1

So i was trying to echo the textarea so i know if it works but that doesnt work. I have created a table named posts and in there you can put Id Username and post.

But it doesnt insert anything into the table heres my code:

<?php
session_start();
$session = $_SESSION['username'];

if(!$session){
header('Location: http://wirechat.net16.net/login.php'); /* Stuur de browser naar www.site.nl */
}

?>
<html>
<head>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
<title>TWITTER RAMON</title>
<link rel='stylesheet' type='text/css' href='style.css'/>
</head>
<body>
<div id='banner'>
<table style='width:100%;'>
<tr>
<td>
<span style='font-size:24px;'><b>EGGY</b></span><?php echo $session ?>
</td>
<td width='100%' style='text-align:right;'>
<a href='index.php'>Home</a> // <a href='followers.php'>Followers Post</a> // <a href='stats.php'>Stats</a> // <a href='search.php'>Search User</a> // <a href='logout.php'>logout</a>
</td>
</tr>
</table>
</div><br/><br><br/>
<div class='div' id='post'>
<table width='100%'>
<tr>
<td width='40%'>
Post je bericht:
</td>
<td width='60%'>
Afbeeldingen&Smileys
</td>
</tr>
<form action="post.php" method="POST">
<tr>
<td><textarea cols='25' name='textarea' id='textarea' class='textarea'></textarea>
</td>
<td style='padding:20 40 10 40;'>
<div style='float:left;text-align:center;'>afbeelding</div>
<div style='float:right;text-align:center;'>smileys</div>
</td>
</tr>
</table>
<table class='submit'>
<tr>
<td>
<input type='submit' class='postbtn' name='post' value='Post je text!'/>
</td>
</tr>
</form>
</table>
</div>
<div class='post'>
<table>

</table>
</div>
</body>
</html>
<?php
$host = "------------";
$database = "------------";
$user = "-----------";
$dbpass = "---------";

if ($postbtn){
$postbtn = $_POST['post'];
$post = $_POST['textarea'];

echo htmlspecialchars($_POST['textarea']);

//$conn = mysql_connect($host, $user, $dbpass);
//mysql_select_db($database, $conn);
//mysql_query("INSERT INTO posts (Username, Post) VALUES ('".$_SESSION['username']."', '".$post."')", $conn);

echo "Posted successfuly!";
}
?>
Improve this question
2
  • 5
    You do realize your code for doing the insert is commented out, right? But that's a good thing because your code is wide open to a SQL injection attack. Commented May 13, 2014 at 17:41
  • Plus, your conditional statement (which will never fire up) is based on the $postbtn variable which isn't set nor defined. I'm guessing you're wanting to use the submit button's class name class='postbtn' which should be if(isset($_POST['post'])){...} (name='post') if anything. Commented May 13, 2014 at 17:44

2 Answers 2

Reset to default
1

You will want to place the $postbtn = $_POST['post']; line before if ($postbtn) as it will always result to false. 

$postbtn = isset($_POST['post']);
if ($postbtn){

But be careful: As John pointed out, your code is vulnerable to SQL injection attacks. You should take a look at this post how to prevent these.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

OMG im so stupid. but how can you protect it or is that an 'other question' ?
Check this post as it answers how to prevent SQL injection: stackoverflow.com/questions/60174/…
0

this is true :

$postbtn = isset($_POST['post']);

if ($postbtn){

and so :

if( !empty($_POST['post']) ) {
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.