Renegade Public Forums
C&C: Renegade --> Dying since 2003™, resurrected in 2024!
Home » Technical Support » Other » PHP issue
Re: PHP issue [message #439892 is a reply to message #438943] Mon, 22 November 2010 09:56 Go to previous messageGo to next message
danpaul88 is currently offline  danpaul88
Messages: 5795
Registered: June 2004
Location: England
Karma: 0
General (5 Stars)
htmlspecialchars converts characters to their HTML equivilents, so outputting them to a HTML document like that should render them correctly without needing to make any further modifications to the values.


For example,

echo "<p>Thing &amp; another thing</p>";


Would appear something like this;

Thing & another thing


The idea of htmlspecialchars is to convert characters to HTML safe equivilents whilst ensuring they still output correctly. If they are outputting as &amp;, &gt; etc then you are either calling htmlspecialchars multiple times or are not checking whether magic quotes are enabled before calling htmlspecialchars.


http://steamsignature.com/card/1/76561197975867233.png

[Updated on: Mon, 22 November 2010 09:57]

Report message to a moderator

Re: PHP issue [message #440909 is a reply to message #438943] Mon, 06 December 2010 09:13 Go to previous messageGo to next message
cnc95fan is currently offline  cnc95fan
Messages: 1261
Registered: July 2007
Karma: 0
General (1 Star)
Back here again...
I started working on making mysql query's more efficient as they seem to suck at the moment but that is another story.

To put it bluntly I am obviously missing some function that I do not know about.
I have a delete button for a comment (which is inputted by a user), the thing is these comments are echoed with an array, and I do not know how to pinpoint each number from the array to each comment.
page1.php
$commentquery = mysql_query("SELECT * FROM comments WHERE reciptent = '".$id."'ORDER BY TIMESTAMP DESC");
while($get_comment_array = mysql_fetch_array($commentquery))
{
$sender = $get_comment_array['sender'];
$senderid = mysql_query("SELECT * FROM members WHERE uid = '".$sender."'");
$memberarray = mysql_fetch_array($senderid);
$sendername = $memberarray['fullname'];
$_SESSION['cid'] = $get_comment_array['commentid'];
$recepitent = $get_comment_array['reciptent'];
$message = $get_comment_array['message'];
$timeofwriting = $get_comment_array['TIMESTAMP'];
	echo "<div class='comments'>";	
	echo "<a style='color:blue;text-decoration:underline;' href='profile.php?id=".$sender."'>".$sendername."</a>" . " ". $message ." <a style='float:right' href='comment.php?type=member&action=del'><img src='delmessage.jpg'/></a>"."<span style='font-size:12px;color:grey;'>".$timeofwriting. . "</span>";
	echo "</div>";
}
echo "<div class='comments'>";
$_SESSION['tid'] = $id;
//$id == $_GET['id']

page2.php (this is the deleting page)
if($_GET['type'] == "member" && $_GET['action'] == "del")
{
	mysql_select_db("user");
$cid = $_SESSION['cid'];
$delquery = mysql_query("DELETE FROM comments where commentid = '".$cid."' AND  sender = '".$uid."'OR reciptent = '".$uid."'")or die(mysql_error());	
header("Location: page1.php?id=".$tid."");
}

[Updated on: Mon, 06 December 2010 09:14]

Report message to a moderator

Re: PHP issue [message #440914 is a reply to message #438943] Mon, 06 December 2010 10:00 Go to previous messageGo to next message
danpaul88 is currently offline  danpaul88
Messages: 5795
Registered: June 2004
Location: England
Karma: 0
General (5 Stars)
OK, the problem here is simple. Your setting the a session variable with the comment ID in... except you load MULTIPLE comments, so each comment overwrites the ID the previous one set, so if you use this variable on page2 to delete a comment it will ALWAYS delete the last comment loaded.

You should instead pass the comment ID to be deleted as a parameter to the delete page and use the $_GET array to obtain it's value.


I have modified your code fragments below, look at the changes and you should be able to work out whats happening.


$commentquery = mysql_query("SELECT * FROM comments WHERE reciptent = '".$id."'ORDER BY TIMESTAMP DESC");
while($get_comment_array = mysql_fetch_array($commentquery))
{
$sender = $get_comment_array['sender'];
$senderid = mysql_query("SELECT * FROM members WHERE uid = '".$sender."'");
$memberarray = mysql_fetch_array($senderid);
$sendername = $memberarray['fullname'];
$commentid = $get_comment_array['commentid'];
$recepitent = $get_comment_array['reciptent'];
$message = $get_comment_array['message'];
$timeofwriting = $get_comment_array['TIMESTAMP'];
	echo "<div class='comments'>";	
	echo "<a style='color:blue;text-decoration:underline;' href='profile.php?id=".$sender."'>".$sendername."</a>" . " ". $message ." <a style='float:right' href='comment.php?type=member&action=del&amp;cid=".$commentid."'><img src='delmessage.jpg'/></a>"."<span style='font-size:12px;color:grey;'>".$timeofwriting. . "</span>";
	echo "</div>";
}
echo "<div class='comments'>";
$_SESSION['tid'] = $id;
//$id == $_GET['id']


page2.php (this is the deleting page)
if($_GET['type'] == "member" && $_GET['action'] == "del")
{
	mysql_select_db("user");
$cid = $_GET['cid'];
$delquery = mysql_query("DELETE FROM comments where commentid = '".$cid."' AND  sender = '".$uid."'OR reciptent = '".$uid."'")or die(mysql_error());	
header("Location: page1.php?id=".$tid."");
}




Also, I am interested to know where page2.php gets the values of $uid and $tid from, as they are not set in that code fragment. I assume you do set theirs value correctly elsewhere in the script?


