Click here to Skip to main content
15,037,662 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
I am making a PHP and SQL blog. Here is the code for the admin page:

<!DOCTYPE html>
        <form action = "poster.php" method = "POST">
<textarea name = "hertext"></textarea>
<input type = "submit" value = "post">
        </form>   </body>

This is where the user makes the blog post.
Here is poster.php:
$link = mysqli_connect("Localhost","username for database","password for database","name for database");
$hertext = $_POST["hertext"];    

  $test = "INSERT INTO input (id, herpost)
   VALUES (2, '<br>$hertext')";
    $resulter = mysqli_query($link, $test);  


   $sql = 'SELECT herpost FROM input';
  $result = mysqli_query($link, $sql);
  $text = mysqli_fetch_all($result);

<h1>My test blog</h1>
    border: 3px solid black;
     <p><?php foreach ($text as $texts) { echo implode(',', $text); }?></p>

It outputs all blog posts inside of a CSS border. How do I add a CSS border to each new post instead of over the whole thing?

What I have tried:

I don't really know what to try.
Updated 13-Oct-20 23:18pm
Richard Deeming 14-Oct-20 5:16am
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]
Landon Soo Hoo 14-Oct-20 12:04pm
How would I fix the SQL injection vulnerable?

1 solution

Start by fixing the SQL Injection[^] vulnerability in your code.

Then change your output code to display each post within its own styled element, rather than putting everything within a single <p> tag.
<style> {
    border: 3px solid black;

<?php foreach ($text as $texts) {
    echo '<article class="post">';
    echo implode(',', $text);
    echo '</article>';

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900