CODEWITHSUNDEEP
phpforum
Geeoon Chung
Geeoon Chung

Reputation: 67

PHP Forum Not Writing Data to Database

The code that I am showing seems to stop working at $tid=mss
This is why I think my function called mss at the beginning is not working.
When the script is ran on my website, it acts like nothing ever happened and goes back to the topic you were viewing. Sorry for the short explanation, I don't know what is going on so there is nothing i can say. Please comment on this if you need any questions.

Reply.php

  <?php
    require('connect.php');
    function mss($value) {
        return mysqli_real_escape_string(trim(strip_tags($connect, $value)));
    }
if(!$_POST['submit']) {
    echo "Invalid usage of the file!  Hmm, maybe you should try sql injection.";
} else {
    $tid = mss ($_GET['id']);
    $msg = mss ($_POST['reply']);

    if(!$tid) {
        echo "Hmm, I dont know how that you would reply to no topic but still expect it to work.";
    } else {
        $sql = "SELECT * FROM forum_topics WHERE id='".$tid."'";
        $res = mysqli_query($connect, $sql) or die (mysqli_error());
        if(mysqli_num_rows($res) == 0) {
            echo "Wat r u doin m7, you tryin to rply to a topic that doesn't exist.";
        } else {
            $row = mysqli_fetch_assoc($res);
            if(!$msg) {
                echo "You did not give a reply.";
            } else {
                if(strlen($msg) < 5 || strlen($msg) > 10000) {
                    echo "<font color='red'>Your reply must be between 5 and 10000 characters!</font>";
                } else {
                    $date = date("m-d-y") . " at " . date("h:i:s");
                    $time = time();
                    $sql3 = "INSERT INTO forum_replies (id, tid, uid, message, date, time) VALUES (default, '".$tid."','".$_SESSION['uid']."', '".$msg."', '".$date."', '".$time."')";
                    $res3 = mysqli_query($connect, $sql3) or die (mysqli_error());
                    header("Location: topics.php?id='.$tid'");
                }
            }
        }
    }
}

?>

EDITS: Updated Code

Connect.php

<?php
    $host="localhost";//hostname
    $username="********";//username
    $password="********";//database password
    $db_name="forum";//database name

    $connect = mysqli_connect($host, $username, $password, $db_name) or die ("<font color='red'>Unable to connect to MySQL!  Contact an admin.</font>");
?>

Upvotes: 0

Views: 53

Answers (1)

Andrew
Andrew

Reputation: 1324

The function mysqli_real_escape_string() requires a mysqli connection to be passed as the first parameter. Example usage would be mysqli_real_escape_string($db_link, $value) that $db_link variable is probably set in your connect.php file and is set by a call to mysqli_connect().

Upvotes: 1

Related Questions