Why Isn't My PHP Comment System Saving Data to MySQL Database?

AI Thread Summary
A user is developing a comment system using Dreamweaver and MySQL but is experiencing issues with data not saving to the MySQL database. The index.php file displays existing comments and includes a form for users to submit new comments. However, there are errors in the code, such as a misspelled "action" attribute in the form tag, which should be corrected to ensure the form submits properly to post_comment.php. In post_comment.php, the script connects to the database but fails to execute the SQL insert command, which is necessary for saving comments. Additionally, there are security vulnerabilities present, such as the potential for SQL injection attacks, which could allow malicious users to manipulate the database. Proper execution of the SQL statement and implementing security measures are crucial for the functionality and safety of the comment system.
Sumaya
Messages
29
Reaction score
0
i am making a comment system using dreamweaver and mysql ,
and the data i wrote it in the text area didnt not save in the mysql _db ,
below the index page contain the general fourm to let the user write comment
and post_comment.php to send the data
can you help me why the data didnt send to my db ??

index.php
<html>

<h1>comment</h1>
</html>

<?php
mysql_connect("localhost","root","");
mysql_select_db("comments");

$find_comments = mysql_query("SELECT * FROM comments ");
while($row = mysql_fetch_assoc ($find_comments))
{
$comment_name = $row['name'];
$comment = $row['comments'];
echo "$comment_name - $comment <p>";
}
if(isset($_GET['error']))
{
echo "<p>100 character limit";
}
?>


<html>
<body>
<form actio="post_comment.php" method="POST">
<input type="text" name="name" value="your name"><br>
<textarea name="comment" cols="50" rows="2" >enter a comment </textarea>
<input type="submit" value="comment">

</form>
</body>
</html>









post_comment.php
<?php

$con = mysql_connect("localhost","root","");
mysql_select_db("test");

$name = $_POST["username"];
$comment =$_POST["comments"];
$comment_length = strlen($comment);
if($comment_length > 100)
{
header("location: index.php?error=1");
}
else
{
$sql="INSERT INTO comments VALUES('$name','$comment')";
header("location: index.php");
}

?>
 
Computer science news on Phys.org
Code: 
$sql="INSERT INTO comments VALUES('$name','$comment')";
Because you did not execute the sql? Don't you need to mysql_execute() it?

Also note that I can now **** up your database by entering the following comment
Code: 
'); DELETE * FROM comments; INSERT INTO comments VALUES('You', 'have been hacked
 

Thread 'Is AI hype?'

In my discussions elsewhere, I've noticed a lot of disagreement regarding AI. A question that comes up is, "Is AI hype?" Unfortunately, when this question is asked, the one asking, as far as I can tell, may mean one of three things which can lead to lots of confusion. I'll list them out now for clarity. 1. Can AI do everything a human can do and how close are we to that? 2. Are corporations and governments using the promise of AI to gain more power for themselves? 3. Are AI and transhumans...
View full post »

Thread 'MS 365 Profile Badge colour'

Sorry if 'Profile Badge' is not the correct term. I have an MS 365 subscription and I've noticed on my Word documents the small circle with my initials in it is sometimes different in colour document to document (it's the circle at the top right of the doc, that, when you hover over it it tells you you're signed in; if you click on it you get a bit more info). Last night I had four docs with a red circle, one with blue. When I closed the blue and opened it again it was red. Today I have 3...
View full post »

Hot Threads

Recent Insights

Back
Top