1

I'm quite new in PHP and MySQL. I tried to make message board where user can post some message on wall and the every logged user can read it.

Now when someone add message doesn't write in table author_id and date_added. I need them when results are displayed.

Here is new.php

if(isset($_POST['formSubmit']))
{
    $errorMessage = "";

    if(empty($_POST['formTitle'])) 
    {
        $errorMessage .= "<li>Doesn't have title!</li>";
    }
    if(empty($_POST['formContent'])) 
    {
        $errorMessage .= "<li>The field for content is empty!</li>";
    }

    if(empty($errorMessage)) 
    {
        $db = mysql_connect("localhost","root","");
        if(!$db) die("Error connecting to MySQL database.");
        mysql_select_db("homework3" ,$db);

        $sql = "INSERT INTO massages (author_id, date_added, title, content) VALUES ('$_POST[author_id]', '$_POST[date_added]', '$_POST[formTitle]', '$_POST[formContent]')";
        mysql_query($sql);

        header("Location: index.php");
        exit();
    }
}

<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
<div><label for='formTitle'>Title<input type="text" name="formTitle" value=""   style="width: 350px;"></label></div></br>

<div><label for='formContent'>Content</div><textarea name="formContent" style="width: 344px; height: 100px;"></textarea>

<input type="submit" class="formbutton" name="formSubmit" value="Send"/>

</form>

Edit: I don't know if you need this but this is how I display massages:

$sql = 'SELECT username, msg_id, title, content, date_added FROM massages as m, users  as u WHERE author_id = user_id ORDER BY m.date_added DESC';

  $result = mysqli_query($link, $sql);
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
    $real_date = date('d.m.Y', $row['date_added']);
    echo '<table>
   <tr>
   <td>' . $row['msg_id'] . '. ' . $row['title'] . '</td>
   </tr>
   <tr>
     <td>' . $row['content'] . '</td>
   </tr>
   <tr>
<td>By<span style="color: #CC0033;">' . $row['username'] . '</span> on   <span style="color: #CC0033;">' . $real_date . '</span></td></br>
</tr>
</table>';
}

}

4

4 回答 4

2

当作者登录时,存储author_id在会话中。

$author_id=$_SESSION['username'];

然后存入数据库。

$sql = "INSERT INTO massages (author_id, date_added, title, content) VALUES ('$author_id', 'NOW()', '$_POST[formTitle]', '$_POST[formContent]')";

笔记

不要忘记在顶部开始会话

<?php
    session_start();
    // then your all code
于 2013-10-04T08:15:24.127 回答
1

在您的表中将 author_id 更改为自动递增,无需在 INSERT 查询中添加它。

尝试以下更改:

$date_added = date('Y-m-d');

$sql = "INSERT INTO massages (`date_added`, `title`, `content`) VALUES ( '$date_added', '$_POST[formTitle]', '$_POST[formContent]')";
mysql_query($sql);
于 2013-10-04T08:13:03.737 回答
1

您可以使用隐藏属性,即type = 'hidden'auther_id

例如在您的表格中

<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
<div><label for='formTitle'>Title<input type="text" name="formTitle" value=""   style="width: 350px;"></label></div></br>

<div><label for='formContent'>Content</div><textarea name="formContent" style="width: 344px; height: 100px;"></textarea>

<input type="hidden" name="author_id" value="<?php echo $_SESSION['what_ever']; ?>"/>
<input type="submit" class="formbutton" name="formSubmit" value="Send"/>

</form>

注意: <?php echo $_SESSION['what_ever']; ?>只是对您author_id可能如何的假设

对于date_added您可以直接在查询中创建添加,无需通过表单发布

$sql = "INSERT INTO massages (author_id, date_added, title, content) VALUES ('$_POST[author_id]', NOW(), '$_POST[formTitle]', '$_POST[formContent]')";

您还应该避免author_id通过邮寄方式发送,而是以这种方式添加

$auther_id = $_SESSION['username'];
$sql = "INSERT INTO massages (author_id, date_added, title, content) VALUES ('$auther_id', NOW(), '$_POST[formTitle]', '$_POST[formContent]')";

重要的

PHP 正在弃用mysql您必须使用的函数mysqli 为什么我不应该在 PHP 中使用 mysql_* 函数?

于 2013-10-04T08:11:19.910 回答
0

如评论中所述,您应该避免使用这些mysql_*命令,但是问题出在以下行:

$sql = "INSERT INTO massages (author_id, date_added, title, content) VALUES ('$_POST[author_id]', '$_POST[date_added]', '$_POST[formTitle]', '$_POST[formContent]')";

为了在字符串中嵌入数组变量,您必须用大括号将其括起来,例如。

"{$_POST['author_id']}"

但是你不应该在你的例子中这样做,因为它会让你对 mysql 注入攻击敞开大门。处理此问题的旧方法是使用 转义每个发布的变量mysql_escape_string(),但更好的处理方法是使用 PDO 数据对象,例如http://www.php.net/manual/en/pdostatement.bindvalue。 php

于 2013-10-04T08:17:50.070 回答