...

View Full Version : Troubles with Message Board



georgesofroniou
02-16-2012, 04:39 PM
Hi Guys,

I am currently part of a team project and we are required to develop a team project manager website.
On this we need to have a basic message discussion board which will allow for basic communication of our project between ourselves and our client.

So far we have managed to create a basic layout of what we roughly would like and now beginning to implement the php/sql into the design.

As of now when we press the submit button it is only posting blank data into our sql database and therefore in the table on our discussion board it is also posting a blank row. Also we are unable to delete this blank data from the sql database.

I hope someone can advise us on what we should be doing, I shall post some code underneath this message.

Index.php


<!-- DISCUSSION BOARD -->

<div id="tabs-4">

<h3 align="center"></h3>

<div align="center"><center>
<table border="0" width="95%"><tr>
<td>

<p><a href="#new"><b>New topic</b></a></p>
<hr>
<p align="center"><b>Recent topics</b></p>
<ul>

</ul>
<hr></td>
</tr></table>
</center></div>

<p align="center"><a name="new"></a><b>Add new topic</b></p>
<div align="center"><center>
<table border="0"><tr>
<td>

<html>
<body>

<form action="insert.php" method="post">
<br><b>First name:</b> <br><input type=text name="FirstName" size=30 maxlength=30>
<br>Last name (optional): <br><input type=text name="LastName" size=30 maxlength=30>
<br>Email (optional): <br><input type=text name="Email" size=30 maxlength=50>
<br><b>Subject:</b> <br><input type=text name="Subject" size=30 maxlength=150>
<br><b>Message:</b> <br><textarea cols=50 rows=9 name="Message"></textarea>
<br><br><input type="submit" />
</form><br>



<?php
$con = mysql_connect("............");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("....", $con);

$result = mysql_query("SELECT * FROM DiscussionBoard");

echo "<table border='1' cellspacing='0' cellpadding='1' width='150%'>
<tr>
<th>First name</th>
<th>Subject</th>
<th>Message</th>
</tr>";

while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['FirstName'] . "</td>";
echo "<td>" . $row['Subject'] . "</td>";
echo "<td>" . $row['Message'] . "</td>";
echo "</tr>";
}
echo "</table>";

mysql_close($con);
?>


insert.php


<?php
$con = mysql_connect("....blank on forum for security reasons....");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("...", $con);

$sql="INSERT INTO DiscussionBoard (FirstName, LastName, Email, Subject, Message)
VALUES
('$_POST[FirstName]','$_POST[LastName]','$_POST[Email]','$_POST[Subject]','$_POST[Message]')";

if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";

mysql_close($con)
?>

mlseim
02-16-2012, 04:52 PM
You should always sanitize them first before putting into a query.
And doing this might make it work ... I'm thinking the $_POST variables
in the query might be making it fail ... not sure. See if this works anyhow.



<?php
$con = mysql_connect("....blank on forum for security reasons....");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("...", $con);

$first=mysql_real_escape_string([$_POST['FirstName']);
$last=mysql_real_escape_string([$_POST['LastName']);
$email=mysql_real_escape_string([$_POST['Email']);
$subject=mysql_real_escape_string([$_POST['Subject']);
$message=mysql_real_escape_string([$_POST['Message']);

$sql="INSERT INTO DiscussionBoard (FirstName, LastName, Email, Subject, Message)
VALUES ('$first', '$last', '$email', '$subject', '$message')";

if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record added";

mysql_close($con)
?>

georgesofroniou
02-22-2012, 04:16 PM
Thanks mlseim, that worked perfectly!

One more question for you - we were wondering if you knew how to add a date and time of post on each of the comments posted on the discussion board?

Thanks! :)

mlseim
02-22-2012, 05:01 PM
You need to add a new column to your MySQL table.

Perhaps you'll call it: Timestamp varchar(12)

At the top of your script, define what your timezone is going to be:

In my case, it's US Central Time:
date_default_timezone_set('America/Chicago');

There is a list of valid country/city names:
http://php.net/manual/en/timezones.php

Next, right before your $sql line, add this:
$timestamp=time();

So it looks like this:

$timestamp=time();
$sql="INSERT INTO DiscussionBoard (FirstName, LastName, Email, Subject, Message, Timestamp)
VALUES ('$first', '$last', '$email', '$subject', '$message', '$timestamp')";

That's an example ... you may use a different column name.

It's writing a 10-digit number (UNIX timestamp) into that column.
That's a number with a resolution in seconds. It's the number of
seconds since January 1, 1970. It works great for doing comparisons
also. If you wanted to search for all posts before or after a certain
date and time.

To display UNIX Timestamp in "human terms", you use the date function.

echo "Date/Time is: ".date("m-d-Y H:i:s", $timestamp);

You pick whatever format to use.
http://php.net/manual/en/function.date.php



.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum