I'm quite new in PHP and MySQL. I tried to make message board where user can post some message on wall and the every logged user can read it.
Now when someone add message doesn't write in table author_id and date_added. I need them when results are displayed.
Here is new.php
if(isset($_POST['formSubmit']))
{
$errorMessage = "";
if(empty($_POST['formTitle']))
{
$errorMessage .= "<li>Doesn't have title!</li>";
}
if(empty($_POST['formContent']))
{
$errorMessage .= "<li>The field for content is empty!</li>";
}
if(empty($errorMessage))
{
$db = mysql_connect("localhost","root","");
if(!$db) die("Error connecting to MySQL database.");
mysql_select_db("homework3" ,$db);
$sql = "INSERT INTO massages (author_id, date_added, title, content) VALUES ('$_POST[author_id]', '$_POST[date_added]', '$_POST[formTitle]', '$_POST[formContent]')";
mysql_query($sql);
header("Location: index.php");
exit();
}
}
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
<div><label for='formTitle'>Title<input type="text" name="formTitle" value="" style="width: 350px;"></label></div></br>
<div><label for='formContent'>Content</div><textarea name="formContent" style="width: 344px; height: 100px;"></textarea>
<input type="submit" class="formbutton" name="formSubmit" value="Send"/>
</form>
Edit: I don't know if you need this but this is how I display massages:
$sql = 'SELECT username, msg_id, title, content, date_added FROM massages as m, users as u WHERE author_id = user_id ORDER BY m.date_added DESC';
$result = mysqli_query($link, $sql);
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
$real_date = date('d.m.Y', $row['date_added']);
echo '<table>
<tr>
<td>' . $row['msg_id'] . '. ' . $row['title'] . '</td>
</tr>
<tr>
<td>' . $row['content'] . '</td>
</tr>
<tr>
<td>By<span style="color: #CC0033;">' . $row['username'] . '</span> on <span style="color: #CC0033;">' . $real_date . '</span></td></br>
</tr>
</table>';
}
}
When author login, Store author_id
in session.
$author_id=$_SESSION['username'];
Then store it in database.
$sql = "INSERT INTO massages (author_id, date_added, title, content) VALUES ('$author_id', 'NOW()', '$_POST[formTitle]', '$_POST[formContent]')";
NOTE
Don't forget to start the session on the top
<?php
session_start();
// then your all code
You can use hidden attributes ie type = 'hidden'
for auther_id
For example in your form
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
<div><label for='formTitle'>Title<input type="text" name="formTitle" value="" style="width: 350px;"></label></div></br>
<div><label for='formContent'>Content</div><textarea name="formContent" style="width: 344px; height: 100px;"></textarea>
<input type="hidden" name="author_id" value="<?php echo $_SESSION['what_ever']; ?>"/>
<input type="submit" class="formbutton" name="formSubmit" value="Send"/>
</form>
NOTE: <?php echo $_SESSION['what_ever']; ?>
<?php echo $_SESSION['what_ever']; ?>
is just an assumption of how your author_id
could be
and for date_added you can create add this directly in the query no need to post it via form
$sql = "INSERT INTO massages (author_id, date_added, title, content) VALUES ('$_POST[author_id]', NOW(), '$_POST[formTitle]', '$_POST[formContent]')";
You should also avoid sending author_id
via post and add it rather in this manner
$auther_id = $_SESSION['username'];
$sql = "INSERT INTO massages (author_id, date_added, title, content) VALUES ('$auther_id', NOW(), '$_POST[formTitle]', '$_POST[formContent]')";
IMPORTANT
PHP is deprecating the mysql
functions you must need to use mysqli
Why shouldn't I use mysql_* functions in PHP?
In your table change author_id to auto increment, No need to add it in INSERT query.
Try below change:
$date_added = date('Y-m-d');
$sql = "INSERT INTO massages (`date_added`, `title`, `content`) VALUES ( '$date_added', '$_POST[formTitle]', '$_POST[formContent]')";
mysql_query($sql);
As mentioned in the comments, you should avoid using the mysql_*
commands, however the problem is with the following line:
$sql = "INSERT INTO massages (author_id, date_added, title, content) VALUES ('$_POST[author_id]', '$_POST[date_added]', '$_POST[formTitle]', '$_POST[formContent]')";
In order to embed an array variable in string you have to surround it with braces, eg.
"{$_POST['author_id']}"
BUT you should not do this in your example as it would leave you wide open to a mysql injection attack. The old way of dealing with this is to escape each of posted variable using mysql_escape_string()
, but the better way of dealing with this is to use the PDO Data objects eg http://www.php.net/manual/en/pdostatement.bindvalue.php
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.