how to insert comment data for each thread data row in table one, using form for table two in php and mysql

Question

sorry for my broken english. i'm trying to make a forum like page using mysql and php. i create 2 table, post and comment. at my page, user can post a thread and also can post comment for the thread. i have no problem for posting a thread. for posting a comment, i got an error. and, if i could, for each thread, i can post many comment. here is my code:

EDIT

here is forum_comment_add.php:

<?php
$con=mysqli_connect("localhost","root","admin","forum");
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

$post_id = $_POST['post_id'];
$query = "SELECT * FROM post WHERE post_id ='".$post_id."'";
$result = mysqli_query($con,$query);
$rows = mysqli_fetch_array($result);
?>
<table width="710" border="0" align="center" cellpadding="0" cellspacing="1">
<tr>
<td width="708"><form name="comment_insert" method="post" action="forum_comment_add_go.php">
  <table width="398" border="0" align="center">
    <tr>
      <th width="24" scope="col">NO</th>
      <th width="90" scope="col">DATE</th>
      <th width="68" scope="col">TIME</th>
      <th width="198" scope="col">COMMENT</th>
      </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input name="date" type="text" id="date" size="15" /></td>
      <td><input name="time" type="text" id="time" size="10" maxlength="9" /></td>
      <td><input type="text" name="thread_comment" id="thread_comment" /></td>
      </tr>
    <tr>
      <td colspan="4" align="right"><?php echo "<input type='hidden' value='" . $rows['post_id'] . "' name='post_id'>"; echo "<input type='submit' value='Add Record'>";?></td>
    </tr>
  </table>


</form>
</td>
</tr>
</table>
<?php
mysqli_close($con);
?>

and forum_comment_add_go.php:

<script type="text/javascript">
function CloseWindow() {
    window.close(); 
    window.opener.location.reload();
}
</script>

<?php
error_reporting(E_ALL);
ini_set('display_errors','on');

$con=mysqli_connect("localhost","root","admin","forum");

if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
$date = $_POST['date'];
$time = $_POST['time'];
$thread_comment = $_POST['thread_comment'];
$post_id = $_POST['post_id'];
$comment_in="INSERT INTO comment ( date, time, thread_comment, post_id) VALUES ( '$date', '$time', '$thread_comment', '$post_id)";
$result=mysqli_query($con, $comment_in);

if($result){
echo "Successful";
echo "<BR>";
echo "<th><form>";
echo "<input type='button' onClick='CloseWindow()' value='Done' align='middle'>";
echo "</form></th>";
}   
else {
echo "Error";
}
mysqli_close($con);
?>

for table post, PK = post_id and for table comment, PK = id with FK = post_id refer to PK in table post. what i'm trying to do is when i view any thread, i can post comments for the tread. can anyone help me. i'm stuck in posting comment.

Answer 1

First, your insert query has single quotes placed wrong around your variables -

$comment_in="INSERT INTO comment ( date, time, thread_comment) VALUES ( $'date', $'time', $'thread_comment')";

should be

$comment_in="INSERT INTO comment ( date, time, thread_comment) VALUES ( '$date', '$time', '$thread_comment')";

Second, I don't see where you are setting those variables - $date, $time, $thread_comment in forum_comment_add_go.php before inserting them.

Third, when inserting your comment, you are not including the post id that the comment relates to.

So it your code may be something like -

$date = $_POST['date'];
$time = $_POST['time'];
$thread_comment = $_POST['thread_comment'];
$post_id = $_POST['post_id'];
$comment_in="INSERT INTO comment ( date, time, thread_comment, post_id) VALUES ( '$date', '$time', '$thread_comment', '$post_id)";

note, you are open to sql injection, as you are directly inserting user values without sanitizing. take a look at How can I prevent SQL injection in PHP?