Click here to Skip to main content
15,037,662 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
I am making a PHP and SQL blog. Here is the code for the admin page:

<!DOCTYPE html>
<html>
    <body>
        <form action = "poster.php" method = "POST">
<textarea name = "hertext"></textarea>
<input type = "submit" value = "post">
        </form>   </body>
</html>


This is where the user makes the blog post.
Here is poster.php:
<?php
$link = mysqli_connect("Localhost","username for database","password for database","name for database");
if($_SERVER['REQUEST_METHOD'] == 'POST'){
$hertext = $_POST["hertext"];    

  $test = "INSERT INTO input (id, herpost)
   VALUES (2, '<br>$hertext')";
    $resulter = mysqli_query($link, $test);  
   

}


   $sql = 'SELECT herpost FROM input';
  $result = mysqli_query($link, $sql);
  $text = mysqli_fetch_all($result);

 ?>
<html>
    <head>
      <style>
          body{
    text-align:center;
             
             
          }
      </style>  
    </head>
    <body>
<h1>My test blog</h1>
<style>
    p{
    border: 3px solid black;
    }
</style>
<br>
     <p><?php foreach ($text as $texts) { echo implode(',', $text); }?></p>
     
    </body>
</html>

It outputs all blog posts inside of a CSS border. How do I add a CSS border to each new post instead of over the whole thing?

What I have tried:

I don't really know what to try.
Posted
Updated 13-Oct-20 23:18pm
v2
Comments
Richard Deeming 14-Oct-20 5:16am
   
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]
Landon Soo Hoo 14-Oct-20 12:04pm
   
How would I fix the SQL injection vulnerable?

1 solution

Start by fixing the SQL Injection[^] vulnerability in your code.

Then change your output code to display each post within its own styled element, rather than putting everything within a single <p> tag.
PHP
<style>
article.post {
    border: 3px solid black;
}
</style>

<?php foreach ($text as $texts) {
    echo '<article class="post">';
    echo implode(',', $text);
    echo '</article>';
}?>
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900