Why Isn't My PHP Comment System Saving Data to MySQL Database?

AI Thread Summary
A user is developing a comment system using Dreamweaver and MySQL but is experiencing issues with data not saving to the MySQL database. The index.php file displays existing comments and includes a form for users to submit new comments. However, there are errors in the code, such as a misspelled "action" attribute in the form tag, which should be corrected to ensure the form submits properly to post_comment.php. In post_comment.php, the script connects to the database but fails to execute the SQL insert command, which is necessary for saving comments. Additionally, there are security vulnerabilities present, such as the potential for SQL injection attacks, which could allow malicious users to manipulate the database. Proper execution of the SQL statement and implementing security measures are crucial for the functionality and safety of the comment system.
Sumaya
Messages
29
Reaction score
0
i am making a comment system using dreamweaver and mysql ,
and the data i wrote it in the text area didnt not save in the mysql _db ,
below the index page contain the general fourm to let the user write comment
and post_comment.php to send the data
can you help me why the data didnt send to my db ??

index.php
<html>

<h1>comment</h1>
</html>

<?php
mysql_connect("localhost","root","");
mysql_select_db("comments");

$find_comments = mysql_query("SELECT * FROM comments ");
while($row = mysql_fetch_assoc ($find_comments))
{
$comment_name = $row['name'];
$comment = $row['comments'];
echo "$comment_name - $comment <p>";
}
if(isset($_GET['error']))
{
echo "<p>100 character limit";
}
?>


<html>
<body>
<form actio="post_comment.php" method="POST">
<input type="text" name="name" value="your name"><br>
<textarea name="comment" cols="50" rows="2" >enter a comment </textarea>
<input type="submit" value="comment">

</form>
</body>
</html>









post_comment.php
<?php

$con = mysql_connect("localhost","root","");
mysql_select_db("test");

$name = $_POST["username"];
$comment =$_POST["comments"];
$comment_length = strlen($comment);
if($comment_length > 100)
{
header("location: index.php?error=1");
}
else
{
$sql="INSERT INTO comments VALUES('$name','$comment')";
header("location: index.php");
}

?>
 
Computer science news on Phys.org
Code: 
$sql="INSERT INTO comments VALUES('$name','$comment')";
Because you did not execute the sql? Don't you need to mysql_execute() it?

Also note that I can now **** up your database by entering the following comment
Code: 
'); DELETE * FROM comments; INSERT INTO comments VALUES('You', 'have been hacked
 
Thread 'Urgent: Physically repair - or bypass - power button on Asus laptop'

Thread 'Urgent: Physically repair - or bypass - power button on Asus laptop'

Asus Vivobook S14 flip. The power button is wrecked. Unable to turn it on AT ALL. We can get into how and why it got wrecked later, but suffice to say a kitchen knife was involved: These buttons do want to NOT come off, not like other lappies, where they can snap in and out. And they sure don't go back on. So, in the absence of a longer-term solution that might involve a replacement, is there any way I can activate the power button, like with a paperclip or wire or something? It looks...
View full post »

Thread 'Google DeepMind, AI/ML and ALPHA-fold'

I came across a video regarding the use of AI/ML to work through complex datasets to determine complicated protein structures. It is a promising and beneficial use of AI/ML. AlphaFold - The Most Useful Thing AI Has Ever Done https://www.ebi.ac.uk/training/online/courses/alphafold/an-introductory-guide-to-its-strengths-and-limitations/what-is-alphafold/ https://en.wikipedia.org/wiki/AlphaFold https://deepmind.google/about/ Edit/update: The AlphaFold article in Nature John Jumper...
View full post »

Hot Threads

Recent Insights

Back
Top