PHP forum post not working

PHP forum post not wokring

Hello,
Im doing a project which is basically making a forum using PHP,HTML and MYSQL database. I basically using a PHP script to import data into the MySQL database and another PHP script to show all the data in the MySQL table on brower. So in a nut shell im using a combination of these two script to simulate a forum.

Ive got the these working which are:
login
create a new thread
display all the threads
create a new post
display all the posts

however the problem I have is that all posts data from the MySQL table is showing in every single thread, this shouldn’t happen I only want the posts to show in the threads they correspond to, I taught it would do this automatically because did all the primary and foreign stuff with my three MySQL tables which are users,threads,posts bellow is the coding for my posts script and MySQL cmd.

I basically want to echo the rows in the posts table where thread_ID = to the threadID from the threads table, this is my primary and foreign key relationship.


<!-- Link to CSS-->
<link rel="stylesheet" type="text/css" href= "CSS/default.css" title="Main">
<p>
Welcome to the posts Page!!!!!!!!!
</p>
To start a new post fill in the details and...
<form name "input" action="new_post.php" method="post"></p>
<input type="text" name="thread_ID" size="25" value="Input thread ID here"><br>
<input type="text" name="description" size="25" value="Description"><br>
<input type="text" name="date" size="25" value="Post Date"><br>
<p><input type="submit" value="Submit"></p>
</form>
<form name "input" action="threads.php" method="post"></p>
<p><input type="submit" value="Back"></p>
</form>
<p>Click the "Submit" button to create a post.</p>
<?php
$mysqli = mysqli_connect("localhost", "root","","forum");
$myquery = "select * from posts";
$result = mysqli_query($mysqli,$myquery);
echo "<table>";
while($record = mysqli_fetch_array($result,MYSQL_ASSOC))
{
$sky = $record["postID"];
$ground = $record["thread_ID"];
$water = $record["description"];
$air = $record["date"];
echo "<tr>";
echo "<td>";
echo $sky;
echo "</td>";
echo "<td>";
echo $ground;
echo "</td>";
echo "<td>";
echo $water;
echo "</td>";
echo "<td>";
echo $air;
echo "</td>";
echo "</tr>";
}
echo "</table>";
?>

As i stated in my response to your PM; the problem is you dont have a WHERE clause for your query. Use that to narrow your results to the current thread (Which… i believe would be $_POST[‘thread_ID’] based on your code).

Flagging this for movement into database forum for the time being.

Thanks for the reply StarLion Ive done what you said about adding a WHERE clause into my posts.php file so what ive done it the last part of the query ive added a POST super global to get the threadID in the threads table to match the thread_ID in the post table however in my threads.php file i cant get the code right because it wont link to my posts.php file can you check the echo statement out please bellow:

posts.php file

&lt;?php

$mysqli = mysqli_connect("localhost", "root","","forum");

$myquery ="SELECT `postID`, `thread_ID`, `description`, `date` FROM posts WHERE `thread_ID`= '$_POST[threadID]'";

$result = mysqli_query($mysqli,$myquery);

echo "&lt;table&gt;";
while($record = mysqli_fetch_array($result,MYSQL_ASSOC))
{
    $postID = $record["postID"];
	$threadID = $record["thread_ID"];
	$description = $record["description"];
	$date = $record["date"];

	echo "&lt;tr&gt;";
	echo "&lt;td&gt;";
	echo $postID;
	echo "&lt;/td&gt;";
	echo "&lt;td&gt;";
	echo $threadID;
	echo "&lt;/td&gt;";
	echo "&lt;td&gt;";
	echo $description;
	echo "&lt;/td&gt;";
	echo "&lt;td&gt;";
	echo $date;
	echo "&lt;/td&gt;";
	echo "&lt;/tr&gt;";
}
echo "&lt;/table&gt;";
?&gt;

threads.php file:

&lt;?php

$mysqli = mysqli_connect("localhost", "root","","forum");

$myquery = "select * from `threads`";

