Why Isn't My PHP Comment System Saving Data to MySQL Database?

In summary, the conversation is about creating a comment system using Dreamweaver and MySQL. The data written in the text area is not being saved in the database. The index page contains a forum for users to write and post comments, and the post_comment.php page is used to send the data. There is a concern about the data not being sent to the database and a potential vulnerability in the code. The code for both index.php and post_comment.php is also provided.
  • #1
Sumaya
29
0
i am making a comment system using dreamweaver and mysql ,
and the data i wrote it in the text area didnt not save in the mysql _db ,
below the index page contain the general fourm to let the user write comment
and post_comment.php to send the data
can you help me why the data didnt send to my db ??

index.php
<html>

<h1>comment</h1>
</html>

<?php
mysql_connect("localhost","root","");
mysql_select_db("comments");

$find_comments = mysql_query("SELECT * FROM comments ");
while($row = mysql_fetch_assoc ($find_comments))
{
$comment_name = $row['name'];
$comment = $row['comments'];
echo "$comment_name - $comment <p>";
}
if(isset($_GET['error']))
{
echo "<p>100 character limit";
}
?>


<html>
<body>
<form actio="post_comment.php" method="POST">
<input type="text" name="name" value="your name"><br>
<textarea name="comment" cols="50" rows="2" >enter a comment </textarea>
<input type="submit" value="comment">

</form>
</body>
</html>









post_comment.php
<?php

$con = mysql_connect("localhost","root","");
mysql_select_db("test");

$name = $_POST["username"];
$comment =$_POST["comments"];
$comment_length = strlen($comment);
if($comment_length > 100)
{
header("location: index.php?error=1");
}
else
{
$sql="INSERT INTO comments VALUES('$name','$comment')";
header("location: index.php");
}

?>
 
Computer science news on Phys.org
  • #2
Code: 
$sql="INSERT INTO comments VALUES('$name','$comment')";
Because you did not execute the sql? Don't you need to mysql_execute() it?

Also note that I can now **** up your database by entering the following comment
Code: 
'); DELETE * FROM comments; INSERT INTO comments VALUES('You', 'have been hacked
 

Related to Why Isn't My PHP Comment System Saving Data to MySQL Database?

What is Php language?

Php is a popular server-side scripting language used for creating dynamic web pages and web applications. It stands for "Hypertext Preprocessor" and is often used in conjunction with HTML, CSS, and JavaScript.

What is a comment system in Php?

A comment system in Php allows users to leave comments on a website or web application. These comments can be visible to other users and serve as a way for people to interact and share their thoughts and opinions.

How do I create a comment system in Php?

To create a comment system in Php, you will need to use a combination of Php, HTML, and SQL. First, you will need to create a form for users to enter their comments. Then, you will need to use Php to store the comments in a database and retrieve them to display on the website.

What are the benefits of using a comment system in Php?

A comment system in Php can improve user engagement and interaction on a website. It also allows for easy moderation of comments and can provide valuable feedback for website owners. Additionally, Php offers a wide range of functions and features for customizing and managing a comment system.

Are there any security concerns with using a comment system in Php?

As with any web application, security should be a top priority when creating a comment system in Php. It is important to properly sanitize user input and implement measures to prevent spam or malicious attacks. It is also recommended to regularly update Php and any related libraries to ensure the latest security patches are in place.

Hot Threads

Recent Insights

Back
Top