[PHP] Forum query problems

Discussion in 'Scripts, 3rd Party Apps, and Programming' started by flapietoetoe, Nov 18, 2005.

  1. flapietoetoe

    flapietoetoe New Member

    Messages:
    226
    Likes Received:
    0
    Trophy Points:
    0
    Hi:
    Im making this forum by myself, but I'm experiencing some troubles , with the part that users can post their own message:
    this is what I have:

    PHP:
    <?php 
    //includes
    include("dbconnect.php");
    include(
    "config.php");
    $topic_id=$_GET['id']
    ?>

    <?php if(!isset($_POST['Submit']))
    ?>

    You have chosen to post a reply to this topic. Fill in your name , then the message you want to post. Then press submit. <br>
    <br>
    <form name="form1" method="post" action="postmsg.php">
      <table width="712" border="0">
        <tr>
          <th width="139" scope="col">Poster:</th>
          <th width="62" scope="col">&nbsp;</th>
          <th width="497" scope="col"><input name="poster" type="text" size="30"></th>
        </tr>
      </table>
      <table width="884" border="0">
        <tr>
          <th scope="col">&nbsp;</th>
          <th scope="col">Message:</th>
          <th scope="col">&nbsp;</th>
        </tr>
      </table>
      <table width="884" height="310" border="0">
        <tr>
          <th width="135" scope="col">&nbsp;</th>
          <th width="607" scope="col"><textarea name="message" cols="99" rows="17"></textarea></th>
          <th width="128" scope="col">&nbsp;</th>
        </tr>
      </table>
      <table width="884" border="0">
    <input name="" type="hidden" value=<?php echo $_GET['id']; ?> />
        <tr>
          <th scope="col">&nbsp;</th>
          <th scope="col"><input type="submit" name="Submit" value="Submit"></th>
          <th scope="col">&nbsp;</th>
        </tr>
      </table>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
    </form>

    <?php };?>
    <?php
    if(isset($_POST['Submit']))
    {
    //Make sure the user cannot execute querys with the form.
    $poster=addslashes($_POST['poster']);
    $message=addslashes($_POST['message']); 
    $id=addslashes($_POST['id']);

    //Post the message
    $SQL_statement="INSERT INTO messages (topic_ID, bericht_poster, bericht) VALUES (" $id "," $poster "," $message ")";
    $resultset=mysql_query($SQL_statement);


    echo 
    "Your message has been placed Please click " "<a href=\"http://" $_SERVER['HTTP_HOST'] . $forumdir "/functions/showtopic.php?id=" $_POST['id'] . "\"> here</a>  and go back to the page you came from";
    echo 
    "<br>" "id= " $id;


    };


    ?>



    The problem is : i think... that the $_GET['id'] doesnt come through.
    It is submitted through get like this:

    www.somehost.whatever/forum/functions/postmsg.php?id=whatever
     
  2. bigguy

    bigguy Retired

    Messages:
    10,984
    Likes Received:
    10
    Trophy Points:
    38
    Would this not be better ? I dont know why you have to close it off so much, maybe I dont know what i`m talking about either. (which is possible) then use the closing php tag at the end of the file. Like I said I am probably wrong but thats the part that looked off to me.

    P.S. Its not quoted right but you get the idea of what i`m saying I hope.

     
  3. Bryon

    Bryon I Fix Things

    Messages:
    8,149
    Likes Received:
    101
    Trophy Points:
    48
    PHP:
    <?php
       
    // Includes
       
    include("dbconnect.php");
       include(
    "config.php");

       if(
    $_POST['Submit']) {
    ?>

    You have chosen to post a reply to this topic. Fill in your name , then the message you want to post. Then press submit. <br>
    <br>
    <form name="form1" method="post" action="postmsg.php">
      <table width="712" border="0">
        <tr>
          <th width="139" scope="col">Poster:</th>
          <th width="62" scope="col">&nbsp;</th>
          <th width="497" scope="col"><input name="poster" type="text" size="30"></th>
        </tr>
      </table>
      <table width="884" border="0">
        <tr>
          <th scope="col">&nbsp;</th>
          <th scope="col">Message:</th>
          <th scope="col">&nbsp;</th>
        </tr>
      </table>
      <table width="884" height="310" border="0">
        <tr>
          <th width="135" scope="col">&nbsp;</th>
          <th width="607" scope="col"><textarea name="message" cols="99" rows="17"></textarea></th>
          <th width="128" scope="col">&nbsp;</th>
        </tr>
      </table>
      <table width="884" border="0">
    <input name="id" type="hidden" value="<?php echo $_GET['id']; ?>" />
        <tr>
          <th scope="col">&nbsp;</th>
          <th scope="col"><input type="submit" name="Submit" value="Submit"></th>
          <th scope="col">&nbsp;</th>
        </tr>
      </table>
      <p>&nbsp;</p>
      <p>&nbsp;</p>
    </form>

    <?php
       
    }
       elseif(
    $_POST['Submit']) {

    /*
    If you are using x10hosting as your host, magic_quotes_gpc are turned ON! That means that all single/double quotes, NULL's, and slashes are escaped automatically in GET/POST/COOKIE global variables. If you add slashes again, all quotes/slashes/etc will have [B]2[/B] slashes before them, which can be a pain. I know for a fact that x10hosting's magic_quotes_gpc is "turned on", as I have checked myself a few times now.
    */

          
    $poster $_POST['poster'];
          
    $message $_POST['message'];
          
    $id $_POST['id'];            

             
    // $poster = addslashes($_POST['poster']);
             // $message = addslashes($_POST['message']);
             // $id = addslashes($_POST['id']);


    // Insert the row into the database table
          
    mysql_query("INSERT INTO `messages` (`topic_ID`, `bericht_poster`, `bericht`) VALUES ('$id', '$poster', '$message')") or die(mysql_error()); // Effective MySQL error reporting function. -> [url]http://us3.php.net/mysql_error[/url]


    // Echo success message
          
    echo 'Your message has been placed. Please click <a href="http://'$_SERVER['HTTP_HOST'] . $forumdir .'/functions/showtopic.php?id='$_POST['id'] .'"> here</a>  and go back to the page you came from.';
       }


    ?>
    That should work.. If it doesn't, post back here with the error and I'll try to help you out some more.

    :sleep2:
     
    Last edited: Nov 18, 2005
  4. bigguy

    bigguy Retired

    Messages:
    10,984
    Likes Received:
    10
    Trophy Points:
    38
    well I was somewhat right with the top part.
     
  5. clareto

    clareto New Member

    Messages:
    250
    Likes Received:
    0
    Trophy Points:
    0
    I share some of the habits I have when php'ing that i have found useful trying to avoid errors:

    $_GET and $_POST have merged into $_REQUEST, so u dont have to worry about headers and querystrings.

    <?php echo $_GET['id']; ?> has the same result than <?=$_GET['id']?>

    I havent tested the code, but i can see some little mess with gets and posts... I recommend u to use only $_REQUEST


    pm me if you think i can help you
     
  6. Bryon

    Bryon I Fix Things

    Messages:
    8,149
    Likes Received:
    101
    Trophy Points:
    48
    Yea you could use the $_REQUEST super-globe array. I would rather use $_POST though, instead of $_GET, or $_REQUEST, just so vistors cannot mess with the variables as easily. Whatever floats your boat though..
     
  7. flapietoetoe

    flapietoetoe New Member

    Messages:
    226
    Likes Received:
    0
    Trophy Points:
    0
    Yes but the $_GET isnt something that is usefull to mess with , cause the only thing i get is .
    when u look at a topic and u click the post msg button , it tells the script what topic u were at .
     
  8. flapietoetoe

    flapietoetoe New Member

    Messages:
    226
    Likes Received:
    0
    Trophy Points:
    0
    @nedren
    thx for the help but u did make one mistake i spotted already .
    u said if(isser[the submitbutton]
    then it shows the form , but it should be , if the submitbutton is not set , show the form.

    Btw it works. thank u m8 you rock :D


    Ah, I see what you mean. Yea, my bad. I forgot to use the "!" in the if statement to check for the true/false value of the $_POST['Submit'].

    Anyways, your welcome. If you need anymore help for anything.. Just post again, and you should be "taken care of" again. :p
     
    Last edited by a moderator: Nov 19, 2005
  9. flapietoetoe

    flapietoetoe New Member

    Messages:
    226
    Likes Received:
    0
    Trophy Points:
    0
    I'm doing that cause if i would have echoed the whole table , i would have escaped loads of "" and in this way i dont need to escape anything:)
     
  10. bigguy

    bigguy Retired

    Messages:
    10,984
    Likes Received:
    10
    Trophy Points:
    38
    Ok, I`m no expert I just thought I would ask. :)



     
  11. Bryon

    Bryon I Fix Things

    Messages:
    8,149
    Likes Received:
    101
    Trophy Points:
    48
    What? I just posted but I don't see it.. I dont get it. I don't want to type it all over again.

    Bah, I guess I will.

    Yea, my bad about me forgetting to use the "!" in the if statement to check whether or not the value of $_POST['Submit']. Your welcome. :)

    If you ever need any more help with things like this, just post, and you should be "taken care of". :p
     

Share This Page