Overclock.net banner
Cancel

Comment Script

802 Views 2 Replies 2 Participants Last post by  Spazghost
thedarklordjay
hey anyone have a link to a really basic and simple php comment script tutorial, so i can place it under a news post in php, one that just has calls from a comment table in a mysql db, and matches to the id of the news post.
allowing for annonymous posts. I was going to build one the same way i did the news post, but it seemed to become too complicated
See less See more
Reply
Save
Like
1 - 3 of 3 Posts
thedarklordjay
Code:

Code: 
<?PHP
//display comments

$query = "SELECT id, news_id, name, comment FROM news_comments WHERE news_id = $newsid order by id desc";
$result = @mysql_query($query);

if ($result){
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
echo 'Name: '.$row['name'].'
comment: '.$row['comment'].'

';

 }
 }

?>
<?PHP
  //add comment
  if (isset($_POST['commentsub'])){

      include ('admin/connect.php');

      if (empty($_POST['name'])) {

      $name1 = "Guest";

      } else {

      $name1 = $_POST['name'];

      }

      if (empty($_POST['comment'])) {

      $comment1 = "none";

      } else {

      $comment1 = $_POST['comment'];

  }

  if ($name1 && $comment1){

      $query = "INSERT INTO news_comments (news_id, name, comment) VALUES ('$newsid', '$name1', '$comment1'";

      $result = @mysql_query($query);

      if ($result) {

      echo '

comment was added!

';

      }

      else {

      echo 'error submitting comment!';

      }
      }
      }

?>

  " method="post">
      Name:
      "/>

      Comment:
      <?php if(isset($_POST['comment'])) echo $_POST['comment']; ?>
I built this myself from scratch there, its displaying comments in the database, on the right page. But when i try to add one, im getting my own error as you can see above: "error submitting comment!"

But i cant see what ive done wrong. Any ideas would be very helpful

edit: $newsid is displayed above and is set as the $_GET['id'] from fullstory.php?id=64 for example, which is working fine
See less See more
Reply
Save
Like
Spazghost
A couple comment about your code that you posted above. You're exposing yourself to SQL injection attacks.

Your code:

Code:
Code: 
[CODE]
$newsid = $_GET['id'];
$query = "SELECT id, news_id, name, comment FROM news_comments WHERE news_id = $newsid order by id desc";
$result = @mysql_query($query);
[/CODE]
Change it to this:

Code:
Code: 
[CODE]
$newsid = $_GET['id'];
$query = sprintf("SELECT * FROM `news_comments` WHERE `news_id` = '%s' ORDER BY `id` DESC",
mysql_real_escape_string($newsid));
$result = mysql_query($query);
[/CODE]
If you don't know what SQL injection attacks are you can read about them here. You should always use methods of preventing SQL injection as someone could easily do something like drop your entire database, or worse, use it to get passwords and bypass authentication forms.

There are some other things I saw that might cause some problems for you.. such as:

Code:
Code: 
[CODE]
echo 'Name: '.$row['name'].'

    comment: '.$row['comment'].'

    ';
[/CODE]
Might want to change your ' and " usage to something like this:

Code:
Code: 
[CODE]
echo "Name: ".$row['name']."
";
echo "comment: ".$row['comment'];
echo "

";
[/CODE]
Not only is that easier to read, but it'll also display properly.

Edit:
I reread your code and the reason you're getting that logic error is because you're doing this:

Code:
Code: 
[CODE]
$result = @mysql_query($query);
if ($result) {
echo '

comment was added!

';
}
else {      
echo 'error submitting comment!';
}
[/CODE]
The error is because of your first if statement. You are trying to check for when $result equals TRUE, however, for SELECT, SHOW, DESCRIBE, EXPLAIN and other statments returning resultset, mysql_query() returns a resource on success, and FALSE on error. Therefore your query will never return TRUE, even when it works as intended.

You can fix this though by changing your code to this:

Code:
Code: 
[CODE]
$result = @mysql_query($query);
if (!$result) {
echo 'error submitting comment!';
}
else {
echo '

comment was added!

'; 
}
[/CODE]
You can also do:

Code:
Code: 
[CODE]
if(mysql_num_rows($result) > 0)
[/CODE]
to check for successful queries...
See less See more
Reply
Save
Like
1 - 3 of 3 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.
Overclock.net
A forum community dedicated to overclocking enthusiasts and testing the limits of computing. Come join the discussion about computing, builds, collections, displays, models, styles, scales, specifications, reviews, accessories, classifieds, and more!
Full Forum Listing
Explore Our Forums
Hardware News Intel CPUs PC Gaming NVIDIA Water Cooling
Top