Click here to Skip to main content
15,667,864 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
I am making a PHP and SQL blog. Here is the code for the admin page:

<!DOCTYPE html>
        <form action = "poster.php" method = "POST">
<textarea name = "hertext"></textarea>
<input type = "submit" value = "post">
        </form>   </body>

This is where the user makes the blog post.
Here is poster.php:
$link = mysqli_connect("Localhost","username for database","password for database","name for database");
$hertext = $_POST["hertext"];    

  $test = "INSERT INTO input (id, herpost)
   VALUES (2, '<br>$hertext')";
    $resulter = mysqli_query($link, $test);  


   $sql = 'SELECT herpost FROM input';
  $result = mysqli_query($link, $sql);
  $text = mysqli_fetch_all($result);

<h1>My test blog</h1>
    border: 3px solid black;
     <p><?php foreach ($text as $texts) { echo implode(',', $text); }?></p>

It outputs all blog posts inside of a CSS border. How do I add a CSS border to each new post instead of over the whole thing?

What I have tried:

I don't really know what to try.
Updated 13-Oct-20 23:18pm
Richard Deeming 14-Oct-20 5:16am    
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]
Landon Soo Hoo 14-Oct-20 12:04pm    
How would I fix the SQL injection vulnerable?

1 solution

Start by fixing the SQL Injection[^] vulnerability in your code.

Then change your output code to display each post within its own styled element, rather than putting everything within a single <p> tag.
<style> {
    border: 3px solid black;

<?php foreach ($text as $texts) {
    echo '<article class="post">';
    echo implode(',', $text);
    echo '</article>';
Share this answer

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900