A real time commenting system

Question

I am making a news feed something like Facebook and other social media platform. For this, I am making a commenting section for each post on the page. I am trying to make the commenting section live (real time), so that when a comment is posted, the page does not refresh.

I know that the commenting system works because I did a test without real time feature (without the use of any form of javascript code).

The following is my code in brief....i only posted what I believe is necessary based on my issue.

  function getposts ()
  {
  global $con;

  $getposts = "SELECT * FROM posts";
  if ($result = $con->query($getposts)) {


    while ($row1 = $result->fetch_assoc()) {

        $postid = $row1['post_id'];

?>
    <form action='comments_ins.php' method='post' id='reply'>
            <input type="hidden" value="<?php echo $postid;?>" 
            name="postid"/>
            <textarea name="comment" id="comment" class="cmt_form" 
           placeholder="Type a commmment here..."></textarea>
           <input type='submit' name='reply' value='Comment'/>
     </form>

  <?php

     }
   }
  }
  ?>

Also, the above script i stored in a file given a name of functions. File is php file. The following code is stored in a different file that is named as home where the functions file is included:

   <?php include("functions.php"); ?>

   <?php getposts ();?>

So, as indicated earlier, the above code works well. Now, I have slightly altered the code to make attempts to have the comment system be real time. The following is the altered code:

  function getposts ()
  {
  global $con;

  $getposts = "SELECT * FROM posts";
  if ($result = $con->query($getposts)) {


    while ($row1 = $result->fetch_assoc()) {

        $postid = $row1['post_id'];

?>
    <form method='post' id='reply'>
            <input type="hidden" value="<?php echo $postid;?>" 
            name="postid" id="postid" />
            <textarea name="comment" id="comment" class="cmt_form" 
           placeholder="Type a commmment here..."></textarea>
           <input type='submit' name='reply' value='Comment'/>
     </form>

  <?php

     }
   }
  }
  ?>


  //in addition to the java to make it real time

  <script type="text/javascript">
  $(document).ready(function() {
  $(".cmt_form").keypress(function(evt) {
    if(evt.which == 13) {
            var postid = $("#postid").val();
            var body = $("#comment").val();

            $.post("comments_ins.php", { postid: postid, comment: body},
    function(data) {
     $('.log').html(data);
     $('#reply')[0].reset();
     });
     }
     });
     });
    </script>

The above java I included in the same functions.php file but outside of the php tags, not being in any loops. The home file is just the same..no changes.

Finally, the following code is the php file that inserts the comment into the database. File name as seen on previous codes: comments_ins.php

  $comment1 = ($_POST['comment']);
  $post_id = $_POST['postid'];
  global $userId;
  $insert1 = "insert into comments (post_id,user_id,comment,date) values 
  ('$post_id','$userId','$comment1',NOW())";
  $run1 = mysqli_query($con,$insert1);

The above code works to an extent only:

it's not posting the correct postid value to the database. It's only posting postid 1 even though i commented on another post with a different id number.
Also, it's not inputting the comment into the comment field in the database. I see an empty space..no text.
Finally, the output is some crazy output after posting the comment: some strange numbers and some nonsense.

What have i done wrong?

Please help

Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php) prepared statements with bound parameters as described in [**this post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). — Alex Howansky, May 26 '17 at 19:52
The only "real time" feature seems to be posting comments via ajax? Is that what you wanted to do? Not other people's comments appearing on _your_ page as _they_ post them? — Sergio Tulentsev, May 26 '17 at 19:55
I have no idea about your third problem, but your first two problems are caused by you having multiple elements with the same ids, `#postid` and `#comment`, because you render a comment form for each post and use the same ids for the inputs. Element ids must be unique within the page. — Sergio Tulentsev, May 26 '17 at 19:58
@LukasMeine, "If my mother had wheels she would have been a bike". — apires, May 26 '17 at 20:09
People, kindly focus on answering my questions. I am aware that the code is vulnerable to SQL injections....but that's not what i want to touch on right now.....Did you see that i called javascript java in the CODE BODY? Point it out... postid and comment id is within a loop..hence it change after each loop cycle...i did mention that the code works without real time.. — maraj, May 27 '17 at 05:14
what do you mean, "ids change after each loop cycle". Nope, they very much don't change. Open your page with "show source" feature of your browser. You'll see multiple elements with `id="postid"`. You can't have that. — Sergio Tulentsev, May 27 '17 at 05:25
Sergeo, if the value of the id does change, then tell me why does it work without real time? And if you know a better solution, this is what I am asking for. You are telling me that the id does not change and other sorts..., if you know a better solution i think you would have posted it from start...since i asked for help. — maraj, May 27 '17 at 16:37

A real time commenting system

0 Answers0