...

View Full Version : Automatically writes to database and doesnt gather right data



saunders1989
03-06-2010, 01:17 PM
im trying to create a very simple comments table when a user goes onto the image if they would like to leave a comment they would enter in some details of and then write it to the database. but when i click on the thumbnail to display the image i straight away get an unsigned variable on line 77 and cant work out the issues. and when i am on the image it writes in the database without me clicking submit. the other problem im having is it doesnt collect whats in the comments text area it just adds the word comment in the database.

here is all the code i have:


<?php
$dbLink = new mysqli('localhost', 'root', '', 'gallery');
if(mysqli_connect_errno()) {
die("MySQL connection failed: ". mysqli_connect_error());
}

if(isset($_GET['id']) && is_numeric($_GET['id'])) {
/* $_GET['id'] passes our test, so perform security functions on it & assign it to the $id variable */
$id= $dbLink->real_escape_string($_GET['id']);
} else {
/* it doesn't exist or it isn't numeric so assign a default value so our query below always gets constructed properly & safely */
$id = 1;
}

/* construct the query */
$query = "SELECT name, size, viewed_path, description FROM images WHERE id = $id";

/* run the query */
$result = $dbLink->query($query, MYSQLI_STORE_RESULT);

while($row = $result->fetch_array()) {

echo "<div id=\"image\">\n";
echo "<img src=\"" . $row['viewed_path'] . "\" alt=\"" . $row['name'] . "\" />\n";
echo "</div>\n";

echo '<p>' . $row['description'] . '</p>';

}
?>


<FORM METHOD="POST">
<INPUT TYPE="text" NAME="name" SIZE="30">
<INPUT TYPE="text" NAME="surname" SIZE="30">
<textarea NAME="comment" ROWS=6 COLS=40></textarea>
<input type="submit" name="Comment" value="Comment">
</FORM>

<?php

$comments = $dbLink->real_escape_string($_POST['Comment']);

$query = "INSERT INTO `image_comments`(`image_id`, `comments`) VALUES ('{$id}', '{$comments}')";

$results = $dbLink->query($query, MYSQLI_STORE_RESULT);

$query1 = "SELECT comments FROM image_comments WHERE id = $id";

$result = $dbLink->query($query1, MYSQLI_STORE_RESULT);
?>

thanks for reading. if you need more info understanding my problem please ask

masterofollies
03-06-2010, 03:27 PM
There is no line 77 from what you posted?

saunders1989
03-06-2010, 03:30 PM
sorry the error is actually on this line:

$comments = $dbLink->real_escape_string($_POST['comment']);

masterofollies
03-06-2010, 03:54 PM
Change this


$comments = $dbLink->real_escape_string($_POST['comment']);

To this and see if that fixes it


$comments = $dbLink->mysql_real_escape_string($_POST['comment']);

saunders1989
03-06-2010, 04:02 PM
that did actually fix the error with it automatically updating in the database. but i then get this error when i try and type a comment into my textarea and click submit to write it to the database:

Fatal error: Call to undefined method mysqli::mysql_real_escape_String() in C:\wamp\www\Blean_Photos\image.php on line 78

that is on this line : $comments = $dbLink->mysql_real_escape_String($_POST['comment']);

this is what i have:


<?php
if (isset($_POST['comment'])){

$comments = $dbLink->mysql_real_escape_String($_POST['comment']);

$query = "INSERT INTO `image_comments`(`image_id`, `comments`) VALUES ('{$id}', '{$comments}')";

$results = $dbLink->query($query, MYSQLI_STORE_RESULT);

}

$query1 = "SELECT comments FROM image_comments WHERE id = $id";

$results = $dbLink->query($query1, MYSQLI_STORE_RESULT);

while($row = $results->fetch_array()) {

}

?>

tomws
03-06-2010, 04:04 PM
One of these things is not like the others.

mysql_real_escape_String
mysql_real_escape_string

bdl
03-06-2010, 04:37 PM
As it is the MySQLI object, there is no mysql_real_escape_string function. There is, however, a mysqli_real_escape_string (http://us2.php.net/manual/en/mysqli.real-escape-string.php) function.

Having said that, the correct call is $mysqli_db_object->real_escape_string() as you had it previously, so there is something else wrong.

Get used to referring back to the API.

masterofollies
03-06-2010, 05:10 PM
True as an object it would be different.

MattF
03-06-2010, 08:17 PM
<?php

if (isset($_POST['Comment']) && !empty($_POST['Comment']))
{
$comments = $dbLink->real_escape_string($_POST['Comment']);

$query = "INSERT INTO `image_comments`(`image_id`, `comments`) VALUES ('{$id}', '{$comments}')";

$results = $dbLink->query($query, MYSQLI_STORE_RESULT);

$query1 = "SELECT comments FROM image_comments WHERE id = $id";

$result = $dbLink->query($query1, MYSQLI_STORE_RESULT);
}

?>

saunders1989
03-06-2010, 08:21 PM
i found i had a silly error in my code i had where id = $id when it should have been where image_id = $id. also the isset bit of code fixed it :). thanks a lot for all your help



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum