...

View Full Version : Comment box in php & mysql INSERT variables into a table?



helraizer
11-12-2007, 12:58 AM
Hi all, my first thread here.

I am making a comment box for my site in HTML, PHP and MySQL.

So far I have this:


<?php

error_reporting(E_ALL);

ini_set('display_errors', true);

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
<meta name="author" content="Samuel Boulton">

<title>Untitled 1</title>
<style type="text/css">


.commentbox{
background-color: #ececec;
width: 450px;
padding: 10px;
}

.commentfooter{
background: url(arrow.gif) 20px 0 no-repeat;
padding-left: 58px;
padding-top: 1px;
margin-bottom: 2em;
font-size: 90%;
color: #4A4A4A;
}

</style>

</head>

<body>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset>
<legend>Details</legend><p>
<label for="username">Username: &nbsp; </label><input type="text" id="username" name="username" maxlength="10" size="11"><br>
<label for="email">Email : </label>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="text" id="email" name="email" size="50">
<label for="comment">Your Comment: </label><input type="text" id="comment" name="comment" maxlength="150" size="150"> <br><br><br><br></p></fieldset>
<input type="submit" value="Submit comment">
<br><br><br><br><br><br>
</form>
<?php

$date = date("H:i jS F Y");
$user = $_POST['username'];
$email = $_POST['email'];
$comment = $_POST['comment'];


mysql_connect("127.0.0.1", "web86-helraizer", "ih8hackers135");

mysql_select_db("web86-helraizer");

$sql1 = 'INSERT INTO `web86-helraizer`.`Comment` (`id`, `filename`, `username`, `email`, `comments`, `date`) VALUES (\'\', \'\', \'$user\', \'$email\', \'$comment\', \'$date\');';

mysql_query($sql1) or die(mysql_error());

$sql = "SELECT * FROM Comment";

$result = mysql_query($sql) or die(mysql_error());



while ($row = mysql_fetch_array($result)) {
echo "<div class='commentbox'>";
echo "Comment: " . $shout . "\n";
echo "</div>";
echo "<div class='commentfooter'>";
echo "Posted by: " .$name. "[" . $email . "] on " . $date . "\n";
echo "</div>";
}

$name = stripslashes($row['username']);
$contact = stripslashes($row['email']);
$shout = stripslashes($row['comments']);
?>


</body>
</html>

The idea works, as when you post it creates a new div containing what should be the comment.

The only problem is it comes up with php errors such as

'Notice: Undefined variable: shout in /home/sites/helraizer.co.uk/public_html/count/index.php on line 74
Comment:

Notice: Undefined variable: name in /home/sites/helraizer.co.uk/public_html/count/index.php on line 77
Posted by: [example@yourdomain.com] on 00:22 12th November 2007 '

With the $sql1 (INSERT INTO), is there a way that I can use php variables for say, Username, email, comment and date, and insert those into the table? because at the moment it inputs literally '$user', '$email', '$shout' and '$date' into the table, which isn't much help to man, nor beast. Any way I could do this?

Sam

Inigoesdr
11-12-2007, 02:30 AM
'Notice: Undefined variable: shout in /home/sites/helraizer.co.uk/public_html/count/index.php on line 74
Comment:

Notice: Undefined variable: name in /home/sites/helraizer.co.uk/public_html/count/index.php on line 77
Posted by: [example@yourdomain.com] on 00:22 12th November 2007 '

You have to use $row['name'], $row['shout'] etc. in your loop. The result row is stored as an array in $row by your loop condition.

With the $sql1 (INSERT INTO), is there a way that I can use php variables for say, Username, email, comment and date, and insert those into the table? because at the moment it inputs literally '$user', '$email', '$shout' and '$date' into the table, which isn't much help to man, nor beast. Any way I could do this?

PHP won't parse variables inside of single-quotes. You have to concatenate the string, or use double-quotes.
$string = 'begin ' . $variable . ' end';
//or
$string = "begin $variable end";

helraizer
11-13-2007, 12:43 AM
Thank you. That works now. =)

Another few bugs have appeared, most of which I've fixed but there is one thing I've only been able to half fix.

Before, as soon as the page was loaded it posted a blank comment, because of the loop. So I used if(empty()) then, as a result it didn't show any empty messages, (good) but it still sent the empty values to the database (bad).

After that, on a different problem I've added



if (empty($_POST['username'])) {
break;
}
if (empty($_POST['email'])) {
break;
}
if (empty($_POST['comment'])) {
break;
}
else {
$sql1 = 'INSERT INTO `web86-helraizer`.`Comment` (`id`, `filename`, `username`, `email`, `comments`, `date`) VALUES (\'\', \'\',' . $user .',' . $email .','. $comment .','. $date.')';
}
mysql_query($sql1) or die(mysql_error());

which half works, it doesn't send any blank data to the database, and does send fully written comments to it. But when the fields are blank it shows no comment boxes and reads

"Fatal error: Cannot break/continue 1 level in /home/sites/helraizer.co.uk/public_html/count/index.php on line 86"

Can anyone help me with this?

Thanks,
Sam

psykx
11-13-2007, 02:02 AM
well which is line 86?

Inigoesdr
11-13-2007, 02:55 AM
Using something like this is easier:

if(!empty($_POST['username']) && !empty($_POST['email']) && !empty($_POST['comment']))
{
$sql1 = 'INSERT INTO `web86-helraizer`.`Comment` (`id`, `filename`, `username`, `email`, `comments`, `date`) VALUES (NULL, \'\',\'' . mysql_real_escape_string($_POST['user']) .'\',\'' . mysql_real_escape_string($_POST['email']) .'\',\''. mysql_real_escape_string($_POST['comment']) .'\',\''. mysql_real_escape_string($_POST['date']) .'\')';
$result = mysql_query($sql1) or die(mysql_error());
}

Edit: You may want to check that query.. it didn't have any quotes around the data.

helraizer
11-13-2007, 05:07 PM
well which is line 86?

Line 85/86



if (empty($_POST['username'])) {
break;


-----


Edit: You may want to check that query.. it didn't have any quotes around the data.

The query wouldn't work with quotes around the php variables so for that I used:


$date = "'" . date("H:i jS F Y") . "'";
$user = "'" . $_POST['username'] . "'";
$email = "'" . $_POST['email'] . "'";
$comment = "'" . $_POST['comment'] . "'";

This means that the single quote marks are within the variable itself giving the same results.

-----
I've fixed it now! Just realised it wasn't inside a loop, thus the break; wouldn't work. I made a function to call eachtime.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum