gtrufitt Posted March 15, 2008 Share Posted March 15, 2008 Hi, I am getting utterly confused with this. It displays the comments correctly but does not display the senders name, I'm sure I am just running the query on the wrong place but I really cannot get my head around it! The $user_id (who owns the profile) is taken from the GET. The $sesid is the usersID. The profileid is the profile owners ID. profilecomments has the colums ID (senders id taken from the session), comment and profileid (taken from the GET) Heres the related code: <?php session_start(); if (!isset($_SESSION['sesid'])){ header("Location: authenticate.php"); } $sesid = $_SESSION['sesid'] ?> <?php mysql_connect("localhost", "admin", "admin") or die("Cannot connect to DB!"); mysql_select_db("padgate") or die("Cannot select DB!"); $user_id = $_GET['user']; $login = "SELECT id, email, f_name, l_name FROM user WHERE id = '$user_id'"; $r = mysql_query($login) or die(mysql_error()."<Br /><br /.".$login); // don't use your SQL statement in your error. It will let malicious users know your table structure and open it up to sql injection. $count = mysql_num_rows($r); $row = mysql_fetch_array($r); $f_name = $row['f_name']; $l_name = $row['l_name']; $id = $row['id']; $hall = "SELECT id, hallid FROM userhall WHERE id = '$id'"; $p = mysql_query($hall) or die(mysql_error()."<Br /><br /.".$hall); $halln = mysql_fetch_array($p); $hallid = $halln['hallid']; $hallna = "SELECT hallid, name FROM hall WHERE hallid = '$hallid'"; $h = mysql_query($hallna) or die(); $hallne = mysql_fetch_array($h); $hallname = $hallne['name']; $profile = "SELECT about FROM profile WHERE id = '$id'"; $pr = mysql_query($profile) or die(); $aboutme = mysql_fetch_array($pr); $about = $aboutme['about']; ?> <?php $profilecomments = "SELECT id, comment FROM profilecomment WHERE profileid = '$user_id'"; $pc = mysql_query($profilecomments) or die(); $senderid = $pc['id']; ?> <?php if (mysql_num_rows($pc) == 0) { echo '<p><h2>' . $f_name . 'has no comments!</h2></p>' ; } else { $sender = "SELECT f_name FROM user WHERE id = '$senderid'"; $sc = mysql_query($sender) or die(mysql_error()."<Br /><br /.".$sender); // don't use your SQL statement in your error. It will let malicious users know your table structure and open it up to sql injection. while($rowa = mysql_fetch_array($pc)) { $rows = mysql_fetch_array($sc); echo '<table id="profiletable"><tr><td><a href ="userprofile.php?user='; echo $rowa['id']; echo '">'; echo $rowa['comment']; echo 'from '; echo $rows['f_name']."</a></tr></td></table>\n"; } } ?> code] Thanks Quote Link to comment Share on other sites More sharing options...
syed Posted March 15, 2008 Share Posted March 15, 2008 Hi gtrufitt You have a few code blocks, can you explain a bit more about what your code needs to do. Quote Link to comment Share on other sites More sharing options...
gtrufitt Posted March 15, 2008 Author Share Posted March 15, 2008 Yup. The code takes the userid and selects comments that are related to that userid from the profilecomments table. It then displays all the comments, along with the name of the sender of the comment (whos user id is taken from the profilecomment table and used to retrieve the users name from the user table). The code so far displays all of the comments that are related to the profile but I cannot get it to echo the senders name along with the comments. Is that a bit clearer? I know the code is a bit of a mess as well, sorry about that. Thanks Quote Link to comment Share on other sites More sharing options...
gtrufitt Posted March 15, 2008 Author Share Posted March 15, 2008 Anyone? Quote Link to comment Share on other sites More sharing options...
dotBz Posted March 15, 2008 Share Posted March 15, 2008 $pc = mysql_query($profilecomments) or die(); $senderid = $pc['id']; Same problem I guess.. the one you had a while ago :-\ Quote Link to comment Share on other sites More sharing options...
Hinty Posted March 15, 2008 Share Posted March 15, 2008 $profilecomments = "SELECT id, comment FROM profilecomment WHERE profileid = '$user_id'"; $pc = mysql_query($profilecomments) or die(); $row = mysql_fetch_array($pc); $senderid = $row['id']; I'm not too sure if thats whats wrong but give that a go. Good Luck Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.