Page 1 of 1

Message Board

Posted: Tue Jan 25, 2011 1:36 pm
by sloppyjoe
So I have created a message board. Basically a user is on the message board they post a message in the textbox (eg. good site). They click submit and are returned to the page with the textbox and underneath the text box is the most recently posted message (their message) and previously entered messages. I have coded it to 3 pages which are places below. The messages are entered into the database as expected. The problem is the messages that have been entered will not show. I've been racking my brain and editing the scripts so many time. I must be missing something but I have no idea what.

Any idea's?

messageboard.php (the page with the textbox and where I want messages to appear

Code: Select all

<?php
;
session_start();
//this checks to see if the $_SESSION variable has been not set 
//or if the $_SESSION variable has been not set to true
//and if one or the other is not set then the user gets
//sent to the login page
if (!isset($_SESSION['username'])) {
    header('Location: http://*******.*********/login.php');
}




?>




<HTML>
<head><title>Message Board - Logged In</title>
<link rel='stylesheet' href='layout.css'>
</head>
<body bgcolor="#fd8ecf">
<center><img src="headerpage.jpg"></center>

<div class="navbar">
<div class="button"><a href="index.html">Home</a></div>
<div class="button"><a href="news.html">News</a></div>
<div class="button"><a href="gallery.html">Gallery</a></div>
<div class="button"><a href="videos.html">Videos</a></div>
<div class="button"><a href="contact.html">Contact</a></div>
<div class="button"><a href="links.html">Links</a></div>
<div class="button"><a href="msg.html">Message  Kaaleigh</a></div>

</div>

<div class="frame">

<frameset cols="25%,75%" noresize="noresize">

<?php
session_start();

$username = $_SESSION['username'];
$password = $_SESSION['password'];

  if(isset($_SESSION['username']) && isset($_SESSION['password'])) {
    
  echo " <b>Welcome ".$username." <br><br></b> Please not only messages with the username Kaaleigh are posted by Kaaleigh herself";
  }

    else {
    echo "Welcome Guest! <br> <a href=login.php>Login</a> | <a href=register.php>Register</a>";
    }

?>


<?php
mysql_connect("**********.com", "************", "**********");
mysql_select_db("*************");
?>






<form action="message.php" method="POST">
Your Name: <input type="text" name="author"><br>
Message:<br><textarea cols="60" rows="5" name="message"></textarea><br>
<input type="submit" value="Post Message">
</form>



<hr>


<?php
// I am selecting everything from the messages section in the database and ordering them newest to oldest.
$sql = mysql_query("SELECT * FROM messages ORDER BY posted DESC");
 
// Now I am getting my results and making them an array
while($r = mysql_fetch_array($sql)) {
 
$posted = date("jS M Y h:i",$r[posted]);

// End of Array
}

echo "$r[message]<h4>Posted by $r[author] on $posted</h4><hr>";

?>


</body>


</html>
message.php

Code: Select all

<?php
mysql_connect("**********.com", "************", "**********");
mysql_select_db("*************");
$time = time();


$query = "INSERT INTO messages VALUES( NULL, '{$_POST['message']}', '{$_POST['author']}', '$time' )";
if( $result = mysql_query($query) ) {
	if(mysql_affected_rows() > 0 ) {
		echo "Message Posted.<br><a href='messageboard.php'>Return</a>";
	} else {
		echo 'There was an error posting your message. Please try again later.';
	}
} else {
	echo "There was a database error.";
	// comment out next line for live site.
	echo "<br>Query string: $query<br>Returned error: " . mysql_error() . '<br>';
}


;

msg.php

Code: Select all

<?php
mysql_connect("**********.com", "************", "**********");
mysql_select_db("*************"););
echo "<a href='messageboard.php'>Go Back...</a>";
$sql = mysql_query("SELECT * FROM messages WHERE id = '$_GET[id]'");
// Now we are getting our results and making them an array
while($r = mysql_fetch_array($sql)) {
// Everything within the two curly brackets can read from the database using $r[]
// We need to convert the UNIX Timestamp entered into the database for when a thread...
// ... is posted into a readable date, using date().
$posted = date("jS M Y h:i",$r[posted]);
// Now this shows the thread with a horizontal rule after it.
echo "$r[message]<h4>Posted by $r[author] on $posted</h4><hr>";

// End of Array
}

As you can see on the messageboard.php page a user is logged in and the username is stored in a session. I would like the user to not have to enter anything in the author box and the username appears after "posted by (name) on (date)". Tjis however isn;t the priotory roght now. My main concern is making the messages appear on the messageboard.php Any feedback is appreciated. People pointing out the code that is missing is appreciated more.

Re: Message Board

Posted: Tue Jan 25, 2011 1:56 pm
by danwguy
If I'm not mistaken you need to put your echo command inside the while statement. Right now you have it outside that while statement. try putting inside like this...

