Comments box

PHP Code:

<?php mysql_connect("localhost", "****", "****") or die('could not connect to database'); mysql_select_db("****") or die('Could not select database'); if (isset ($_POST['submit'])) { $comment = mysql_escape_string (trim ($_POST['comment'])); $sql = mysql_query ("INSERT INTO comments (id,comments) VALUES ('0','".$comment."')"); echo 'Your comment has been entered successfully!'; } else { // POST data wasnt entered, so display the comments and comment form // view comments from database $sql = mysql_query ("SELECT * FROM comments"); while ($row = mysql_fetch_array ($sql)) { echo $row['comments'].' '; } echo ' <form action="comments.php" method="post"> Comments: <textarea name="comment" cols="40" rows="7"></textarea> </form>'; ?>

I'm trying to set up a comments box on the members section of my website.
2 things-
1- is mysql_escape_string good enough secourity to prevent sql attacks.
2- when i run the script this error comes up

Parse error: syntax error, unexpected T_STRING in /home1/keyboard/public_html/Canberra Amatuer Productions/comments.php on line 6

Any help would be appreciated

You're missing a quote at

Quote:

die('Could not select database);

.

Should be

PHP Code:

die('Could not select database');

The escaping should be good to prevent sql injections.

I fixed that up but now it comes up with this error

Parse error: syntax error, unexpected $end in /home1/keyboard/public_html/Canberra Amatuer Productions/comments.php on line 29

Doesn't that mean there is an unclosed {} section?

That's correct, sorry I missed the missing } after the while before.

PHP Code:

else { // POST data wasnt entered, so display the comments and comment form // view comments from database $sql = mysql_query ("SELECT * FROM comments"); while ($row = mysql_fetch_array ($sql)) { echo $row['comments'].' '; }// this closes the loop echo ' <form action="comments.php" method="post"> Comments: <textarea name="comment" cols="40" rows="7"></textarea> </form>'; } // this closes the else ?>

PHP Code:

<?php mysql_connect("localhost", "****", "****") or die('could not connect to database'); mysql_select_db("****") or die('Could not select database'); if (isset ($_POST['submit'])) { $comment = mysql_escape_string (trim ($_POST['comment'])); $sql = mysql_query ("INSERT INTO comments (id,comments) VALUES ('0','".$comment."')"); echo 'Your comment has been entered successfully!'; } else { // POST data wasnt entered, so display the comments and comment form // view comments from database $sql = mysql_query ("SELECT * FROM comments"); while ($row = mysql_fetch_array ($sql)) { echo $row['comments'].' '; } echo ' <form action="comments.php" method="post"> Comments: <textarea name="comment" cols="40" rows="7"></textarea> <input type="submit" value="Submit"> </form>'; } ?>

I put a submit button in and I filled in the comments text box and cliked submit but nothing happened. I checked the sql database and nothing had been inserted. Any help please?

PHP Code:

<input type="submit" value="Submit" name="submit">

http://php.net/manual/en/reserved.variables.post.php

Your POST will never get the value unless you give the input a name.

Thanks so much. I have a working comments box. Now i'm going to try putting some other things in their to. I would like the comments to be displayed with a line in between each of them. I think the code is /r/n but I'm not sure where to put it. any help would be great.

Change your $comment (line 5?) to this

PHP Code:

$comment = nl2br(mysql_escape_string (trim ($_POST['comment'])));

Could you please explain to me how this works

The ASCII code to break lines is \n. It may not look like it, but every line break in any string has an \n at the end of it.

So for example:
Hello, world!
Line 1
Line 2
Line 3

Line 5

Actually looks like:
Hello, world!\n
Line 1\n
Line 2\n
Line 3\n
\n
Line 5\n

The function nl2br() converts \n into the HTML tag, or 
The second argument in the function is a boolean value (true or false) of whether the standard is XHTML or not. XHTML uses , while HTML > 4.01 uses .
http://php.net/nl2br

I changed the code but the comments are still displaying like this

Comment1
Comment2
Comment3
Comment4
Comment5

when I would like them to display like this

Comment1

Comment2

Comment3

Comment4

Comment5

Any help would be great

OO opss, trim takes out line breaks as well. Try it like this

PHP Code:

$comment = mysql_escape_string (trim (nl2br($_POST['comment'])));

Thankyou, it all works now. I also added in an extra feature so that it puts their username before their post. I have a question. Can you use tags inside php code?

You can use any html in PHP you just need to enclose it correctly. PHP generates the code (HTML, css, js, etc.) you want. So for example say you wanted your comments bold...