http://steamsignature.com/card/1/76561197975867233.png
Re: PHP issue [message #440925 is a reply to message #438943] Mon, 06 December 2010 11:30 Go to previous messageGo to next message
cnc95fan is currently offline  cnc95fan
Messages: 1261
Registered: July 2007
Karma: 0
General (1 Star)
Yeah they are set at the top of the script with mysql_connect() and session_start() etc;
With those modifications it still does the same thing strangely :/, although I could see where you are going with it.
Re: PHP issue [message #440970 is a reply to message #438943] Mon, 06 December 2010 15:45 Go to previous messageGo to next message
danpaul88 is currently offline  danpaul88
Messages: 5795
Registered: June 2004
Location: England
Karma: 0
General (5 Stars)
You haven't actually told us WHAT it's currently doing which might help people find the cause of the problem. I just took a quick look at it earlier and pointed out the obvious issues.

http://steamsignature.com/card/1/76561197975867233.png
Re: PHP issue [message #440971 is a reply to message #438943] Mon, 06 December 2010 15:56 Go to previous messageGo to next message
cnc95fan is currently offline  cnc95fan
Messages: 1261
Registered: July 2007
Karma: 0
General (1 Star)
The script reads from table "comments" based on the users id.
It then echos out these comments (which are collected in an array).

I'm trying to create a way of deleting a particular comment, so I created that session to store that comment id, where page2 reads that id and deletes it from the comments page, based on that id (provided the sender or the person whose page is the one deleting it)

As I said there's probably a much better way of doing this since I only started to look into MySQL query optimization last night
Re: PHP issue [message #441002 is a reply to message #438943] Tue, 07 December 2010 05:33 Go to previous messageGo to next message
danpaul88 is currently offline  danpaul88
Messages: 5795
Registered: June 2004
Location: England
Karma: 0
General (5 Stars)
No, I mean what the RESULT of the code is at the moment, compared to what you EXPECT it to do.

IE: Does it give a mysql error? Does it format your C: drive? Etc?


EDIT;
And, as previously stated, session variables are NOT the right way to go about that. Sessions should be used for variables which persist for the duration of a session, such as the currently logged in user ID and any preferences they have set, such as their preferred font colour.

To pass a variable from one page to another, after which it is no longer needed, use GET (in the address string) or POST (submitted from a form with method POST).


http://steamsignature.com/card/1/76561197975867233.png

[Updated on: Tue, 07 December 2010 05:35]

Report message to a moderator

Re: PHP issue [message #441005 is a reply to message #438943] Tue, 07 December 2010 06:09 Go to previous messageGo to next message
cnc95fan is currently offline  cnc95fan
Messages: 1261
Registered: July 2007
Karma: 0
General (1 Star)
I want it to delete a specific comment, whilst at the moment it deletes them all (provided there is more than 1 comment on the page)
Is there a way to pass variables without using a form?
Re: PHP issue [message #441026 is a reply to message #438943] Tue, 07 December 2010 11:26 Go to previous messageGo to next message
danpaul88 is currently offline  danpaul88
Messages: 5795
Registered: June 2004
Location: England
Karma: 0
General (5 Stars)
Yes, I showed you how to do that in the modified samples above. Add the ID to the address of the page you are linking to (page.php?action=delete&id=5 for example) and then use $_GET['id'] to get the value of that parameter.

As I said before, if you look at the difference between the code I posted and your original code you will see what was changed, this being one of those things.


http://steamsignature.com/card/1/76561197975867233.png
Re: PHP issue [message #441028 is a reply to message #438943] Tue, 07 December 2010 11:52 Go to previous messageGo to next message
cnc95fan is currently offline  cnc95fan
Messages: 1261
Registered: July 2007
Karma: 0
General (1 Star)
Aye I'm aware of that and indeed I saw the changes you made;
The changes did not work, but I did a bit of messing about there and oddly enough, removing
sender = '".$uid."'OR
seems to work...
Re: PHP issue [message #441029 is a reply to message #438943] Tue, 07 December 2010 11:56 Go to previous messageGo to next message
danpaul88 is currently offline  danpaul88
Messages: 5795
Registered: June 2004
Location: England
Karma: 0
General (5 Stars)
Ah, yes, your MySQL query has faulty logic.

You had;

Condition1 AND Condition2 OR Condition3

Which will always be true if Condition3 is true.


What you probably wanted was

Condition1 AND (Condition2 OR Condition3)

Which would be true if Condition1 was true and ONE of Condition2 or Condition3 were true.


http://steamsignature.com/card/1/76561197975867233.png
Re: PHP issue [message #441030 is a reply to message #438943] Tue, 07 December 2010 11:58 Go to previous messageGo to next message
cnc95fan is currently offline  cnc95fan
Messages: 1261
Registered: July 2007
Karma: 0
General (1 Star)
Brackets ftw then?
How would you go about learning how to make efficient queries? W3schools seem to only go so far and there's a lot of red in the status page on phpmyadmin...
Re: PHP issue [message #443607 is a reply to message #438943] Sun, 06 February 2011 10:14 Go to previous message
cnc95fan is currently offline  cnc95fan
Messages: 1261
Registered: July 2007
Karma: 0
General (1 Star)
Anyone have any idea why mysql_real_escape_string() would effect my post data? Without it the queries execute fine but with it the variables which hold the POST data don't contain anything...
EDIT:
Never mind, I had the DB Connection after I escaped the data......

[Updated on: Sun, 06 February 2011 10:17]

Report message to a moderator

Previous Topic: GameSpy
Next Topic: Generals... AGAIN
Goto Forum:
  


Current Time: Thu Nov 21 23:28:54 MST 2024

Total time taken to generate the page: 0.01120 seconds