最受欢迎

在PHP中为留言板上的消息添加注释

Adding comments to messages on message board in PHP

本文关键字:消息 添加 注释 留言板 PHP | 更新日期: 2023-09-27

我有一个简单的留言板页面,像Facebook一样工作。用户发布消息,用户可以对此消息进行评论。每条消息都发布在页面上,每条消息下面都有一个地方可以提交对该消息的评论。在我的数据库中有用于用户、消息和评论的表。

我的问题是:我如何知道我在评论哪个特定的消息,以便正确地将其传递到MySQL数据库与相应的message_id?

$comm = "INSERT INTO comments(user_id, message_id, comment, created_at, updated_at)
                    SELECT '{$_SESSION['id']}', '{$_SESSION['messages.id']}', '{$_SESSION['comment']}', NOW(), NOW()
                    FROM messages";
编辑:

$query = "SELECT users.first_name AS first_name, users.last_name AS last_name, messages.id AS mess_id,
                    messages.message AS message, DATE_FORMAT(messages.created_at, '%M %e %Y') AS time
            FROM users
            LEFT JOIN messages
            ON  users.id = messages.user_id
            ORDER BY time DESC";
            $results = fetch($query);
            foreach ($results as $row) { 
                $_SESSION['messages.id'] = $row['mess_id'];
                echo 
                    "<div class='post'>". 
                    $row['first_name']. " ". $row['last_name']. " - ". $row['time']. "<br>".
                        "<p class='mess_content'>". $row['message']. "</p>
                    </div><br>
                    <div class='posted_comm'>";
                        $query = "SELECT users.first_name AS first_name, users.last_name AS last_name, 
                                    comments.message_id, DATE_FORMAT(comments.created_at, '%M %e %Y') AS time, comments.comment AS comment
                                FROM users
                                LEFT JOIN comments
                                ON  users.id = comments.user_id
                                WHERE comments.message_id = '{$_SESSION['messages.id']}'
                                ORDER BY time ASC";
                        $results1 = fetch($query);
                        foreach ($results1 as $value) {
                            echo
                            "<div class='comments'>". 
                                $value['first_name']. " ". $value['last_name']. " - ". $value['time']. "<br>".
                                "<p class='comm_content'>". $value['comment']. "</p>
                            </div><br>";
                        }
                echo "<div class='write_comm'>
                        <form method='post' action='mess_comm.php'>
                            <input type='hidden' name='action' value='post_comm'>
                            Post a comment:<input type='text' name='comm' class='comm'>
                            <input type='submit' value='Post a comment' class='comm_sub'>
                        </form>
                    </div>";

扩展您的表单,以包含消息id作为隐藏字段:

 echo "<div class='write_comm'>
                    <form method='post' action='mess_comm.php'>
                        <input type='hidden' name='action' value='post_comm'>
                        <input type='hidden' name='message_id' value='{$row['mess_id']}'>
                        Post a comment:<input type='text' name='comm' class='comm'>
                        <input type='submit' value='Post a comment' class='comm_sub'>
                    </form>
                </div>";

然后在查询中使用id:

$comm = "INSERT INTO comments(user_id, message_id, comment, created_at, updated_at)
                VALUES ('{$_SESSION['id']}', '{$_POST['message_id']}', '{$_POST['comm']}', NOW(), NOW())";

注意:我更正了INSERT查询中的错误。您应该查看准备好的语句,现在您的代码对SQL注入是开放的。

相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习