PHP Code:

$comment = mysql_escape_string ( '' . trim (nl2br($_POST['comment'])) . '' );

Thanks Blue Walrus, One question, why do you have to put in the dots?

Also if I wanted to make $username bold how would I put in the tags into this code

PHP Code:

$cheese = "$username - $comment ";

The periods concatenates it together.

I think this should do it...

PHP Code:

$cheese = "$username - $comment ";

Thanks you blue walrus. I added in the bold tags but it is making the entire thing bold not just $username

And one other question. When you enter a new comment into the box it is displayed right down the bottom of all the comments. Is their a way to make the newest comment display at the top? Thankyou everyone, for all your help.

Oou, and one more,

PHP Code:

$sql = mysql_query ("INSERT INTO comments (id,comments,date,ip) VALUES ('0','".$cheese."','".$date."','$_SERVER['REMOTE_ADDR']';

it's causing this error

( ! ) Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\Documents and Settings\Owner\Desktop\canberra amatuer productions\www\Canberra Amatuer Productions\echo time.php on line 59

You need to end the statement

PHP Code:

$sql = mysql_query ("INSERT INTO comments (id,comments,date,ip) VALUES ('0','".$cheese."','".$date."','" . $_SERVER['REMOTE_ADDR']"')";

order the comments by the date descending

Quote:

order by date desc

I'd need to see the html output to tell you what is wrong with the bold username.

Somewhere on this page its coming up with this error

( ! ) Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in C:\Documents and Settings\Owner\Desktop\canberra amatuer productions\www\Canberra Amatuer Productions\echo time.php on line 59

PHP Code:

<?php mysql_connect("localhost", "****", "****") or die(mysql_error()); mysql_select_db("****") or die(mysql_error()); if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { header("Location: login.php"); } else { } } } else { header("Location: login.php"); } $links = "link2.php"; ?> <?php if (isset ($_POST['submit'])) { $comment = mysql_escape_string ( '' . trim (nl2br($_POST['comment'])) . '' ); $quantity = $_POST['quantity']; $item = $_POST['item']; $cheese = "$username - $comment "; $sql = mysql_query ("INSERT INTO comments (id,comments,date,ip) VALUES ('0','".$cheese."','".$date."','" . $_SERVER['REMOTE_ADDR']"')"; echo 'Your comment has been entered successfully!'; echo '<a href="echo time.php">Please click here</a>'; } else { ?> <html> <head> <body style="background-color:lightgreen"> </head> <body> <?php include("$links"); echo "Hey ".$username; ?> COMMENTS <?php // POST data wasnt entered, so display the comments and comment form // view comments from database $sql = mysql_query ("SELECT * FROM comments") or die(mysql_error());; while ($row = mysql_fetch_array ($sql)) { echo $row['comments'].' '; } echo ' <form action="echo time.php" method="post"> Comments: <textarea name="comment" cols="40" rows="7"></textarea> <input type="submit" value="Submit" name="submit"> </form>'; } ?> </body> </html>

I'm pretty sure it's on this line of code

PHP Code:

("INSERT INTO comments (id,comments,date,ip) VALUES ('0','".$cheese."','".$date."','" . $_SERVER['REMOTE_ADDR']"')";

But not 100% sure.

How do I organise the comments by date?

This is the comments box which is making the entire line bold

PHP Code:

</body> </html>Hey ---- COMMENTS ---- - ---- ---- - ---- ---- - ---- <form action="member.php" method="post"> Comments: <textarea name="comment" cols="40" rows="7"></textarea> <input type="submit" value="Submit" name="submit"> </form></body> </html>

That's the html output

Quote:

Originally Posted by keyboard1333

Somewhere on this page its coming up with this error

( ! ) Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in C:\Documents and Settings\Owner\Desktop\canberra amatuer productions\www\Canberra Amatuer Productions\echo time.php on line 59

I'm pretty sure it's on this line of code

PHP Code:

("INSERT INTO comments (id,comments,date,ip) VALUES ('0','".$cheese."','".$date."','" . $_SERVER['REMOTE_ADDR']"')";

But not 100% sure.

Yes, it is. You didn't close the function with a ")" (I know, it can get confusing sometimes if you have multiple parentheses/brackets/curly brackets).

PHP Code:

mysql_query("INSERT INTO comments (id,comments,date,ip) VALUES ('0','".$cheese."','".$date."','" . $_SERVER['REMOTE_ADDR']"')");

Quote:

Originally Posted by keyboard1333

How do I organise the comments by date?

