0

i have problem on my comment list in my forum website php please help i trying to looping all the user comment, but it just appear 1 or fail looping that show all same comment in many number.

<?php
include 'connection.php'; 
        echo '<table border="1" bgcolor="#FBFBEF" width="100%" height="20"><tr>';
        echo '<td width="80%" height="20"><strong>Thread :';
        $query="select title from topic where topic_id=".$_REQUEST['topic'];
        $result=mysql_query($query);
        $row=mysql_fetch_array($result);
        echo $row['title'];
    if($row){
      do{   
    echo'</strong></td><td  align="center" valign="top"><strong><?php ';
      $query2="select * from comment where topic_id=".$_REQUEST['topic'];
      $result2=mysql_query($query2);
      $row2=mysql_fetch_array($result2);
      echo $row2['post_date'];
      echo '</strong></td></tr></table>';
    echo '<table border="1" bgcolor="#FBFBEF" width="100%" height="20"><tr><td align="center" valign="top" height="20"><strong> Post By :<strong></td><td width="85%" ><strong>';
        echo $row['title'];
        echo'</strong></td></tr>';
    echo '<tr><td align="center" valign="top"><strong>';
            $query3="select * from user_login where email='".$row2['post_by_user']."'";
            $result3=mysql_query($query3);
            $row3=mysql_fetch_array($result3);
            echo '<br>'.$row3['first_name'].' '.$row3['last_name'];

        echo '</strong></td><td align="left" valign="top" height=200>';
      //displaying list comment
    echo '<p>'.$row2['description'].'</p><hr>';
     }while($row=mysql_fetch_array($result2));
      }
      ?>
        </td>
    </tr>

why is the looping failed ?

MH2K9
  • 11,951
  • 7
  • 32
  • 49
ven ray
  • 31
  • 1
  • 6

3 Answers3

0

I have re-arranged your loop. The first thing wrong was while($row=mysql_fetch_array($result2)) because you are using $row2 in that loop and changing $row won't help.

<?php
include 'connection.php';
echo '<table border="1" bgcolor="#FBFBEF" width="100%" height="20"><tr>';
echo '<td width="80%" height="20"><strong>Thread :';
$query = "select title from topic where topic_id=" . $_REQUEST['topic'];
$result = mysql_query($query);
$row = mysql_fetch_array($result);
echo $row['title'];
if ($row) {
    echo '</strong></td><td  align="center" valign="top"><strong><?php ';
    $query2 = "select * from comment where topic_id=" . $_REQUEST['topic'];
    $result2 = mysql_query($query2);
    while ($row2 = mysql_fetch_array($result2)) {
        echo $row2['post_date'];
        echo '</strong></td></tr></table>';
        echo '<table border="1" bgcolor="#FBFBEF" width="100%" height="20"><tr><td align="center" valign="top" height="20"><strong> Post By :<strong></td><td width="85%" ><strong>';
        echo $row['title'];
        echo '</strong></td></tr>';
        echo '<tr><td align="center" valign="top"><strong>';
        $query3 = "select * from user_login where email='" . $row2['post_by_user'] . "'";
        $result3 = mysql_query($query3);
        $row3 = mysql_fetch_array($result3);
        echo '<br>' . $row3['first_name'] . ' ' . $row3['last_name'];

        echo '</strong></td><td align="left" valign="top" height=200>';
        //displaying list comment
        echo '<p>' . $row2['description'] . '</p><hr>';
    }
}
?>
</td>
</tr>

Very Important: You are highly prone to SQL-Injection. Please at-least sanitize your input before feeding to SQL. Also you are using depreciated mysql_* functions. Instead, use the MySQLi or PDO_MySQL extension.

Side note: errors are inversely proportional to readability of your code. and maintainability is proportional to square of readability.

