Php / mysqli forum

Question

So i'm pretty new to MySqli and PHP and I'm trying to create a forum. I'm now stuck at this point, I get the forum to show my "boards" and "threads" but it shows the same threads on every board. Also, no matter which thread i click on it always takes me to the same one. This is the code for my view-thread.php.

<?php
include 'forumdb.php';
$board_id = $_GET['board_id'];
$thread_id = $_GET['thread_id'];

$get_board = $mysqli->query("SELECT * FROM boards WHERE board_id = $board_id");
$board_data = $get_board->fetch_assoc();

$get_thread = $mysqli->query("SELECT * FROM threads WHERE thread_id = $thread_id");
$thread_data = $get_thread->fetch_assoc();
?>
<!DOCTYPE html>
<html>
<head>
<title><?php echo $thread_data['thread_title'] ?></title>
</head>
<body>
<a href="forum.php">Home</a> | <a href="view-board.php?board_id=<?php echo $board_id ?>"><?php echo $board_data['board_name'] ?></a> | <b><?php echo $thread_data['thread_title'] ?></b><br><br>
Title: <b><?php echo $thread_data['thread_title'] ?></b><br><br>
<b>Content:</b><br>
<?php echo $thread_data['thread_content'] ?>
</body>
</html>

And this is my code for my view-board.php

<?php
include 'forumdb.php';
$board_id = $_GET['board_id'];
$get_board = $mysqli->query("SELECT * FROM boards WHERE board_id = $board_id");
$board_data = $get_board->fetch_assoc();
?>
<!DOCTYPE html>
<html>
<head>
<title><?php echo $board_data['board_name'] ?></title>
</head>
<body>
<a href="forum.php">Home</a> | <b><?php echo $board_data['board_name']; ?></b><br><br>
<a href="add-thread.php?board_id=<?php echo $board_id ?>">Post New Thread</a><br><br>
<?php
$threads = $mysqli->query("SELECT * FROM threads WHERE board_id = $board_id");
while ($thread_data = $threads->fetch_assoc()) { ?>
<b>#<?php echo $thread_data['thread_id'] ?></b> <a href="view-thread.php?thread_id=<?php echo $thread_data['thread_id'] ?>&board_id=<?php echo $board_id ?>"><?php echo $thread_data['thread_title'] ?></a>
<?php }
if ($threads->num_rows == null) {
echo '<br><br>no threads posted yet';
}
?>
</body>
</html>

before you get deeper see first https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php because your code is **vulnerable** to **sql injection** — nbk, Apr 12 '21 at 20:52
Before anyone comments about vulnerabilty. This project isn't supposed to be secure. Focus on my questions and not on anything else. — Oskar Andersson, Apr 12 '21 at 20:55
Can you guys please help me with this instead of chatting with me hahaha. Thanks in advance! — Oskar Andersson, Apr 12 '21 at 21:04
no vulnerability is a apoimnt that must be in imind always. fpor your problem, how should we know hiw your tabkles are structured orr how you defined the relationship betweeen borad and threads. usually you have a coulmn board_ud in threads which has the information to which it belongs. — nbk, Apr 12 '21 at 21:08
If you look at it with View Source, do you see the correct thread IDs in the `` elements? — Barmar, Apr 12 '21 at 21:09
@nbk It looks like he does: `SELECT * FROM threads WHERE board_id = $board_id` — Barmar, Apr 12 '21 at 21:10
Is `thread_id` the primary key of `threads`? Or do reuse thread IDs in different boards? — Barmar, Apr 12 '21 at 21:12
Please first fix SQL injection. Only then we can look into any other issue — Dharman, Apr 12 '21 at 21:13
I don't get why `view-board.php` is looping over the threads, but `view-thread.php` is not doing so? — Chris Haas, Apr 12 '21 at 21:30
Lack of parametrised queries can result in other problems too apart from security issues, it can cause crashes due to unescaped inputs. It's 100% worth fixing. — ADyson, Apr 12 '21 at 21:54
`i'm pretty new to MySqli and PHP` ... `I'm trying to create a forum`. Don't bite off more than you can chew. This is not meant to be discouraging, just realistic. There's a lot to know in order to create a usable forum app, even if your goals are relatively modest. Focus on learning some of the core skills and programming concepts through simpler, discrete examples and mini-projects. It seems, judging from some of the code and comments that you've skipped that part and gone straight to "build something cool", and then inevitably become bogged down in the complexity. — ADyson, Apr 12 '21 at 21:57

score 2 · Accepted Answer · answered Apr 12 '21 at 21:51

I know you said that you don't want us to focus on the security problems, so I'll leave that alone. In fact, if you're just starting, I'd remove the database completely and just focus on raw PHP first. I'm honestly not joking about that, either. You are combining a lot of things together, PHP, MySQL, HTTP and HTML, and sometimes you can get lost when you jump between things.

Instead, in your forumdb.php file, for now, just use a couple of global variables. We generally want to avoid them, but they both remove a complication, and also allow all of us to see all of the data in the system. We can't debug what we can't see.

global $boards;
global $threads;

$boards = [
    [
        'board_id' => 1,
        'board_name' => 'Board #1',
    ],
    [
        'board_id' => 2,
        'board_name' => 'Board #2',
    ]
];

$threads = [
    [
        'thread_id ' => 1,
        'board_id' => 2,
        'thread_title' => 'Thread title #1',
        'thread_content' => 'Content',
    ],
    [
        'thread_id ' => 2,
        'board_id' => 1,
        'thread_title' => 'Thread title #2',
        'thread_content' => 'Content',
    ],
    [
        'thread_id ' => 3,
        'board_id' => 2,
        'thread_title' => 'Thread title #3',
        'thread_content' => 'Content',
    ],
    [
        'thread_id ' => 4,
        'board_id' => 1,
        'thread_title' => 'Thread title #4',
        'thread_content' => 'Content',
    ],
];

Then just make a couple of helper functions:

function get_board(int $board_id): ?array
{
    global $boards;
    foreach ($boards as $board) {
        if ($board['board_id'] === $board_id) {
            return $board;
        }
    }
    return null;
}

function get_threads_by_board_id(int $board_id): array
{
    global $threads;
    $ret = [];
    foreach ($threads as $thread) {
        if ($thread['board_id'] === $board_id) {
            $ret[] = $thread;
        }
    }
    return $ret;
}

These function will search by an ID and for boards, either return null or an array, and for threads return all that match that ID. The rest of your code can generally stay the say. Don't bother adding extra fields right now, just get your loops working.

The benefit of doing it this way, too, is that once it starts working, it is really easy to change the functions over to database versions, without changing your code much.

Php / mysqli forum

1 Answers1