Use the ORDER BY in your SQL selection query. For example:

Code:

SELECT * FROM `comments` WHERE id = 1 ORDER BY date DESC

You can change DESC (descending order) to ASC (ascending order).

Quote:

Originally Posted by keyboard1333

This is the comments box which is making the entire line bold

PHP Code:

</body> </html>Hey ---- COMMENTS ---- - ---- ---- - ---- ---- - ---- <form action="member.php" method="post"> Comments: <textarea name="comment" cols="40" rows="7"></textarea> <input type="submit" value="Submit" name="submit"> </form></body> </html>

That's the html output

You already ended your <body> and <html> tags. Legally, you're not supposed to write any HTML after that. You also did this earlier in your code.

Try this:

PHP Code:

<?php mysql_connect("localhost", "****", "****") or die(mysql_error()); mysql_select_db("****") or die(mysql_error()); if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { header("Location: login.php"); } else { } } } else { header("Location: login.php"); } $links = "link2.php"; if (isset ($_POST['submit'])) { $comment = mysql_escape_string ( '' . trim (nl2br($_POST['comment'])) . '' ); $quantity = $_POST['quantity']; $item = $_POST['item']; $cheese = "$username - $comment "; $sql = mysql_query ("INSERT INTO comments (id,comments,date,ip) VALUES ('0','".$cheese."','".$date."','" . $_SERVER['REMOTE_ADDR']"')"; echo 'Your comment has been entered successfully!'; echo '<a href="echo time.php">Please click here</a>'; } else { ?> <html> <head> </head> <body style="background-color:lightgreen"> <?php include("$links"); echo "Hey ".$username; ?> COMMENTS <?php // POST data wasnt entered, so display the comments and comment form // view comments from database $sql = mysql_query ("SELECT * FROM comments") or die(mysql_error());; while ($row = mysql_fetch_array ($sql)) { echo $row['comments'].' '; } echo ' <form action="echo time.php" method="post"> Comments: <textarea name="comment" cols="40" rows="7"></textarea> <input type="submit" value="Submit" name="submit"> </form>'; } ?> </body> </html>

Also, not to be picky, but I should mention that you need a doctype. From the looks of it, you're using XHTML standards.

Add this to the very beginning of your HTML code:

Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">

I've got multiple </body> </html> because i'm using php include and the page i'm including has the tags on it. I'll fix that up. Also, thanks for the doctype.

No problem, and regardless of how many includes you have, your final output should be valid HTML, or you may experience display problems.

I just changed the bit which is like this

PHP Code:

// POST data wasnt entered, so display the comments and comment form // view comments from database $sql = mysql_query ("SELECT * FROM comments") or die(mysql_error());; while ($row = mysql_fetch_array ($sql)) { echo $row['comments'].' ';

to this

PHP Code:

// POST data wasnt entered, so display the comments and comment form // view comments from database $sql = mysql_query ("SELECT * FROM `comments` WHERE id = 1 ORDER BY date DESC") or die(mysql_error());; while ($row = mysql_fetch_array ($sql)) { echo $row['comments'].' ';

I don't think I did it right because when I ran the edited code the comments didn't show.

Quote:

Try this:

PHP Code:

<?php mysql_connect("localhost", "****", "****") or die(mysql_error()); mysql_select_db("****") or die(mysql_error()); if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { header("Location: login.php"); } else { } } } else { header("Location: login.php"); } $links = "link2.php"; if (isset ($_POST['submit'])) { $comment = mysql_escape_string ( '' . trim (nl2br($_POST['comment'])) . '' ); $quantity = $_POST['quantity']; $item = $_POST['item']; $cheese = "$username - $comment "; $sql = mysql_query ("INSERT INTO comments (id,comments,date,ip) VALUES ('0','".$cheese."','".$date."','" . $_SERVER['REMOTE_ADDR']"')"; echo 'Your comment has been entered successfully!'; echo '<a href="echo time.php">Please click here</a>'; } else { ?> <html> <head> </head> <body style="background-color:lightgreen"> <?php include("$links"); echo "Hey ".$username; ?> COMMENTS <?php // POST data wasnt entered, so display the comments and comment form // view comments from database $sql = mysql_query ("SELECT * FROM comments") or die(mysql_error());; while ($row = mysql_fetch_array ($sql)) { echo $row['comments'].' '; } echo ' <form action="echo time.php" method="post"> Comments: <textarea name="comment" cols="40" rows="7"></textarea> <input type="submit" value="Submit" name="submit"> </form>'; } ?> </body> </html>

Just tried it and it ran this error

( ! ) Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in C:\Documents and Settings\Owner\Desktop\canberra amatuer productions\www\Canberra Amatuer Productions\member.php on line 51

The comment is now not displaying in bold while their name is, so that's all working. However, now the comments are not displaing with a line inbetween each. I think I might have accidentally changed something. Here is the full code.