Code: Select all

<?php
;
session_start();
//this checks to see if the $_SESSION variable has been not set 
//or if the $_SESSION variable has been not set to true
//and if one or the other is not set then the user gets
//sent to the login page
if (!isset($_SESSION['username'])) {
    header('Location: http://*******.*********/login.php');
}




?>




<HTML>
<head><title>Message Board - Logged In</title>
<link rel='stylesheet' href='layout.css'>
</head>
<body bgcolor="#fd8ecf">
<center><img src="headerpage.jpg"></center>

<div class="navbar">
<div class="button"><a href="index.html">Home</a></div>
<div class="button"><a href="news.html">News</a></div>
<div class="button"><a href="gallery.html">Gallery</a></div>
<div class="button"><a href="videos.html">Videos</a></div>
<div class="button"><a href="contact.html">Contact</a></div>
<div class="button"><a href="links.html">Links</a></div>
<div class="button"><a href="msg.html">Message  Kaaleigh</a></div>

</div>

<div class="frame">

<frameset cols="25%,75%" noresize="noresize">

<?php
session_start();

$username = $_SESSION['username'];
$password = $_SESSION['password'];

  if(isset($_SESSION['username']) && isset($_SESSION['password'])) {
    
  echo " <b>Welcome ".$username." <br><br></b> Please not only messages with the username Kaaleigh are posted by Kaaleigh herself";
  }

    else {
    echo "Welcome Guest! <br> <a href=login.php>Login</a> | <a href=register.php>Register</a>";
    }

?>


<?php
mysql_connect("**********.com", "************", "**********");
mysql_select_db("*************");
?>






<form action="message.php" method="POST">
Your Name: <input type="text" name="author"><br>
Message:<br><textarea cols="60" rows="5" name="message"></textarea><br>
<input type="submit" value="Post Message">
</form>



<hr>


<?php
// I am selecting everything from the messages section in the database and ordering them newest to oldest.
$sql = mysql_query("SELECT * FROM messages ORDER BY posted DESC");
 
// Now I am getting my results and making them an array
while($r = mysql_fetch_array($sql)) {
 
$posted = date("jS M Y h:i",$r[posted]);

// End of Array
echo "$r[message]<h4>Posted by $r[author] on $posted</h4><hr>";

}

?>


</body>


</html>
 

Re: Message Board

Posted: Tue Jan 25, 2011 2:36 pm
by sloppyjoe
No you are not mistaken.
That cured the main issue.

However, Im now getting this below a posted message message:

"Posted by 23763539309675 on"

For some reason I'm getting a random selection of letters instead of the name entered in the author box :S
However, This shouldn't be a problem as I want rid of the author box and want the username name stored in the session enetered instead.

I changed message.php

this

Code: Select all

$query = "INSERT INTO messages VALUES( NULL, '{$_POST['message']}', '{$_POST['author']}', '$time' )";
to this

Code: Select all

$query = "INSERT INTO messages VALUES( NULL, '{$_POST['message']}', '{$_POST['username]}', '$time' )";
which didn't work as i thought it would. Instead it kept the numbers as the name but posted the message to the bottom of the page not the top.
Any clue how to include the name stored in the emssage so i can delete the author box.

Also can anyone tell my why the date isnt showing?

Re: Message Board

Posted: Tue Jan 25, 2011 3:09 pm
by sloppyjoe
OKAY.

Almost everything sorted.
With slight fiddling with the table in MySql I have almost sorted everything.

All i want to change now is the username in a session instered so The message is posted

and says

"posted by (logged in user) on (date)"

help please?

Re: Message Board

Posted: Tue Jan 25, 2011 4:13 pm
by John Cartwright
You generally want to store the user_id of the author in your messages table, then you can JOIN the two tables together when fetching the information. I.e.,

Code: Select all

$sql = '
   SELECT * FROM messages
   INNER JOIN users ON messages.user_id = users.id 
   ...
';
$result = mysql_query($sql) or die(mysql_error());
while ($row = mysql_fetch_assoc($result)) {
   echo '<p>Message post "'. $row['message'] .'" created by user: '. $row['username'] .' (id #'. $row['user_id'] .')</p>'; 
}
Note: your column names may be different
Note2: When passing user input to your queries, you ALWAYS (let me repeat -- ALWAYS) want escape the data. I.e.,

Code: Select all

$query = "INSERT INTO messages VALUES( NULL, '". mysql_real_escape_string($_POST['message']) ."', '". mysql_real_escape_string($_POST['username']) ."', '$time' )";

Re: Message Board

Posted: Tue Jan 25, 2011 4:27 pm
by sloppyjoe
Thanks for the reply john

To be completely honest SQL goes over my head. I keep reading up on it and get more and more confused. So I join the two tables. How exactly do I write that code in PHP (if you don't mind me asking)

The users table is called users

has the fields id, first_name, last_name, email, username and password.

and where do I place that code.

Heres my page as it now stands with the escape string you mentioned

Code: Select all

<?php
session_start();
mysql_connect("*************", "*****************", "***************");
mysql_select_db("***********************");
$time = time();



//this checks to see if the $_SESSION variable has been not set 
//or if the $_SESSION variable has been not set to true
//and if one or the other is not set then the user gets
//sent to the login page
if (!isset($_SESSION['username'])) {
    header('Location: http://***************.com/login.php');
}

$query = "INSERT INTO messages VALUES( NULL, '". mysql_real_escape_string($_POST['message']) ."', '". mysql_real_escape_string($_POST['username']) ."', '$time' )";if( $result = mysql_query($query) ) {
	if(mysql_affected_rows() > 0 ) {
		echo "Message Posted.<br><a href='messageboard.php'>Return</a>";
	} else {
		echo 'There was an error posting your message. Please try again later.';
	}
} else {
	echo "There was a database error.";
	// comment out next line for live site.
	echo "<br>Query string: $query<br>Returned error: " . mysql_error() . '<br>';
}


;