$result = mysqli_query($mysqli,$myquery);

echo "&lt;table&gt;";
while($record = mysqli_fetch_array($result,MYSQL_ASSOC))
{
	$threadID = $record["threadID"];
	$user_ID = $record["user_ID"];
	$title = $record["title"];
	$date = $record["date"];

	echo "&lt;tr&gt;";
	echo "&lt;td&gt;";
	echo "&lt;form action = 'posts.php' method = 'post'&gt;";
	echo "&lt;input type=text name='threadID' value =$threadID&gt;";
	echo "&lt;/td&gt;";
	echo "&lt;td&gt;";
	echo $user_ID;
	echo "&lt;/td&gt;";
	echo "&lt;td&gt;";
	echo "&lt;a href=posts.php&gt;$title&lt;/a&gt;";
	echo "&lt;/td&gt;";
	echo "&lt;td&gt;";
	echo $date ;
	echo "&lt;/td&gt;";
	echo "&lt;/tr&gt;";
	echo "&lt;form&gt;";
}
echo "&lt;/table&gt;";
?&gt;

What should threads.php do that it isn’t doing right now?

Are you getting any PHP/MySQL error? If so, please post it here. Also, you should get error on this line:

$myquery ="SELECT `postID`, `thread_ID`, `description`, `date` FROM posts WHERE `thread_ID`= '$_POST[threadID]'";

You should change the end of this line to

WHERE `thread_ID`= '.$_POST[threadID].'

That line is valid PHP - he WILL get an error about an unenquoted string array key, however.
If he wanted to escape it, he would have to make it

$myquery ="SELECT `postID`, `thread_ID`, `description`, `date` FROM posts WHERE `thread_ID`= '".$_POST['threadID']."'";

, as the double-quotes are the ones being used to designate the PHP string, not the single quotes. The single quotes are there to be passed to MySQL.

another reason I pointed this thread here is that the password field is raising red flags to me. That varchar is too short for a standard hash to be being put there…

However, the true crux to his problem is that threadID is never making it to posts.php

His expected output (based on the code above) in threads.php is:

<tr><td><form action='posts.php' method='post'><input type=text name='threadID' value='1'></td><td>userId</td><td><a href=posts.php>Thread Title</a></td><td>date</td></tr>

See the problem? You are building a form, that is never used, nevermind the fact that you are violating numerous HTML definitions/standards.

So get rid of the form, use a querystring (this way it gives Users the ability to link directly to a thread), so your threads.php file becomes:

&lt;?php

$mysqli = mysqli_connect("localhost", "root","","forum");

$myquery = "select * from `threads`";

$result = mysqli_query($mysqli,$myquery);

echo "&lt;table&gt;";
while($record = mysqli_fetch_array($result,MYSQL_ASSOC))
{
	$threadID = $record["threadID"];
	$user_ID = $record["user_ID"];
	$title = $record["title"];
	$date = $record["date"];

	echo "&lt;tr&gt;";
	echo "&lt;td&gt;";
	echo $user_ID;
	echo "&lt;/td&gt;";
	echo "&lt;td&gt;";
	echo "&lt;a href=\\"posts.php?threadId=" . $threadID . "\\"&gt;$title&lt;/a&gt;";
	echo "&lt;/td&gt;";
	echo "&lt;td&gt;";
	echo $date ;
	echo "&lt;/td&gt;";
	echo "&lt;/tr&gt;";
}
echo "&lt;/table&gt;";
?&gt;

Your posts.php file becomes:

&lt;?php

$mysqli = mysqli_connect("localhost", "root","","forum");

$threadId = (int)$_GET['threadId']; // sanitize your input!
$myquery ="SELECT `postID`, `thread_ID`, `description`, `date` FROM posts WHERE `thread_ID`= '$threadId'";

$result = mysqli_query($mysqli,$myquery);

echo "&lt;table&gt;";
while($record = mysqli_fetch_array($result,MYSQL_ASSOC))
{
    $postID = $record["postID"];
	$threadID = $record["thread_ID"];
	$description = $record["description"];
	$date = $record["date"];

	echo "&lt;tr&gt;";
	echo "&lt;td&gt;";
	echo $postID;
	echo "&lt;/td&gt;";
	echo "&lt;td&gt;";
	echo $threadID;
	echo "&lt;/td&gt;";
	echo "&lt;td&gt;";
	echo $description;
	echo "&lt;/td&gt;";
	echo "&lt;td&gt;";
	echo $date;
	echo "&lt;/td&gt;";
	echo "&lt;/tr&gt;";
}
echo "&lt;/table&gt;";
?&gt;

Thanks guys I works however on my posts.php file where I have a form on top when I input the details and click on submit it says I have a ERROR on line 25 see bellow however the strange thing is when I click on back to the threads.php file then click on the click to go to the posts.php file everything works fine now errors whats going on:

Line 25:

$threadId = (int)$_GET['threadId']; // sanitize your input!