Edit: If you want echo $row2['post_date'] only once for the loop you can use the loop like this. This will print post_date of the first row only.

if ($row) {
    echo '</strong></td><td  align="center" valign="top"><strong><?php ';
    $query2 = "select * from comment where topic_id=" . $_REQUEST['topic'];
    $result2 = mysql_query($query2);
    $row2 = mysql_fetch_array($result2);
    if ($row2) {
        echo $row2['post_date'];
        do {
            echo '</strong></td></tr></table>';
            echo '<table border="1" bgcolor="#FBFBEF" width="100%" height="20"><tr><td align="center" valign="top" height="20"><strong> Post By :<strong></td><td width="85%" ><strong>';
            echo $row['title'];
            echo '</strong></td></tr>';
            echo '<tr><td align="center" valign="top"><strong>';
            $query3 = "select * from user_login where email='" . $row2['post_by_user'] . "'";
            $result3 = mysql_query($query3);
            $row3 = mysql_fetch_array($result3);
            echo '<br>' . $row3['first_name'] . ' ' . $row3['last_name'];

            echo '</strong></td><td align="left" valign="top" height=200>';
            //displaying list comment
            echo '<p>' . $row2['description'] . '</p><hr>';
        } while($row2 = mysql_fetch_array($result2));
    }
}
bansi
  • 55,591
  • 6
  • 41
  • 52
  • thx for the answer, but the date is still on the loop, how can put the date outside of the loop ? echo $row2['post_date']; this code above while ($row2 = mysql_fetch_array($result2)) { ?? – ven ray Dec 05 '14 at 04:02
  • do you mean `echo $row2['post_date']` only once for the loop? – bansi Dec 05 '14 at 04:46
0

Aside from the errors in your code you also have several SQL injection vulnerabilities and unescaped output vulnerabilities.

  1. Your $result2 variable is being assigned inside you do/while loop. That means that at each iteration of the loop it is being overwritten. This will never result in more than one iteration's worth of output.

  2. You need to spend some time becoming more familiar with PHP, databases (in your case MySQL), and the nature of SQL injection.

Here is your code, reworked to address your logic problem and the SQL injection vulnerabilities. You'll need to take some time to understand and then address the problems with outputting unescaped user input.

  <?php

  // You will need to define $dbConnection per the MySQLi API.
  // http://php.net/manual/en/book.mysqli.php
  include 'connection.php';

  echo '<table border="1" bgcolor="#FBFBEF" width="100%" height="20"><tr>';
  echo '<td width="80%" height="20"><strong>Thread :';

  $stmt = $dbConnection->prepare('select title from topic where topic_id = ?');
  $stmt->bind_param('s', $_REQUEST['topic']);

  $result = $stmt->get_result();
  $row = $result->fetch_assoc();

  echo $row['title'];

  if ($row)
  {
    $query2 = "select * from comment where topic_id=".$_REQUEST['topic'];

    $stmt2 = $dbConnection->prepare('select * from comment where topic_id = ?');
    $stmt2->bind_param('s', $_REQUEST['topic']);

    $result2 = $stmt->get_result();

    while ($row2 = $result2->fetch_assoc())
    {
      echo'</strong></td><td  align="center" valign="top"><strong><?php ';
      echo $row2['post_date'];
      echo '</strong></td></tr></table>';
      echo '<table border="1" bgcolor="#FBFBEF" width="100%" height="20"><tr><td align="center" valign="top" height="20"><strong> Post By :<strong></td><td width="85%" ><strong>';
      echo $row['title'];
      echo'</strong></td></tr>';
      echo '<tr><td align="center" valign="top"><strong>';

      $stmt3 = $dbConnection->prepare('select * from user_login where email = ?');
      $stmt3->bind_param('s', $row2['post_by_user']);

      $row3 = $result3->fetch_assoc()

      echo '<br>' . $row3['first_name'] . ' ' . $row3['last_name'];

      echo '</strong></td><td align="left" valign="top" height=200>';
      //displaying list comment
      echo '<p>'.$row2['description'].'</p><hr>';
    }
  }
  ?>
  </td>
</tr>
Community
  • 1
  • 1
A. R. Younce
  • 1,913
  • 17
  • 22
  • the sir for the code, but i cant understand most the code u change, still a newbie,maybe i have to learn more here .thx! – ven ray Dec 05 '14 at 04:03
0

You have used $result2 in while loop condition, change it to $result to get things working 

while($row=mysql_fetch_array($result));
Pankaj
  • 571
  • 5
  • 20