Home/ Questions/Q 7927021
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T19:05:32+00:00

Please help me with this issue in my script. At the point of the

  • 0

Please help me with this issue in my script. At the point of the INSERT query $article_id returns 0, while actually it is a value that is not 0 (1, 2, 3).

I have tried to echo out $article_id at various points of the code and it actually echoed out what i wanted. But once i tried to echo it after the
isset($_POST['submit']) it does not echo out anything.

I have also checked the type i declared in the MySQL table….int. But still insert 0 into the database.

Please where could the problem be?

Thank you for your time and patience.

$page_name = 'about'; 
$id = "";
if (isset($_GET['id'])) 
{
    $id = $_GET['id'];  
    $past1 = mysql_query("SELECT *
                          FROM about
                          WHERE about_id =  '".$id."' "); 
    $row = mysql_fetch_array($past1);

    echo "<p>" .$row['about_head']."</p>";      
    echo   $row['about_content'];  

    $article_id = $row['about_id'] ;  

    $query6 = mysql_query("SELECT c.comment_body, c.comment_date
                           FROM comment AS c
                           INNER JOIN about AS ac ON c.article_id = ac.about_id
                           WHERE   c.article_id =  '".$article_id."'
                           AND page_name = '".page_name."'");

   while ($comment = mysql_fetch_assoc($query6)) 
   {
       echo "<b>Comment:</b> " . $comment['comment_body'] . "<br/>" ;           
       echo "<b>Date of Comment:</b> " . $comment['comment_date'];
       echo "<br/>" ;      
       echo "</div>";  

    }   
}                                          

if (isset($_POST['submit'])) 
{      
    $comment_body = mysql_real_escape_string($_POST['comment_body']);
    if (($comment_body == "")  
    {
        echo "<div class=\"error\" >" ;  
        echo "One/More Empty Field"; 
        echo "</div>";   

    } 
    else 
    { 
        $query = "INSERT INTO comment (comment_id, article_id, username, page_name,
                                       comment_body, comment_date)              
                  VALUES (NULL, '".$article_id."', '".$_SESSION['logged_username']."',
                          '".$page_name."', '".$comment_body."', NOW())";
        mysql_query($query);          

    } 
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The 0 you see is actually a PHP NULL for an uninitialized variable being represented as a 0 when cast as a string in your SQL.

    Assuming you retrieve the $_GET['id'] on the first load, and do the POST on another page load, $article_id is only initialized the first time. It won’t be populated unless $_GET['id'] is set. So, store it in $_SESSION on the first load and access it from there when processing the POST.

     // Inside if (isset($_GET['id']))...
 // article_id is retrieved and populated from the first SELECT statement...
 $article_id = $row['about_id'] ;
 // Store it in $_SESSION  (assume session_start() was called somewhere we don't see)
 $_SESSION['article_id'] = $article_id;

    Later in your query, get it from $_SESSION:

     $query = "INSERT INTO comment (comment_id, article_id, username, page_name,
                                   comment_body, comment_date)              
              VALUES (NULL, '".$_SESSION['article_id']."', '".$_SESSION['logged_username']."',
                      '".$page_name."', '".$comment_body."', NOW())";

    According to the comments, you already seem to be aware of the SQL injection vulnerabilities. Be sure not to overlook those. It’s important to code against them as you go, rather than trying to return later and fill in the appropriate escaping and bounds-checking.

    • 0