Just to note when the user click on submit on posts.php the data goes to the file new_post.php fiel which process the data into the mysql table in new_post.php at the end ive echo include posts.php which in turn messes things up with line 25 in posts.php. So i think the best way to solve is to put all the new_post.php script into the posts.php however how do I get the form action on posts.php to run the php script within the posts.php thats why I keep making seperate files to run the scripts. Also the code for new_post.php is bellow:

<!-- Link to CSS-->
<link rel="stylesheet" type="text/css" href= "CSS/default.css" title="Main">

<?php
// connect to database
$mysqli = mysqli_connect("localhost", "root","","forum");

// php string query insert into table
$myquery = "insert into posts 
            values ('','$_POST[thread_ID]','$_POST[description]','$_POST[date]')";

// function which runs the myquery string			
$result = mysqli_query($mysqli,$myquery);

// if's statments for inerting data into table
If ($result==true)
{
  echo "New Post Added";
  include "posts.php";
}
else 
{
  echo "Corrupt Post";
  include "posts.php";
}  

// close connection with database
mysqli_close ($mysqli);
?>

I believe you can set $_GET[‘threadId’] = $_POST[‘thread_ID’]; and that would likely resolve it, however, with that said I strongly encourage you to send the threadId to the new_posts.php page via the query string, and remove it from the form. You will still need to validate the value, but at least the user won’t have to figure out what the threadId is.

Secondly, make sure you validate your POST data to prevent garbage and SQL Injections (hint: mysqli_real_escape_string)

im trying to do $_GET[‘threadId’] = $_POST[‘thread_ID’]; but its coming up with ERRORS

$_GET['threadId'] = $_POST['thread_ID'];

$myquery ="SELECT `postID`, `thread_ID`, `description`, `date` FROM posts WHERE `thread_ID`= '".$_POST['thread_ID']."'";

Also I understand what you mean by when the user doesn’t need to enter the threadID but I dont know how to send the thradID to the new_posts.php page via the query string and in terms of validation I havnt come across validating the value and POST data. And last question from the previous code $threadId = (int)$_GET[‘threadId’]; what does the (int) do or does it just state the value is an integer

If you show me the code you use to create the new post link, I can help you place the threadId in the query string. Think something like the following being placed in your form (if it is on the posts.php page)

<input type="hidden" name="thread_id" value="<?php echo $threadId; ?>" />

Also update the form action to (so it passes the threadId forward, thus allowing your include “posts.php” to work.

<form action="new_posts.php?threadId=<?php echo $threadId; ?>">

The (int) forces the value of $_GET[‘threadId’] to be cast into an INT, so if the $_GET[‘threadId’] contained “test”, it would return 0. This way your query is safe from a sql injection.

Heres the code for the new_post.php

<!-- Link to CSS-->
<link rel="stylesheet" type="text/css" href= "CSS/default.css" title="Main">

<?php
// connect to database
$mysqli = mysqli_connect("localhost", "root","","forum");

// php string query insert into table
$myquery = "insert into posts 
            values ('','$_POST[thread_ID]','$_POST[description]','$_POST[date]')";

// function which runs the myquery string			
$result = mysqli_query($mysqli,$myquery);

// if's statments for inerting data into table
If ($result==true)
{
  echo "New Post Added";
  include "posts.php";
}
else 
{
  echo "Corrupt Post";
  include "posts.php";
}  

// close connection with database
mysqli_close ($mysqli);
?>

And this is my complete code for posts.php where the form is located:

&lt;!-- Link to CSS--&gt;
&lt;link rel="stylesheet" type="text/css" href= "CSS/default.css" title="Main"&gt;

&lt;p&gt;
Welcome to the posts Page!!!!!!!!!
&lt;/p&gt;
To start a new post fill in the details and...
&lt;form name "input" action="new_post.php" method="post"&gt;&lt;/p&gt;
&lt;input type="text" name="thread_ID" size="25" value="Input thread ID here"&gt;&lt;br&gt;
&lt;input type="text" name="description" size="25" value="Description"&gt;&lt;br&gt;
&lt;input type="text" name="date" size="25" value="Post Date"&gt;&lt;br&gt;
&lt;p&gt;&lt;input type="submit" value="Submit"&gt;&lt;/p&gt;
&lt;/form&gt;

