1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Where did I do wrong?

Discussion in 'PHP' started by sarac93, Apr 24, 2018.

  1. #2
    <?php
    ini_set('display_errors', 1);
    
    $host = "localhost";
    $username = "root";
    $password = "mypass123";
    $databasename = "comments";
    $connect = mysqli_connect($host, $username, $password, $databasename);
    
    if(isset($_POST['user_comm']) && isset($_POST['user_name']))
    {
      $comment = $_POST['user_comm'];
      $name = $_POST['user_name'];
    
      $insert = "insert into comments values('', '$name', '$comment', CURRENT_TIMESTAMP)";
      $runInsert = mysqli_query($connect, $insert);
      $select=mysqli_query("SELECT name, comment, post_time FROM comments where name='$name' and comment='$comment'");
      $result = mysqli_query($connect, $select);
    
      if($row = mysqli_fetch_assoc($result)) {
        $name = $row['name'];
        $comment = $row['comment'];
      $time = $row['post_time'];
      ?>
      <div class="comment_div">
      <p class="comment"><?php echo $comment;?></p>
      <p class="name">by: <?php echo $name;?></p>  
        <p class="time"><?php echo $time;?></p>
        </div>
      <?php
      }
    
    exit;
    }
    ?>
    PHP:
    There's multiple errors because of:
    $select=mysqli_query("SELECT name, comment, post_time FROM comments where name='$name' and comment='$comment'");
    SEMrush
    the errors are:
    Warning: mysqli_query() expects at least 2 parameters, 1 given in C:\laragon\www\9\post_comment.php on line 17
    
    Warning: mysqli_query(): Empty query in C:\laragon\www\9\post_comment.php on line 18
    
    Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given in C:\laragon\www\9\post_comment.php on line 20
    
    Fatal error: Uncaught Error: Call to undefined function mysql_query() in C:\laragon\www\9\post_comment.php:17 Stack trace: #0 {main} thrown in C:\laragon\www\9\post_comment.php on line 17
    
    Warning: mysqli_query() expects at least 2 parameters, 1 given in C:\laragon\www\9\post_comment.php on line 17
    
    Warning: mysqli_query(): Empty query in C:\laragon\www\9\post_comment.php on line 18
    
    Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given in C:\laragon\www\9\post_comment.php on line 20
    
    Fatal error: Uncaught Error: Call to undefined function mysql_query() in C:\laragon\www\9\post_comment.php:17 Stack trace: #0 {main} thrown in C:\laragon\www\9\post_comment.php on line 17
    
    Fatal error: Uncaught Error: Call to undefined function mysql_query() in C:\laragon\www\9\post_comment.php:17 Stack trace: #0 {main} thrown in C:\laragon\www\9\post_comment.php on line 17
    
    Parse error: syntax error, unexpected '$comment' (T_VARIABLE), expecting ',' or ')' in C:\laragon\www\9\post_comment.php on line 17
    
    Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given in C:\laragon\www\9\index.php on line 45
    Code (markup):
     
    Last edited by a moderator: Apr 29, 2018
    sarac93, Apr 24, 2018 IP
    SEMrush
  2. phpmillion

    phpmillion Member

    Messages:
    145
    Likes Received:
    11
    Best Answers:
    4
    Trophy Points:
    45
    #3
    These error messages are self-explanatory, so there;s not much we can help about this because error message itself provides detailed instructions on how to fix the issue. For example:

    mysqli_query() expects at least 2 parameters, 1 given
    Code (markup):
    It means you should provide function with 2 arguments, but you only provided one. In order to fix the issue, add one more argument. You executed the same function perfectly on lines 15 and 16, just do the same on lines 17 and 18 now.

    Call to undefined function mysql_query()
    Code (markup):
    I don't see this function in your code, so I guess it comes from another file. But this one is self-explanatory too - it indicates that mysql_ function is not available. In short, it was removed from modern versions of PHP and replace with mysqli. Hence, you should always use mysqli_ instead of mysql_ to work with databases.
     
    phpmillion, Apr 24, 2018 IP
  3. JEET

    JEET Notable Member

    Messages:
    2,608
    Likes Received:
    187
    Best Answers:
    4
    Trophy Points:
    215
    #4
    Try this.

