0

So the issue i'm having is that when I click the post button nothing happens and a comment doesn't display or go to my database. I have checked for spelling mistakes and believe I have got them all.

This is my HTML form called community.php

<div class="page-container">
        <?php 
            get_total();
            require_once 'check_com.php';
        ?>

   <form action="" method="post" class="main">
        <label>Enter a Brief Comment</label>
       <textarea class="form-text" name="comment" id="comment"></textarea>
       <br />
       <input type="submit" class="form-submit" name="new_comment" value="Post">

   </form>
        <?php get_comments(); ?>

        </div>

This is my js script called global.js

$(document). ready(function() {
    $(".child-comments").hide();

$("a#children").click(function() {
    var section = $(this).attr("name");
    $("#C-" + section).toggle();
});

$(".form-submit").click(function() {
    var commentBox=  $("#comment");
    var commentCheck=  commentBox.val();
    if(commentCheck == '' || commentCheck == NULL) {
        commentBox.addClass("form-text-error");
        return false;
    }

  });

 $(".form-reply").click(function() {
    var replyBox=  $("#new-reply);
    var replyCheck=  replyBox.val();
    if(replyCheck == '' || replyCheck == NULL) {
        replyBox.addClass("form-text-error");
        return false;
    }

   });

    $("a#reply").one("click", function() {
        var comCode = $(this).attr("name");
        var parent = $(this).parent();

        parent.append("<br / ><form actions='' method='post'><textarea class='form-text' name='new-reply' id='new-reply' required='required'></textarea><input type='hidden' name='code' value='"+comCode"' /><input type='submit' class='form-submit' id='form-reply' name='new_reply' value='Reply'/></form>")
       });

   })

Check_com.php file 

<?php
// new comment fucntion
if(isset($_POST['new_comment'])) {
    $new_com_name = $_SESSION['user'];
    $new_com_text = $_POST['comment'];
    $new_com_date = date('Y-m-d H:i:s');
    $new_com_code = generateRandomString();

    if(isset($new_com_text)) {
        mysqli_query($conn, "INSERT INTO `parents` (`user`, `text`, `date`, `code`) VALUES ('$new_com_name', '$new_com_text', '$new_com_date', '$new_com_code')"); 
    }
    header ("Location: ");
}
// new reply
if(isset($_POST['new_reply'])) {
    $new_reply_name = $_SESSION['user'];
    $new_reply_text = $_POST['new-reply'];
    $new_reply_date = date('Y-m-d H:i:s');
    $new_reply_code = $_POST('code');

    if(isset($new_reply_text)) {
        mysqli_query($conn, "INSERT INTO `children` (`user`, `text`, `date`, `par_code`) VALUES ('$new_reply_name', '$new_reply_text', '$new_reply_date', '$new_reply_code')"); 
    }
    header ("Location: ");
}

?>

Functions.php File

<?php 
session_start();
$_SESSION['user'] = 'Admin';

function get_total() {
    require 'includes/dbh.inc.php';
    $result = mysqli_query($conn, "SELECT * FROM `parents` ORDER BY `date` DESC");
    $row_cnt = mysqli_num_rows($result);
    echo '<h1>All Comments ('.$row_cnt.')</h1';
}

function get_comments() {
    require 'includes/dbh.inc.php';
    $result = mysqli_query($conn, "SELECT * FROM `parents` ORDER BY `date` DESC");
    $row_cnt = mysqli_num_rows($result);

    foreach($result as $item) {
        $date = new dateTime($item['date']);
        $date = date_format($date, 'M j, Y | H:i:s');
        $user = $item['user'];
        $comment = $item['text'];
        $par_code = $item['code'];

        echo '<div class="comment" id="'.$par_code.'">'
                .'<p class="user">'.$user.'</p>&nbsp;'
                .'<p class="time">'.$date.'</p>'
                .'<p class="comment-text">'.$comment.'</p>'
                .'<a class="link-reply" id="reply" name="'.$par_code.'">Reply</a>';
        $chi_result = mysqli_query($conn, "SELECT * FROM `children` WHERE `par_code`='$par_code' ORDER BY `date` DESC");
        $chi_cnt = mysqli_num_rows($chi_result);

        if($chi_cnt == 0){
            }else {
            echo '<a class="link-reply" id="children" name="'.$par_code.'"><span id="tog_text">replies</span> ('.$chi_cnt.')</a>'
                .'<div class="child-comments" id="C-'.$par_code.'">';
            foreach ($chi_result as $com) {
                $chi_date = new dateTime($com['date']);
                $chi_date = date_format($chi_date, 'M j, Y | H:i:s');
                $chi_user = $com['user'];
                $chi_com = $com['text'];
                $chi_par = $com['par_code'];

                 echo '<div class="child" id="'.$par_code.'-C">'
                    .'<p class="user">'.$chi_user.'</p>&nbsp;'
                    .'<p class="time">'.$chi_date.'</p>'
                    .'<p class="comment-text">'.$chi_com.'</p>'
                   .'</div>';
            }
            echo '</div>';

        }
        echo '</div>';

    }
}

function generateRandomString($length = 6) {
    $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $characterLength = strlen($characters);
    $randomString = '';

    for($i = 0; $i < $length; $i++) {
        $randomString .= $characters[rand(0, $characterLenght - 1)];
    }
    return $randomString;
}
?>
James Smith
  • 17
  • 5
  • 1
    Your code is vulnerable to [**SQL injection**](https://en.wikipedia.org/wiki/SQL_injection) attacks. You should use prepared statements with bound parameters, via either [**mysqli**](https://secure.php.net/manual/en/mysqli.prepare.php) or [**PDO**](https://secure.php.net/manual/en/pdo.prepared-statements.php). [**This post**](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) has some good examples. – Alex Howansky Apr 04 '18 at 14:44
  • add `session_start();` to your `Check_com.php file` –  Apr 04 '18 at 14:46
  • I get this error when adding session_start(); - Notice: session_start(): A session had already been started - ignoring in C:\Xampp\htdocs\website2\check_com.php on line 2 – James Smith Apr 04 '18 at 14:56

1 Answers1

-1

Either remove action="" or change it to action="community.php"

Matt Jenkins
  • 11
  • 1