Inserting data from HTML form to MySQL using PHP causes an error

Question

I have a problem inserting comments to my Blog (PHP, MySQL, HTML, CSS). I have a database in MySQL with:

1. posts (id, category, title, body, author, tags, date),
2. comments (id, post_id, author, email, content, date),
3. categories (id, name)

I am not sure how to insert the post_id into the comments table. I tried many options and I get this message but I am not sure where I make a mistake. I don't have a line 137 but I know that the problem is somewhere in the insert query. Can someone help me figure it out?

Message:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 137

<?php include 'includes/header.php'; ?>
<?php
    $id = $_GET['id'];

    //Create DB Object
    $db = new Database();

    //Create Query
    $query = "SELECT * FROM posts WHERE id = ".$id;
    //Run Query
    $post = $db->select($query)->fetch_assoc();

    //Create Query
    $query = "SELECT * FROM categories";
    //Run Query
    $categories = $db->select($query);

    //add code  
    //Create Query
    $query = "SELECT * FROM comments WHERE post_id = ".$id;
    //Run Query
    $comments = $db->select($query);
        //test if the form is submitted
    if(isset($_POST['submit']))
    {
        //Assign Vars
        //$post_id  = mysqli_real_escape_string($db->link, $_POST['post_id']);
        //$post_id = $id;
        //if(!is_numeric($post_id))
        // die('invalid post id');
        $author = mysqli_real_escape_string($db->link, $_POST['author']);
        $email = mysqli_real_escape_string($db->link, $_POST['email']);
        $content = mysqli_real_escape_string($db->link, $_POST['content']); 

        //Simple Validation
        if($post_id == '' || $author == '' || $email == '' || $content == '')
        {
            //Set Error
            $error = 'Please fill out all required fields';
        } 
        else 
        {
            $query = "INSERT INTO comments (post_id, author, email, content) 
                VALUES('$post_id', '$author', '$email', '$content')";

            $insert_row = $db->insert($query);
        }

    }
?>
<!-- dodajemy kod-->
<div class="blog-post">
            <h2 class="blog-post-title"><?php echo $post['title']; ?></h2>
            <p class="blog-post-meta"><?php echo formatDate($post['date']); ?> by <a href="#"><?php echo $post['author']; ?></a></p>
                <?php echo $post['body']; ?>       
          </div><!-- /.blog-post -->
<!-- dodajemy kod-->

<?php if($comments) : ?>
<?php echo '<ol id="comments">'; ?>     
    <?php while($row = $comments->fetch_assoc()) : ?>
        <?php echo '<li id="comment-'.$row['id'].'">'; ?>
            <p><a href="#"><?php echo $row['author']; ?></a> - <?php echo formatDate($row['date']); ?> </p>
                <?php echo $row['content']; ?>
                    <?php echo '</li>'; ?>
    <?php endwhile; ?>    
 <?php echo '</ol>'; ?>    
<?php else : ?>
    <p>There are no comments yet</p>
<?php endif; ?> 
<br>
<form role="form" method="post" action="post.php">
  <div class="form-group">
    <label>Author</label>
    <input name="author" type="text" class="form-control" placeholder="Enter Author Name">
  </div>
  <div class="form-group">
    <label>Email</label>
    <input name="email" type="text" class="form-control" placeholder="Enter Email Adress">
  </div>
  <div class="form-group">
    <label>Content</label>
    <textarea name="content" class="form-control" placeholder="Enter Comment Content"></textarea>
  </div>
  <div class="form-group">
    <input type='hidden' name='post_id' id='post_id' value='<?php echo $id; ?>' />
  </div>
  <div>
    <input name="submit" type="submit" class="btn btn-default" value="Submit" />
    <a href="index.php" class="btn btn-default">Cancel</a>
  </div>
  <br>
</form>
<?php include 'includes/footer.php'; ?>

Answer 1

I found out that i needed to get and pass the id of the post in the action of the form:

action="post.php?id=<?php echo $_GET['id']; ?>"

    <?php include 'includes/header.php'; ?>
<?php
    $id = $_GET['id'];

    //Create DB Object
    $db = new Database();

    //Create Query
    $query = "SELECT * FROM posts WHERE id = ".$id;
    //Run Query
    $post = $db->select($query)->fetch_assoc();

    //Create Query
    $query = "SELECT * FROM categories";
    //Run Query
    $categories = $db->select($query);

    //add code  
    //Create Query
    $query = "SELECT * FROM comments WHERE post_id = ".$id;
    //Run Query
    $comments = $db->select($query);
        //test if the form is submitted
    if(isset($_POST['submit']))
    {
        //Assign Vars
        $post_id  = mysqli_real_escape_string($db->link, $_POST['post_id']);
        //$post_id = $_GET['id'];
        //if(!is_numeric($post_id))
        // die('invalid post id');
        $author = mysqli_real_escape_string($db->link, $_POST['author']);
        $email = mysqli_real_escape_string($db->link, $_POST['email']);
        $content = mysqli_real_escape_string($db->link, $_POST['content']); 

        //Simple Validation $post_id == '' || 
        if((!is_numeric($post_id))|| $author == '' || $email == '' || $content == '')
        {
            //Set Error
            $error = 'Please fill out all required fields';
        } 
        else 
        {
            $query = "INSERT INTO comments (post_id, author, email, content) 
                VALUES('$post_id', '$author', '$email', '$content')";

            $insert_row = $db->insert($query);
        }

    }
?>
<!-- dodajemy kod-->
<div class="blog-post">
            <h2 class="blog-post-title"><?php echo $post['title']; ?></h2>
            <p class="blog-post-meta"><?php echo formatDate($post['date']); ?> by <a href="#"><?php echo $post['author']; ?></a></p>
                <?php echo $post['body']; ?>       
          </div><!-- /.blog-post -->
<!-- dodajemy kod-->

<?php if($comments) : ?>
<?php echo '<ol id="comments">'; ?>     
    <?php while($row = $comments->fetch_assoc()) : ?>
        <?php echo '<li id="comment-'.$row['id'].'">'; ?>
            <p><a href="#"><?php echo $row['author']; ?></a> - <?php echo formatDate($row['date']); ?> </p>
                <?php echo $row['content']; ?>

                    <?php echo '</li>'; ?>
    <?php endwhile; ?>    
 <?php echo '</ol>'; ?>    
<?php else : ?>
    <p>There are no comments yet</p>
<?php endif; ?> 
<br>
<form role="form" method="post" action="post.php?id=<?php echo $id; ?>">
  <div class="form-group">
    <label>Author</label>
    <input name="author" type="text" class="form-control" placeholder="Enter Author Name">
  </div>
  <div class="form-group">
    <label>Email</label>
    <input name="email" type="text" class="form-control" placeholder="Enter Email Adress">
  </div>
  <div class="form-group">
    <label>Content</label>
    <textarea name="content" class="form-control" placeholder="Enter Comment Content"></textarea>
  </div>
  <div class="form-group">
    <input type='hidden' name='post_id' id='post_id' value='<?php echo $id; ?>' />
  </div>
  <div>
    <input name="submit" type="submit" class="btn btn-default" value="Submit" />
    <a href="index.php" class="btn btn-default">Cancel</a>
  </div>
  <br>
</form>
<?php include 'includes/footer.php'; ?>