&lt;form name "input" action="threads.php" method="post"&gt;&lt;/p&gt;
&lt;p&gt;&lt;input type="submit" value="Back"&gt;&lt;/p&gt;
&lt;/form&gt;

&lt;p&gt;Click the "Submit" button to create a post.&lt;/p&gt;

&lt;?php

$mysqli = mysqli_connect("localhost", "root","","forum");

$threadId = (int)$_GET['threadId']; // sanitize your input!

$myquery ="SELECT `postID`, `thread_ID`, `description`, `date` FROM posts WHERE `thread_ID`= '$threadId'";

$result = mysqli_query($mysqli,$myquery);

echo "&lt;table&gt;";
while($record = mysqli_fetch_array($result,MYSQL_ASSOC))
{
    $postID = $record["postID"];
	$threadID = $record["thread_ID"];
	$description = $record["description"];
	$date = $record["date"];

	echo "&lt;tr&gt;";
	echo "&lt;td&gt;";
	echo $postID;
	echo "&lt;/td&gt;";
	echo "&lt;td&gt;";
	echo $threadID;
	echo "&lt;/td&gt;";
	echo "&lt;td&gt;";
	echo $description;
	echo "&lt;/td&gt;";
	echo "&lt;td&gt;";
	echo $date;
	echo "&lt;/td&gt;";
	echo "&lt;/tr&gt;";
}
echo "&lt;/table&gt;";
?&gt;


Also i tired what you said above but its coming up with ERRORs


SCREAM: Error suppression ignored for ( ! ) Notice: Undefined variable: threadId in C:\\wamp\\www\\Forum\\posts.php on line 8 Call Stack #TimeMemoryFunctionLocation 10.0007680008{main}( )..\\posts.php:0 " /&gt;

( ! ) SCREAM: Error suppression ignored for ( ! ) Notice: Undefined variable: threadId in C:\\wamp\\www\\Forum\\posts.php on line 9 Call Stack #TimeMemoryFunctionLocation 10.0007680008{main}( )..\\posts.php:0 "&gt;

You would receive that error because you likely tried to use $threadId before it was defined. By moving the following line to the top of your code, you will avoid that error.

$threadId = (int)$_GET['threadId']; // sanitize your input!

Oki its saying in my new_posts.php file i have an error on this line of code:


$myquery = "insert into posts 
            values ('','$_POST[thread_ID]','$_POST[description]','$_POST[date]')";

Also that line you told me to put on top of my page i couldnt make it work by putting it on top of the code but i just put it before the echo tags within the php in the form.


<form name "input" action="new_posts.php?threadId=<?php $threadId = (int)$_GET['threadId'];echo $threadId; ?>" method="post"></p>
<input type="hidden" name="thread_id" value="<?php $threadId = (int)$_GET['threadId']; echo $threadId; ?>" /><br>
<input type="text" name="description" size="25" value="Description"><br>
<input type="text" name="date" size="25" value="Post Date"><br>
<p><input type="submit" value="Submit"></p>
</form>

<form name "input" action="threads.php" method="post"></p>
<p><input type="submit" value="Back"></p>
</form>

Ah my bad, I put an ‘s’ in the URL and there shouldn’t be one. As it is new_post.php?threadId=2, not new_posts.php?threadId=2.

If you fix the filename, it should be fine.

yep i changed the file name it does go through however its saying in my new_posts.php file i have an error on this line of code:


$myquery = "insert into posts
            values ('','$_POST[thread_ID]','$_POST[description]','$_POST[date]')";

Try

// php string query insert into table
$myquery = "insert into posts 
            values ('{$_POST['thread_id']}','{$_POST['description']}','{$_POST['date']}')";

I got it working but with the code u gave me they way i got it working was I quto incremented the postID column so you need to leave it blank with a two single quotes. However I need help with one last thing then I fully done on my threads.php file bellow is it possible to post the thread without the user imputing there userID I tired using the same technique with the threadID but no luck. I dunno if this is possible but on my index.html file where the user inputs the username and password is it possible to sends this data to another php script to go into the database find the corresponding userID with the data and give that id into the threads.php where the form is located. However my concern is the my index.html form already has a action in it to where it sends the data to the index.php script can I tell that action in the form to send the data to two separate files if so then the method i stated might work.

