在PHP中插入sql

Question

Lets say I have a file called comments.php . In it I have a row like this:

$post_id = $_GET['id']; 
$result = mysqli_query($con,"SELECT * FROM comments WHERE post_id = $post_id"); 

$post_id is the id of the actual entry.

If I echo $post_id it shows the entry's number, no problem there.

There's also a file called comment_send.php .

In it I want to send a comment, alongside with the id of the actual entry, so the comments will know where they belong to.

$post_id = $_GET['id'];
$result = mysqli_query($con,"SELECT * FROM comments WHERE post_id = $post_id"); 
$sql="INSERT INTO comments (comment, post_id) VALUES ('$_GET[comment]','$post_id')";

However, when I hit the submit button I get this: Notice: Undefined index: id

I dont understand the problem because in the comments.php everything works fine but if I move the same part into another file it fails. Does anyone know what my problem might be?

And yeah, the comment arrives in the database, with the number 0, instead of the entry number.

Answer 1

Your submitting data from the client to the server using a form, right? Check your action on your form. Is it POST (as it should be if you are updating your database)? If so, change $post_id = $_GET['id']; to $post_id = $_POST['id'];

As a troubleshooting tool, I typically add something like echo('<pre>'.print_r($_REQUEST,1).'</pre>'); to the top of my page. You can then find out what type of data you are sending to the server. Then when you get to your SQL statement, be sure to echo the query to see what it is.

Also, sanitize your data as you are open to SQL injection.

Answer 2

It doesn't look like you are passing 'id' to your comment_send.php page. Either pass it in with your comment, or save it as a $_SESSION variable on the previous page.