which is derived from the below code:

 

{if $smarty.session.UID ne "" and $isvideocommented ne ""}
                                <DIV ID=divComments><span style="font-weight:bold; color:red">                                  Rude/inappropriate comments may be deleted by the video owner.</span><br><br>
                                For problems viewing or playing the video, or for errors in the info or category, please use the <a href="#" onclick="MyWindow=window.open('http://www.****.com/report/video.php','MyWindow','toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=yes,resizable=yes,width=600,height=600,left=400,top=45'); return false;"" style="text-decoration:underline">bug reporting tool</a> instead of placing it in comments so that that it may be reported to the proper personnel & fixed as soon as possible. <br>
                                    <br>
                                        <FORM name="Add_comment" method="post" action="{$baseurl}/view_video.php?viewkey={$smarty.request.viewkey}&page={$smarty.request.page}&viewtype={$smarty.request.viewtype}&category={$smarty.request.category}">
                                        <DIV id=div_main_comment style="PADDING-left: 10px">

                                        <textarea name=addcomment ID=txtComments rows=5 cols=55></textarea>
                                        <br><br>
                                                <input class="btn"
   onmouseover="this.className='btn btnhov'" onmouseout="this.className='btn'" type="button" name="commentpost" value="Post Comment" onClick=fxSendComments('divComments','txtComments',{$smarty.session.UID},{$VID})>
                                        </DIV>
                                        </FORM>
                                </DIV >
                                <DIV ID=divComResult1 style='display:none'>
                                        <B><FONT COLOR=#339900>Your Comments has posted successfully.<br>Click your browser's <A HREF="javascript:history.go(0)">refresh</a> button to view it.<br>Salamat po!</FONT></B>                                </DIV>
                                <DIV ID=divComResult2 style='display:none'>
                                        <B><FONT COLOR=#FF0033>You already posted your comments.</FONT></B>                                </DIV>
                        {/if}

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.