    $connect = mysqli_connect($host, $username, $password, $databasename);
    $select= "SELECT name, comment, post_time FROM comments where name='$name' and comment='$comment'";
    $result = mysqli_query($connect, $select);
     
    JEET, Apr 27, 2018 IP
  4. deathshadow

    deathshadow Acclaimed Member

    Messages:
    9,106
    Likes Received:
    1,691
    Best Answers:
    239
    Trophy Points:
    515
    #5
    LAUGH is, even if your existing errors were fixed, the code would STILL be garbage since you're wasting time creating variables for nothing and slopping them directly into your query string. It's called prepare/bind_param/execute, USE IT! (though bind_param and mysqli_stmt being such crap it's part of why I favor PDO)

    A LOT of your errors wouldn't even exist if you used the object method (aka proper use) of mysqli instead of the halfwitted crutch that are the procedural models. (another reason I favor PDO, it doesn't have that crap)

    What I THINK you're trying to do is this (warning, may have typos)

    
    <?php
    ini_set('display_errors', 1);
    
    $conn = new mysqli(
    	'localhost',
    	'root',
    	'mypass123',
    	'comments'
    );
    
    if (
    	array_key_exists('user_comm', $_POST) &&
    	array_key_exists('user_name', $_POST)
    ) {
    	$stmt = $conn->prepare('
    		INSERT INTO comments (
    			name, comment, post_time
    		) VALUES (
    			?, ?, NOW()
    		)
    	');
    	$stmt->bindParam(
    		'ss',
    		$_POST['user_name'],
    		$_POST['user_comm']
    	);
    	$stmt->execute();
    	
    	$stmt = $conn->prepare('
    		SELECT name, comment, post_time
    		FROM comments
    		WHERE name = ?
    		  AND comment = ?
    	');
    	$stmt->bindParam(
    		'ss',
    		$_POST['user_name'],
    		$_POST['user_comm']
    	);
    	$stmt->execute();
    	$stmt->bind_result(
    		$user,
    		$comment,
    		$time
    	);
    	
    	if ($stmt->fetch()) {
    		// don't forget to escape/sanitize user generated values!
    		echo '
    			<div class="comment">
    				<p class="comment">', htmlspecialchars($comment), '</p>
    				<p class="name">by: ', htmlspecialchars($name), '</p> 
    				<p class="time">', $time, '</p>
    			</div>';
    	} else echo '
    		<p class="notFound">Not found after Insert?!?</p>';
    }
    // you do not need to 'exit' here, and avoid closing ?>
    
    Code (markup):
    Though again this is a wonderful case for showing how superior PDO is over mysqli:

    
    <?php
    ini_set('display_errors', 1);
    
    $db = new PDO(
    	'mysql:host=localhost;dbname=comments',
    	'root',
    	'mypass123'
    );
    
    if (
    	array_key_exists('user_comm', $_POST) &&
    	array_key_exists('user_name', $_POST)
    ) {
    	$stmt = $db->prepare('
    		INSERT INTO comments (
    			name, comment, post_time
    		) VALUES (
    			:name, :comment, NOW()
    		)
    	');
    	$stmt->execute([
    		':name' => $_POST['user_name'],
    		':comment' => $_POST['user_comm']
    	]);
    	
    	$stmt = $db->prepare('
    		SELECT name, comment, post_time
    		FROM comments
    		WHERE name = :name
    		  AND comment = :comment
    	');
    	$stmt->execute([
    		':name' => $_POST['user_name'],
    		':comment' => $_POST['user_comm']
    	]);
    	
    	if ($row = $stmt->fetch()) {
    		// don't forget to escape/sanitize user generated values!
    		echo '
    			<div class="comment">
    				<p class="comment">', htmlspecialchars($row['comment']), '</p>
    				<p class="name">by: ', htmlspecialchars($row['name']), '</p> 
    				<p class="time">', $row['post_time'], '</p>
    			</div>';
    	} else echo '
    		<p class="notFound">Not found after Insert?!?</p>';
    }
    
    // you do not need to 'exit' here, and avoid closing ?>
    
    Code (markup):
    Though if I were writing that to pull the timestamp from when it was created, I would NOT use the complex search and instead pull the ID from the insert.
    
    	$stmt = $db->prepare('
    		INSERT INTO comments (
    			name, comment, post_time
    		) VALUES (
    			:name, :comment, NOW()
    		)
    	');
    	$stmt->execute([
    		':name' => $_POST['user_name'],
    		':comment' => $_POST['user_comm']
    	]);
    	$id =$db->lastInsertId();
    	
    	$stmt = $db->prepare('
    		SELECT name, comment, post_time
    		FROM comments
    		WHERE id = ?
    	');
    	$stmt->bindParam(1, $id);
    	$stmt->execute($id);
    
    Code (markup):
    Which assuming your table as a unique ID auto-increment column would be WAY faster than a full text comparison of multiple fields. NOT that in practice I'd return the name or comment since those would still exist in $_POST so why waste memory, database, and socket connection time pulling information you already have?
     
    deathshadow, Apr 29, 2018 IP