Home/ Questions/Q 6807827
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T19:52:47+00:00

I’m pretty new to php, and for that matter server scripting in general (so

  • 0

I’m pretty new to php, and for that matter server scripting in general (so go easy on me)
But regardless of that I managed to create this, the first half of a comment system:

<html>
<body>
<form name="Comment" action="InsertComment.php" method="POST">
Name: <input type="text" name="name" /><br>
Comment: <br><textarea style="height: 100px; width: 600px;" name="comment"></textarea><br>
<input id="Special_ID" name="id" value="<?php $unixtime = time(); echo $unixtime; ?>">
<!--^Gathers a unique id^-->
<input type="submit" />
</form>
</body>
</html>

Once submitted –>

<?php
$con = mysql_connect("Blaa", "Blaa", "Blaa");
if(!$con) {
die('Could not connect ' . mysql_error());
}
sql_select_db("Comments", $con);
$sql = "INSERT INTO Posts (Name, Comment, ID)
VALUES('$_POST[name]', '$_POST[comment]', '$_POST[id]')";
?>

This is exactly what I wanted, a user puts in their name, a comment, and a unique post id (time stamp) is generated, then it is all sent to mysql.

But now I’m dumb found as to how I can post this to another page..
I assumed something like:

if(ID == [the id of that post]) {
//$_GET the mysql stuff
//Post inside a specially made div or something
}

Along the lines of that, but I have no clue how to put that into practise :/
Any ideas?
Oh and Please don’t suggest an echo type post, I’ve done that and it’s not at all what I want.

**Also this is just the basic code, I don’t need suggestions on how to touch it up just yet, also errors in this is only due to my sleep deprivation, the code does work.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As @Marc B has said, you’ll first want to fix your SQL injection holes using mysql_real_escape_string. Change your insert statement to

    $sql = "INSERT INTO Posts (Name, Comment, ID)
        VALUES('" . mysql_real_escape_string($_POST['name']) . "', '" . mysql_real_escape_string($_POST['comment']) . "', '" . mysql_real_escape_string($_POST['id']) . "')";

    To display your comment, try this

    $sql = "SELECT Name, Comment, ID
        FROM Posts
        WHERE ID = '" . mysql_real_escape_string($_GET['PostID']) . "'";
$query = mysql_query($sql);

echo "<div id=\"comments_container\">";
while ($row = mysql_fetch_assoc($query))
{
    echo "<div class=\"comment\">";
    echo "<div class=\"name\">" . $row['Name'] . "</div>";
    echo "<div class=\"comment_body\">" . $row['Comment'] . "</div>";
    echo "</div>"
}
echo "</div>";

    Then CSS style your DIVs using IDs and classes.

    • 0