($scheck is defined earlier - it's basically to determine logged in status, and that code works elsewhere.)
Code: Select all
<?
include 'commentstest.php';
$uname = $_SESSION['uname'];
?>
<p><center>
<b>Post Comment</b>
<form name="comments" method="post" action="commentstest.php">
<input type="hidden" name="page" value="<? print($_SERVER['REQUEST_URI']) ?>">
<input type="hidden" name="date" value="<? print date(); ?>">
<table border="0">
<tr>
<td class="c"></td><td class="c"><b><?
if(!$scheck) {
$cname = "Guest";
print $cname;
}
else {
$cname = $uname;
print $cname;
}
?>
</b></td></tr>
<tr><td class="c" align="right"><b>Subject</b></td><td class="c"><input type="text" size="50" name="subject"></td></tr>
<tr><td class="c" align="right"><b>Comment</b></td><td class="c"><textarea name="comment" cols="45" rows="5" wrap="VIRTUAL"></textarea></td></tr>
<tr><td class="c" align="right" colspan="2"><input type="submit" name="submit" value="Add Comment"></td></tr>
</table>
</form></center>Code: Select all
<?
include '../db.php';
$sql = "SELECT * FROM comments WHERE page= '".stripslashes($_SERVER['REQUEST_URI'])."'";
$result = mysql_query($sql);
$num_rows = mysql_num_rows($result);
if ($result) {
if ($num_rows > 0) {
$inf = "SELECT * FROM comments WHERE page= '".stripslashes($_SERVER['REQUEST_URI'])."' ORDER BY postdate ASC";
$info = mysql_query($inf);
if(!$info) die(mysql_error());
if($info) {
$data = mysql_fetch_assoc($info);
print "<b>Comments</b>";
print "<p><table border='1' bordercolor='black'>";
while($info2 = mysql_fetch_object($info)) {
print "<tr><td class='sm' colspan='2' width='800'>" .stripslashes($info2->subject);
print "</td></tr><tr><td class='c' width='150'>" .stripslashes($info2->cname);
print "<br>" .stripslashes($info2->postdate). "</td>";
print "<td valign='top' class='c'>" .stripslashes($info2->comment). "</td></tr>";
}//end while
print "</table>";
print "<hr>";
}
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$comment = $_POST['comment'];
if ($comment == '') {
error('Comment field left empty. Please fill it in and try again.');
}
else {
$comment = mysql_real_escape_string($comment);
$subject = $_POST['subject'];
$subject = mysql_real_escape_string($subject);
$page = $_POST['page'];
$date = $_POST['date'];
$sql = "INSERT INTO comments SET page='$page', uname='$cname', postdate='$date', subject='$subject', comment='$comment'";
$result = mysql_query($sql);
if (!result) {
error('A database error occured during submission');
}
else {
header('Location: http://' . $_SERVER['HTTP_HOST'] . $_POST['page'] . "#comments");
}
}
}
}
?>One last thing - I can't get the date to display. I set the MySQL table column to DATETIME, and all I get is 0000-00-00 00:00:00 for every entry.
I started trying to define date("F d, y, H:i") but had the same problem, so I gave up and left it as date() and I'm still getting the string of zeroes.
Help on all matters (especially the first two) would be appreciated. Thanks!
EDIT: And now for some reason the entries aren't even getting inserted into the database. Weird. It worked earlier.