PHP Code:

<?php mysql_connect("localhost", "****", "****") or die(mysql_error()); mysql_select_db("****") or die(mysql_error()); if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { header("Location: login.php"); } else { $links = "link2.php"; } } } else { header("Location: login.php"); } ?> <?php if (isset ($_POST['submit'])) { $comment = mysql_escape_string (trim (nl2br($_POST['comment']))); $quantity = $_POST['quantity']; $item = $_POST['item']; $cheese = "$username - $comment "; $sql = mysql_query ("INSERT INTO comments (id,comments) VALUES ('0','".$cheese."')"); echo '<center>Your comment has been entered successfully!</center>'; echo '<center><a href="member.php"> Please click here</a></center>'; } else { ?> <html> <head> <body style="background-color:lightgreen"> </head> <body> <?php include("$links"); echo "Hey ".$username; ?> COMMENTS <?php // POST data wasnt entered, so display the comments and comment form // view comments from database $sql = mysql_query ("SELECT * FROM comments") or die(mysql_error());; while ($row = mysql_fetch_array ($sql)) { echo $row['comments'].' '; } echo ' <form action="member.php" method="post"> Comments: <textarea name="comment" cols="40" rows="7"></textarea> <input type="submit" value="Submit" name="submit"> </form>'; } ?> </body> </html>

I also have a question. When you use php echo to write something on the page the rest of the page dissapears like in this bit of code

PHP Code:

echo '<center>Your comment has been entered successfully!</center>'; echo '<center><a href="member.php"> Please click here</a></center>';

What I was wondering, is their a way to keep the background light green while still replacing all of the old content?

Quote:

Originally Posted by keyboard1333

Just tried it and it ran this error

( ! ) Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in C:\Documents and Settings\Owner\Desktop\canberra amatuer productions\www\Canberra Amatuer Productions\member.php on line 51

You didn't modify the code with the piece I gave you, which is why you're still receiving that syntax error.

Use this:

PHP Code:

mysql_query("INSERT INTO comments (id,comments,date,ip) VALUES ('0','".$cheese."','".$date."','" . $_SERVER['REMOTE_ADDR']"')");

Quote:

However, now the comments are not displaing with a line inbetween each. I think I might have accidentally changed something

I didn't find any code that formats the output of the comments... only the comments that were input into the database.

This should work for separating spaces though:

PHP Code:

// POST data wasnt entered, so display the comments and comment form // view comments from database $sql = mysql_query ("SELECT * FROM comments") or die(mysql_error());; while ($row = mysql_fetch_array ($sql)) { echo str_replace("\n", " ", $row['comments']).' '; }

Quote:

I also have a question. When you use php echo to write something on the page the rest of the page dissapears like in this bit of code

What disappears?

Quote:

What I was wondering, is their a way to keep the background light green while still replacing all of the old content?

The reason that your background is no longer light green is because you defined that in the <body> tag, which you closed. Then you opened a new <body> tag with no background definition. You cannot have multiple <body>, <head> or <html> tags. Also, <body> cannot be in the <head> tags.

Try replacing this:

Code:

<html> <head> <body style="background-color:lightgreen"> </head> <body>

With this:

Code:

<html> <head> </head> <body style="background-color:lightgreen">

Hope this helps.

I think I changed the right bit

PHP Code:

<?php mysql_connect("localhost", "root", "") or die(mysql_error()); mysql_select_db("keyboard_test") or die(mysql_error()); if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { header("Location: login.php"); } else { } } } else { header("Location: login.php"); } $links = "link2.php"; ?> <?php if (isset ($_POST['submit'])) { $comment = mysql_escape_string ( '' . trim (nl2br($_POST['comment'])) . '' ); $quantity = $_POST['quantity']; $item = $_POST['item']; $cheese = "$username $comment "; $sql = mysql_query ("INSERT INTO comments (id,comments,date,ip) VALUES ('0','".$cheese."','".$date."','" . $_SERVER['REMOTE_ADDR']"')"); echo 'Your comment has been entered successfully!'; echo '<a href="echo time.php">Please click here</a>'; } else { ?> <html> <head> <body style="background-color:lightgreen"> </head> <body> <?php include("$links"); echo "Hey ".$username; ?> COMMENTS <?php // POST data wasnt entered, so display the comments and comment form // view comments from database $sql = mysql_query ("SELECT * FROM comments") or die(mysql_error());; while ($row = mysql_fetch_array ($sql)) { echo $row['comments'].' '; } echo ' <form action="echo time.php" method="post"> Comments: <textarea name="comment" cols="40" rows="7"></textarea> <input type="submit" value="Submit" name="submit"> </form>'; } ?> </body> </html>

