Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 10 of 10
  1. #1
    New Coder
    Join Date
    Jan 2010
    Posts
    69
    Thanks
    12
    Thanked 0 Times in 0 Posts

    Automatically writes to database and doesnt gather right data

    im trying to create a very simple comments table when a user goes onto the image if they would like to leave a comment they would enter in some details of and then write it to the database. but when i click on the thumbnail to display the image i straight away get an unsigned variable on line 77 and cant work out the issues. and when i am on the image it writes in the database without me clicking submit. the other problem im having is it doesnt collect whats in the comments text area it just adds the word comment in the database.

    here is all the code i have:

    PHP Code:
    <?php
    $dbLink 
    = new mysqli('localhost''root''''gallery');
    if(
    mysqli_connect_errno()) {
    die(
    "MySQL connection failed: "mysqli_connect_error());
    }

    if(isset(
    $_GET['id']) && is_numeric($_GET['id'])) {
    /* $_GET['id'] passes our test, so perform security functions on it & assign it to the $id variable */
    $id$dbLink->real_escape_string($_GET['id']);
    } else {
    /* it doesn't exist or it isn't numeric so assign a default value so our query below always gets constructed properly & safely */
    $id 1;
    }

    /* construct the query */
    $query "SELECT name, size, viewed_path, description FROM images WHERE id = $id";

    /* run the query */
    $result $dbLink->query($queryMYSQLI_STORE_RESULT); 

    while(
    $row $result->fetch_array()) { 

        echo 
    "<div id=\"image\">\n";
        echo 
    "<img src=\"" $row['viewed_path'] . "\" alt=\"" $row['name'] . "\" />\n";  
        echo 
    "</div>\n";
        
        echo 
    '<p>' $row['description'] . '</p>';


    ?>


    <FORM METHOD="POST">
    <INPUT TYPE="text" NAME="name" SIZE="30">
    <INPUT TYPE="text" NAME="surname" SIZE="30">
    <textarea NAME="comment" ROWS=6 COLS=40></textarea>
    <input type="submit" name="Comment" value="Comment">  
    </FORM>

    <?php

    $comments 
    $dbLink->real_escape_string($_POST['Comment']);

    $query "INSERT INTO `image_comments`(`image_id`, `comments`) VALUES ('{$id}', '{$comments}')";

    $results $dbLink->query($queryMYSQLI_STORE_RESULT);

    $query1 "SELECT comments FROM image_comments WHERE id = $id";

    $result $dbLink->query($query1MYSQLI_STORE_RESULT);
    ?>
    thanks for reading. if you need more info understanding my problem please ask

  • #2
    Senior Coder
    Join Date
    May 2005
    Posts
    2,137
    Thanks
    96
    Thanked 72 Times in 72 Posts
    There is no line 77 from what you posted?
    Rowsdower! has accused me of having mental problems, and the administrator allowed it. What a great forum huh?

  • #3
    New Coder
    Join Date
    Jan 2010
    Posts
    69
    Thanks
    12
    Thanked 0 Times in 0 Posts
    sorry the error is actually on this line:

    $comments = $dbLink->real_escape_string($_POST['comment']);

  • #4
    Senior Coder
    Join Date
    May 2005
    Posts
    2,137
    Thanks
    96
    Thanked 72 Times in 72 Posts
    Change this

    PHP Code:
    $comments $dbLink->real_escape_string($_POST['comment']); 
    To this and see if that fixes it

    PHP Code:
    $comments $dbLink->mysql_real_escape_string($_POST['comment']); 
    Rowsdower! has accused me of having mental problems, and the administrator allowed it. What a great forum huh?

  • #5
    New Coder
    Join Date
    Jan 2010
    Posts
    69
    Thanks
    12
    Thanked 0 Times in 0 Posts
    that did actually fix the error with it automatically updating in the database. but i then get this error when i try and type a comment into my textarea and click submit to write it to the database:

    Fatal error: Call to undefined method mysqli::mysql_real_escape_String() in C:\wamp\www\Blean_Photos\image.php on line 78

    that is on this line : $comments = $dbLink->mysql_real_escape_String($_POST['comment']);

    this is what i have:

    PHP Code:
    <?php
    if (isset($_POST['comment'])){
        
    $comments $dbLink->mysql_real_escape_String($_POST['comment']);

    $query "INSERT INTO `image_comments`(`image_id`, `comments`) VALUES ('{$id}', '{$comments}')";

    $results $dbLink->query($queryMYSQLI_STORE_RESULT);

    }

    $query1 "SELECT comments FROM image_comments WHERE id = $id";

    $results $dbLink->query($query1MYSQLI_STORE_RESULT);

    while(
    $row $results->fetch_array()) {
        
    }

    ?>

  • #6
    Senior Coder tomws's Avatar
    Join Date
    Nov 2007
    Location
    Arkansas
    Posts
    2,644
    Thanks
    29
    Thanked 330 Times in 326 Posts
    One of these things is not like the others.
    mysql_real_escape_String
    mysql_real_escape_string
    Are you a Help Vampire?

  • #7
    bdl
    bdl is offline
    Regular Coder
    Join Date
    Apr 2007
    Location
    Camarillo, CA US
    Posts
    590
    Thanks
    4
    Thanked 83 Times in 82 Posts
    As it is the MySQLI object, there is no mysql_real_escape_string function. There is, however, a mysqli_real_escape_string function.

    Having said that, the correct call is $mysqli_db_object->real_escape_string() as you had it previously, so there is something else wrong.

    Get used to referring back to the API.
    Last edited by bdl; 03-06-2010 at 04:40 PM.

  • #8
    Senior Coder
    Join Date
    May 2005
    Posts
    2,137
    Thanks
    96
    Thanked 72 Times in 72 Posts
    True as an object it would be different.
    Rowsdower! has accused me of having mental problems, and the administrator allowed it. What a great forum huh?

  • #9
    Senior Coder
    Join Date
    Jul 2009
    Location
    South Yorkshire, England
    Posts
    2,318
    Thanks
    6
    Thanked 304 Times in 303 Posts
    Code:
    <?php
    
    if (isset($_POST['Comment']) && !empty($_POST['Comment']))
    {
        $comments = $dbLink->real_escape_string($_POST['Comment']);
    
        $query = "INSERT INTO `image_comments`(`image_id`, `comments`) VALUES ('{$id}', '{$comments}')";
    
        $results = $dbLink->query($query, MYSQLI_STORE_RESULT);
    
        $query1 = "SELECT comments FROM image_comments WHERE id = $id";
    
        $result = $dbLink->query($query1, MYSQLI_STORE_RESULT);
    }
    
    ?>

  • #10
    New Coder
    Join Date
    Jan 2010
    Posts
    69
    Thanks
    12
    Thanked 0 Times in 0 Posts
    i found i had a silly error in my code i had where id = $id when it should have been where image_id = $id. also the isset bit of code fixed it . thanks a lot for all your help


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •