Click here to Skip to main content
14,984,032 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I'm making a comment box in PHP, MYSQL. Have written the code. The problem is that comments are not getting displayed but its getting stored in the database. The name of the database is status, the name of the table is also status.The table has only one field, whose name is also status.

index.php

<html>
<body>
XML
<form method = "post" action = "process.php">
<textarea name = "data" rows = "3" cols = "80" > </textarea> &nbsp; &nbsp;

<input type = "submit" name = "post" value = "POST">
</form>


PHP
<?php

$dbc = mysqli_connect('localhost', 'dhruv', 'password', 'status') or die('Error connecting to databse') ;

$query = "SELECT * FROM status" ;

 $result = mysqli_query($dbc, $query) or die('error querying') ;

 while ($row = mysqli_fetch_array($result))
 {
  echo $_row['status'];
 }

mysqli_close($dbc) ;

?>


</body>
</html>


process.php

PHP
<?php

$dbc = mysqli_connect('localhost', 'dhruv', 'password', 'status') or die('Error connecting to databse') ;

$status = $_POST['data'] ;

$query = "INSERT INTO status (status)" . "VALUES('status')" ;

mysqli_query($dbc,$query) or die('error querying') ;

mysqli_close($dbc) ;

header( 'Location: index.php' ) ;

?>



I tried many times but couldnot find what is wrong here. Any help will be great.
Posted
Updated 4-Oct-13 22:16pm
v3

See here.
PHP
while ($row = mysqli_fetch_array($result))
 {
  //echo $_row['status']; //This would not work. Change this to
  echo $row['status'];
 }


That should work.

Other things to note.

Since you only need the column "status" in your query, it is best to only select that column, so your query should be

$query = "SELECT status FROM status";

Also, where you insert data into the database, you should filter or escape the content to prevent SQL Injection[^][^][^]

So, you should do something like

$status = htmlentities( $_POST['data', ENT_QUOTES );

and use prepared statements or ..

$query = sprintf( "INSERT INTO status ( status ) VALUES ( %s )", mysql_real_escape_string( $status ) );
   
v2
Comments
IAM_Dhruv 5-Oct-13 10:58am
   
Thank you very much for sparing time and helping. I got it. It works now. And got your other points too. I must keep it in mind.
Akinmade Bond 5-Oct-13 11:50am
   
Happy to help.
Definitly $row[... not $_row[... How about $row[0] or is that the same as $row['status']?
   
Comments
IAM_Dhruv 5-Oct-13 11:01am
   
$row[...] works. That was the only reason why it was not showing the desired output. Thank you very much.

And as Akinmade Bond pointed above, I must keep in mind that the code is not vulnerable to SQL injection.
Jonathan Davies 5-Oct-13 11:19am
   
I've written a PHP MySQL comment and reply system myself a month ago, see http://www.jgdprojects.co.uk/codingcomments.htm if you're interested.
Akinmade Bond 5-Oct-13 14:16pm
   
Yes, $row[0] is the same as $row['status']

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900