[PHP] Forum query problems

[flapietoetoe]

Hi:
Im making this forum by myself, but I'm experiencing some troubles , with the part that users can post their own message:
this is what I have:

PHP Code:

<?php 
//includes
include("dbconnect.php");
include("config.php");
$topic_id=$_GET['id']
?>

<?php if(!isset($_POST['Submit']))
{ ?>

You have chosen to post a reply to this topic. Fill in your name , then the message you want to post. Then press submit. <br>
<br>
<form name="form1" method="post" action="postmsg.php">
  <table width="712" border="0">
    <tr>
      <th width="139" scope="col">Poster:</th>
      <th width="62" scope="col">&nbsp;</th>
      <th width="497" scope="col"><input name="poster" type="text" size="30"></th>
    </tr>
  </table>
  <table width="884" border="0">
    <tr>
      <th scope="col">&nbsp;</th>
      <th scope="col">Message:</th>
      <th scope="col">&nbsp;</th>
    </tr>
  </table>
  <table width="884" height="310" border="0">
    <tr>
      <th width="135" scope="col">&nbsp;</th>
      <th width="607" scope="col"><textarea name="message" cols="99" rows="17"></textarea></th>
      <th width="128" scope="col">&nbsp;</th>
    </tr>
  </table>
  <table width="884" border="0">
<input name="" type="hidden" value=<?php echo $_GET['id']; ?> />
    <tr>
      <th scope="col">&nbsp;</th>
      <th scope="col"><input type="submit" name="Submit" value="Submit"></th>
      <th scope="col">&nbsp;</th>
    </tr>
  </table>
  <p>&nbsp;</p>
  <p>&nbsp;</p>
</form>

<?php };?>
<?php
if(isset($_POST['Submit']))
{
//Make sure the user cannot execute querys with the form.
$poster=addslashes($_POST['poster']);
$message=addslashes($_POST['message']); 
$id=addslashes($_POST['id']);

//Post the message
$SQL_statement="INSERT INTO messages (topic_ID, bericht_poster, bericht) VALUES (" . $id . "," . $poster . "," . $message . ")";
$resultset=mysql_query($SQL_statement);


echo "Your message has been placed Please click " . "<a href=\"http://" . $_SERVER['HTTP_HOST'] . $forumdir . "/functions/showtopic.php?id=" . $_POST['id'] . "\"> here</a>  and go back to the page you came from";
echo "<br>" . "id= " . $id;


};


?>

The problem is : i think... that the $_GET['id'] doesnt come through.
It is submitted through get like this:

http://www.somehost.whatever/forum/f...hp?id=whatever

[bigguy]

Would this not be better ? I dont know why you have to close it off so much, maybe I dont know what i`m talking about either. (which is possible) then use the closing php tag at the end of the file. Like I said I am probably wrong but thats the part that looked off to me.

P.S. Its not quoted right but you get the idea of what i`m saying I hope.

<?php
//includes
include("dbconnect.php");
include("config.php");
$topic_id=$ GET['id']


if(!isset($ POST['Submit']))
{

[Bryon]

PHP Code:

<?php
   // Includes
   include("dbconnect.php");
   include("config.php");

   if($_POST['Submit']) {
?>

You have chosen to post a reply to this topic. Fill in your name , then the message you want to post. Then press submit. <br>
<br>
<form name="form1" method="post" action="postmsg.php">
  <table width="712" border="0">
    <tr>
      <th width="139" scope="col">Poster:</th>
      <th width="62" scope="col">&nbsp;</th>
      <th width="497" scope="col"><input name="poster" type="text" size="30"></th>
    </tr>
  </table>
  <table width="884" border="0">
    <tr>
      <th scope="col">&nbsp;</th>
      <th scope="col">Message:</th>
      <th scope="col">&nbsp;</th>
    </tr>
  </table>
  <table width="884" height="310" border="0">
    <tr>
      <th width="135" scope="col">&nbsp;</th>
      <th width="607" scope="col"><textarea name="message" cols="99" rows="17"></textarea></th>
      <th width="128" scope="col">&nbsp;</th>
    </tr>
  </table>
  <table width="884" border="0">
<input name="id" type="hidden" value="<?php echo $_GET['id']; ?>" />
    <tr>
      <th scope="col">&nbsp;</th>
      <th scope="col"><input type="submit" name="Submit" value="Submit"></th>
      <th scope="col">&nbsp;</th>
    </tr>
  </table>
  <p>&nbsp;</p>
  <p>&nbsp;</p>
</form>