My coding for files:

index.php


<!-- Link to CSS-->
<link rel="stylesheet" type="text/css" href= "CSS/default.css" title="Main">

<div class="login">	
<p><form name "login" action="index.php" method="post"></p>

Please Enter you login details to enter the forum</p>
<p>Username ===> <input type="text" siz="20" name="username"/></p>
<p>Password ===> <input type="text" siz="20" name="password"/></p>

<p><input type="submit" value="Login"></p>
	
If you dont have a account please <a href="register.html">Register Here</a></p>
</div class="login">	

threads.php


&lt;!-- Link to CSS--&gt;
&lt;link rel="stylesheet" type="text/css" href= "CSS/default.css" title="Main"&gt;

&lt;p&gt;
Welcome to the threads Page!!!!!!!!!
&lt;/p&gt;
To start a new thread fill in the details and...
&lt;form name "input" action="new_thread.php" method="post"&gt;&lt;/p&gt;
&lt;input type="text" name="user_ID" size="25" value="Input user ID here"&gt;&lt;br&gt;
&lt;input type="text" name="title" size="25" value="Topic Name"&gt;&lt;br&gt;
&lt;input type="text" name="date" size="25" value="Topic Date"&gt;&lt;br&gt;
&lt;p&gt;&lt;input type="submit" value="Submit"&gt;&lt;/p&gt;
&lt;/form&gt;

&lt;form name "input" action="index.html" method="post"&gt;&lt;/p&gt;
&lt;p&gt;&lt;input type="submit" value="Back"&gt;&lt;/p&gt;
&lt;/form&gt;

&lt;p&gt;Click the "Submit" button to create a thread.&lt;/p&gt;

&lt;?php

$mysqli = mysqli_connect("localhost", "root","","forum");

$myquery = "select * from `threads`";

$result = mysqli_query($mysqli,$myquery);

echo "&lt;table&gt;";
while($record = mysqli_fetch_array($result,MYSQL_ASSOC))
{
	$threadID = $record["threadID"];
	$user_ID = $record["user_ID"];
	$title = $record["title"];
	$date = $record["date"];

	echo "&lt;tr&gt;";
    echo "&lt;td&gt;";
	echo $threadID;
	echo "&lt;/td&gt;";	
	echo "&lt;td&gt;";
	echo $user_ID;
	echo "&lt;/td&gt;";
	echo "&lt;td&gt;";
	echo "&lt;a href=\\"posts.php?threadId=" . $threadID . "\\"&gt;$title&lt;/a&gt;";
	echo "&lt;/td&gt;";
	echo "&lt;td&gt;";
	echo $date ;
	echo "&lt;/td&gt;";
	echo "&lt;/tr&gt;";
}
echo "&lt;/table&gt;";
?&gt;


new_threads.php


&lt;!-- Link to CSS--&gt;
&lt;link rel="stylesheet" type="text/css" href= "CSS/default.css" title="Main"&gt;

&lt;?php
// connect to database
$mysqli = mysqli_connect("localhost", "root","","forum");

// php string query insert into table
$myquery = "insert into threads
            values ('','{$_POST['user_ID']}','{$_POST['title']}','{$_POST['date']}'}";
			

// function which runs the myquery string			
$result = mysqli_query($mysqli,$myquery);

// if's statments for inerting data into table
If ($result==true)
{
  echo "New Thread Added";
  include "threads.php";
}
else
{
  echo "Corrupt Thread";
  include "threads.php";
}

// close connection with database
mysqli_close ($mysqli);
?&gt;


Out of curiosity, is this something you plan to use on a live site? Or more of a project to learn from or for school?

As I wouldn’t ever recommend using this on a live site (you should really just download a free forum, such as, phpBB).

As for your userID problem, you really need to read up on articles that walk you through a login/registration scenario. You’ll likely learn about cookies or sessions to maintain the user’s authentication, etc. And that would help you out a lot.

yea this is project for college I know what your thinking they way this so called forum was designed is silly but believe me that how this teacher wants it I would start the login stuff with sessions but this teacher is mental. So regarding this userID problem is it possible ?