-5

A rather complicated scenario. Blog script post.php, has a form to submit comment to article title that was clicked on and is displayed to user. This is the form portion of script:

$id = (int) $_GET['id']; //at beginning of script - obtained from title clicked on by user

        <form action="post.php?id=<?php echo $id; ?>" method="post">
<?php
    if ($logged == 'No') {
        $guest = 'Yes';
?>
                        <label for="name"><i class="fa fa-user"></i> Your Name:</label>
                        <input type="text" name="author" value="" class="form-control" required />
                        <br />
<?php
    }
?>
                        <label for="input-message"><i class="fa fa-comment"></i> Comment:&nbsp;&nbsp;(255 character limit including spaces and punctuation)</label>
                        <textarea id="mylmnt" maxlength="255" name="message" rows="5" class="form-control" required></textarea>
                        <b><span id="mylmntLeft"></span></b>
                        <br />

And this is the db insert portion of script:

                $runq = mysqli_query($connect, "INSERT INTO `comments` (`post_id`, `comment`, `user_id`, `date`, `time`, `guest`) VALUES ('$row[id]', '$comment', '$author', '$date', '$time', '$guest')");
                echo '<div class="alert alert-success">Your comment has been successfully posted</div>';

After this is my html template to send emails to subscribers that a new comment has been posted. This all works fine. After my template there is this line:

          }
                echo '<meta http-equiv="refresh" content="0;url=post.php?id=' . $row['id'] . '#comments">';

This refreshes the post.php page and jumps down the the #comment section. My problem is that the new comment that was just posted is not showing. The only way so far to see it is to hit browser reload button. I know that to accomplish what I need I have to use ajax and jquery but I have no idea how to do that and where things should go. I've read and studied many many tutorials and code postings but none of it has helped me to even get started with a solution.

I've tried window.location.reload(); and window.location.reload(true); which hasn't worked. As I've already said I have no idea how to use ajax and jquery to solve this.

veeger9
  • 1
  • 4
  • 2
    **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Jun 09 '23 at 15:43
  • You can redirect the user to the page (with the new comment) after the comment has been saved to the database, see [`header`](https://www.php.net/manual/en/function.header.php), you don't need Javascript for that. – A.L Jun 09 '23 at 15:54
  • @Dharmon I did not write this code. It is a blog script that I bought. – veeger9 Jun 09 '23 at 17:08
  • 2
    Then you should ask either ask them for a fix or a refund. – Sammitch Jun 09 '23 at 18:02
  • Your code is messy, but what are you asking for has an answer in the PHP header function. Please google how to use the PHP header function... You can pass the blog post id available in `$_GET['id']` int to the header function. – Murtaza Bhurgri Jun 09 '23 at 18:43
  • It looks like you are using some really bad tutorial. I highly encourage you to find something better. If you are only starting to learn PHP then you should learn PDO instead of mysqli. PDO is much easier and more suitable for beginners. Start here https://phpdelusions.net/pdo & https://websitebeaver.com/php-pdo-prepared-statements-to-prevent-sql-injection. Here are some good video tutorials https://youtu.be/2eebptXfEvw & https://www.youtube.com/watch?v=sVbEyFZKgqk&list=PLr3d3QYzkw2xabQRUpcZ_IBk9W50M9pe- – Dharman Jun 09 '23 at 19:31
  • @Bhurgri: I already tried the PHP header function and it doesn't work. Error log tells me Headers cannot be Modified: headers already sent by blah blah blah... – veeger9 Jun 09 '23 at 20:31
  • @Dharman: It's a very nice blog system and I like it very much besides, it was only $20 however, I will study phpdelusions.net and learn PDO programming. I am most familiar with MySQL not MySQLi. I've been running sites using PHP-Fusion for over 12 years now which IS PDO based. I bought the rights to these scripts so maybe I'll try to do a FULL conversion to PDO. Might take me a long time. Thanks for your suggestions and input. – veeger9 Jun 09 '23 at 20:39
  • If anyone cares to see this blog system this is my url: https://blog.trans-galactic.com – veeger9 Jun 09 '23 at 20:42
  • 1
    "*it was only $20 however*" You overpaid $40. Trust me. You must either fix all the issues such as the glaring SQL injection, or get a better blog system. – Dharman Jun 09 '23 at 20:56

1 Answers1

0

Well my friend that I work closely with who also runs this blog software, has found the solution to my/our problem. But first let me say that the core file which I never showed provides all of the input sanitation so the scripts are actually pretty safe. The answer to the posted problem is this. <form action="post.php?id=<?php echo $id, $_SERVER['PHP_SELF']; ?>" method="post"> new comment is now shown after Submit. Thanks to everyone who tried to help.

veeger9
  • 1
  • 4