<?php
   }
   elseif($_POST['Submit']) {

/*
If you are using x10hosting as your host, magic_quotes_gpc are turned ON! That means that all single/double quotes, NULL's, and slashes are escaped automatically in GET/POST/COOKIE global variables. If you add slashes again, all quotes/slashes/etc will have [B]2[/B] slashes before them, which can be a pain. I know for a fact that x10hosting's magic_quotes_gpc is "turned on", as I have checked myself a few times now.
*/

      $poster = $_POST['poster'];
      $message = $_POST['message'];
      $id = $_POST['id'];            

         // $poster = addslashes($_POST['poster']);
         // $message = addslashes($_POST['message']);
         // $id = addslashes($_POST['id']);


// Insert the row into the database table
      mysql_query("INSERT INTO `messages` (`topic_ID`, `bericht_poster`, `bericht`) VALUES ('$id', '$poster', '$message')") or die(mysql_error()); // Effective MySQL error reporting function. -> [url]http://us3.php.net/mysql_error[/url]


// Echo success message
      echo 'Your message has been placed. Please click <a href="http://'. $_SERVER['HTTP_HOST'] . $forumdir .'/functions/showtopic.php?id='. $_POST['id'] .'"> here</a>  and go back to the page you came from.';
   }


?>

That should work.. If it doesn't, post back here with the error and I'll try to help you out some more.

:sleep2:

[bigguy]

well I was somewhat right with the top part.

[clareto]

I share some of the habits I have when php'ing that i have found useful trying to avoid errors:

$_GET and $_POST have merged into $_REQUEST, so u dont have to worry about headers and querystrings.

<?php echo $_GET['id']; ?> has the same result than <?=$_GET['id']?>

I havent tested the code, but i can see some little mess with gets and posts... I recommend u to use only $_REQUEST


pm me if you think i can help you

[Bryon]

Yea you could use the $_REQUEST super-globe array. I would rather use $_POST though, instead of $_GET, or $_REQUEST, just so vistors cannot mess with the variables as easily. Whatever floats your boat though..

[flapietoetoe]

Yes but the $_GET isnt something that is usefull to mess with , cause the only thing i get is .
when u look at a topic and u click the post msg button , it tells the script what topic u were at .

[flapietoetoe]

@nedren
thx for the help but u did make one mistake i spotted already .
u said if(isser[the submitbutton]
then it shows the form , but it should be , if the submitbutton is not set , show the form.

Btw it works. thank u m8 you rock :D


Ah, I see what you mean. Yea, my bad. I forgot to use the "!" in the if statement to check for the true/false value of the $_POST['Submit'].

Anyways, your welcome. If you need anymore help for anything.. Just post again, and you should be "taken care of" again. :-P

[flapietoetoe]

Would this not be better ? I dont know why you have to close it off so much, maybe I dont know what i`m talking about either. (which is possible) then use the closing php tag at the end of the file. Like I said I am probably wrong but thats the part that looked off to me.

P.S. Its not quoted right but you get the idea of what i`m saying I hope.

<?php
//includes
include("dbconnect.php");
include("config.php");
$topic_id=$ GET['id']


if(!isset($ POST['Submit']))
{

I'm doing that cause if i would have echoed the whole table , i would have escaped loads of "" and in this way i dont need to escape anything

[bigguy]

Ok, I`m no expert I just thought I would ask. :-)

Would this not be better ? I dont know why you have to close it off so much, maybe I dont know what i`m talking about either. (which is possible) then use the closing php tag at the end of the file. Like I said I am probably wrong but thats the part that looked off to me.

P.S. Its not quoted right but you get the idea of what i`m saying I hope.

<?php
//includes
include("dbconnect.php");
include("config.php");
$topic_id=$ GET['id']


if(!isset($ POST['Submit']))
{

I'm doing that cause if i would have echoed the whole table , i would have escaped loads of "" and in this way i dont need to escape anything