but it's still coming up with the same error

( ! ) Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in C:\Documents and Settings\Owner\Desktop\canberra amatuer productions\www\Canberra Amatuer Productions\echo time.php on line 58

I changed one of the bits of code

PHP Code:

$cheese = "$username $comment ";

So that it displays their name then on the next line their comment. Like this

Name
Their comment
Name
Their comment
Name
Their comment
Name
Their comment

When I would like it to look like this

Name
Their comment

Name
Their comment

Name
Their comment

Name
Their comment

Any help?

Quote:

Originally Posted by keyboard1333

I think I changed the right bit

but it's still coming up with the same error

( ! ) Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in C:\Documents and Settings\Owner\Desktop\canberra amatuer productions\www\Canberra Amatuer Productions\echo time.php on line 58

This time you had a period missing in that same line of code.

Use this:

PHP Code:

<?php mysql_connect("localhost", "root", "") or die(mysql_error()); mysql_select_db("keyboard_test") or die(mysql_error()); if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { header("Location: login.php"); } else { } } } else { header("Location: login.php"); } $links = "link2.php"; ?> <?php if (isset ($_POST['submit'])) { $comment = mysql_escape_string ( '' . trim (nl2br($_POST['comment'])) . '' ); $quantity = $_POST['quantity']; $item = $_POST['item']; $cheese = "$username $comment "; $sql = mysql_query ("INSERT INTO comments (id,comments,date,ip) VALUES ('0','".$cheese."','".$date."','" . $_SERVER['REMOTE_ADDR']."')"); echo 'Your comment has been entered successfully!'; echo '<a href="echo time.php">Please click here</a>'; } else { ?> <html> <head> <body style="background-color:lightgreen"> </head> <body> <?php include("$links"); echo "Hey ".$username; ?> COMMENTS <?php // POST data wasnt entered, so display the comments and comment form // view comments from database $sql = mysql_query ("SELECT * FROM comments") or die(mysql_error());; while ($row = mysql_fetch_array ($sql)) { echo $row['comments'].' '; } echo ' <form action="echo time.php" method="post"> Comments: <textarea name="comment" cols="40" rows="7"></textarea> <input type="submit" value="Submit" name="submit"> </form>'; } ?> </body> </html>

Quote:

Originally Posted by keyboard1333

I changed one of the bits of code

PHP Code:

$cheese = "$username $comment ";

So that it displays their name then on the next line their comment. Like this

Name
Their comment
Name
Their comment
Name
Their comment
Name
Their comment

When I would like it to look like this

Name
Their comment

Name
Their comment

Name
Their comment

Name
Their comment

Any help?

Can't you just add another line-breaker tag?

PHP Code:

$cheese = "$username $comment ";

That should work for you.

Yep, that all works now. Thanks for all the help.

I ran the code and into the date column it inserted this

2007-08-11

PHP Code:

$date = date("d/m/y");

That's what it should be inserting but the date is wrong. it should be 08/08/2011.
Any help?

What do you mean by inserting? Inserting into MySQL? YYYY-MM-DD is the typical date format for a field that has the type set to DATE.

If that's the case, try changing it to VARCHAR or TEXT or something. You could also insert the date in UNIX time using BIGINT, which is actually a more elegant solution.

How do I use unix time?

http://php.net/time

UNIX time is the number of seconds since the beginning of the UNIX epoch (January 1st, 1970 at midnight Greenwich time).

The time() function returns the time in UNIX time. Store that large number in a BIGINT column in MySQL and when you go to fetch the date, you can convert it with the date() function.

Let's suppose you have the number 1312848370. That is the UNIX time for August 8th, 2011 8:06:24 PM EST. The second argument of the date() function accepts a UNIX timestamp and converts it into a string format.

For example, the following would return 08/08/11

PHP Code:

echo date("d/m/y", 1312848370);

For more information, see:
http://php.net/time
http://php.net/date

I should write programming tutorials for a living. ;)

From what I

have seen you would be very good at it.

You explain things quite well

Bud