Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

0

News Comments problem

Started by Matt L, Aug 16 2008 06:38 PM

You cannot reply to this topic
Go to first unread post

5 replies to this topic

#1 Matt L

Young Padawan

Members
272 posts

Gender:Male
Location:Newcastle

Posted 16 August 2008 - 06:38 PM

Right, it's been a while since I've posted here but I could do with a little help on a site I'm working on. I'm trying to do News Comments and have only the registered users able to post comments and on the main page be able to see how many comments are on each post. I've hit a couple of problems with this. One being that when logged in, the front page with the news gets a mysql error.

Quote

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Now here's the code for the shownews.php file which is being brought in as the index content.

<?php
include('dbconnect.php');
include('check.php');
  $sql = mysql_query("SELECT * FROM `news` ORDER BY `id` DESC LIMIT 10") or die(mysql_error());
  while ($results = mysql_fetch_array($sql)) {
	if (mysql_num_rows($sql) == 0) {
		echo("Sorry, no news at the moment. Check back later!");
		}
	else {
		$commentcheck = mysql_query("SELECT * FROM `newscomments` WHERE newsid=$id") or die(mysql_error());
		$comments = mysql_num_rows($commentcheck);
		$id = $results['id'];
		$title = $results['title'];
		$user = $results['user'];
		$date = $results['date'];
		$news = $results['message'];
		echo ("<div class='newstop'><a href='./?id=news&newsid=$id' style='font-weight:bold; '>$title</a> posted by <a href='./?id=member&user=$user' style='font-weight:bold; font-style:italic; '>$user</a> ($date) - $comments comment(s)</div><br />\n$news");
		}
	}
?>

And the news.php to view seperate news items which then includes the newscomments.php file
news.php

<?php
include('check.php');
include('dbconnect.php');
$id = $_GET['newsid'];
$sql = mysql_query("SELECT * FROM `news` WHERE id='$id'");
  while ($results = mysql_fetch_array($sql)) {
	if (mysql_num_rows($sql) == 0) {
		echo("Sorry, no news matches the ID in the address bar. Make sure that you've got the link right!");
		}
	else {
		$title = $results['title'];
		$user = $results['user'];
		$date = $results['date'];
		$news = $results['message'];
		echo ("<div class='newstop'><strong>$title</strong> posted by <a href='./?id=member&user=$user' style='font-weight:bold; font-style:italic; '>$user</a> ($date)</div><br />\n$news<br /><hr />");
		include("newscomments.php");
		}
	}
?>

newscomments.php

<?php
include('check.php');
include('dbconnect.php');
$newsid = $_GET['newsid'];
$commentsearch = mysql_query("SELECT * FROM `newscomments` WHERE newsid='$newsid' ORDER BY id DESC");
while($comments = mysql_fetch_array($commentsearch)) {
	if(mysql_num_rows($commentsearch) == 0) {
		echo("There are no comments on this news item. Be the first to post.");
		}
	else {
		$poster = $comments['user'];
		$date = $comments['date'];
		$post = $comments['message'];
		echo("<div class='newscomments'>Posted by <a href='./?id=member&user=$poster' style='font-weight:bold; font-style:italic; '>$poster</a> ($date)</div><br />$post");
		}
	}
?>
<?php
$user = $_COOKIE['user'];
$check = mysql_query("SELECT * FROM `users` WHERE level='1' OR level='2' OR level='3' OR level='4' or level='5' AND username='$user'");
if (mysql_num_rows($check) == 0) {
	echo ("You must be logged in to add comments to a news item.<br />");
	}
else {
?>	  
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post" >
  <table width="100%">
	<tr>
			<td width="27%">Your Comment</td>
			<td colspan="2"><textarea rows="6" cols="20" style="margin:2px; " name="comment"></textarea></td>
	</tr>
	<tr>
	  <td width="27%">Security code: 
		 <br />
	  <em>This is to stop spam</em></td>
	  <td width="25%" align="left" valign="middle">
	  <input class="text" name="secCode" type="text" size="12" style="margin:2px; " /></td>
	  <td width="48%" align="left" valign="middle"><img src="captcha.php" alt="security code" border="1" style="margin:2px; " /></td>
	</tr>
	<tr>
	  <td colspan="3" align="center"><br/>
		 <input class="text" type="submit" name="submit" value="Add Comment" />
	  </td>
	</tr>
  </table>  
</form>
<?php
	if (isset($_POST['submitBtn'])){
	  $secCode = isset($_POST['secCode']) ? strtolower($_POST['secCode']) : "";
	  if ($secCode == $_SESSION['securityCode']) {
		 echo "<p>The result code was valid!<br/></p>";
		 unset($_SESSION['securityCode']);
		 $result = true;
	  }
	  else {
		 echo "<p>Sorry the security code is invalid! Please try it again!</p>";
		 $result = false;
	  }
   }
   if (isset($_POST['submit']) && $result = true) {
   		$usercomment = $_POST['comment'];
		  $date = date("Y-m-d");
   		mysql_query("INSERT INTO `newscomments` SET newsid='$newsid', message='$usercomment', date='$date', user='$user'") or die(mysql_error());
		echo("Comment added!");
		}
   }
?>

And the second problem I have is with the newscomments.php file. When the user isn't logged in, they can't view the comments. What I'm after is for a user not logged in can view the news comments but not post.

It's been a while since I've done any PHP coding because I stopped to concentrate on my GCSEs. But they're done now so I'm back working on some old projects.

Can anyone help?

Back to top

#2 rc69

PHP Master PD

P2L Staff
3,827 posts

Gender:Male
Location:Here
Interests:Web Development

Posted 16 August 2008 - 09:58 PM

It would be a lot easier if you could tell us which query is giving you that error, but since you only have two set up to display any errors, i'm going to assume its the following:

$commentcheck = mysql_query("SELECT * FROM `newscomments` WHERE newsid=$id") or die(mysql_error());

Since i didn't see $id defined anywhere, i'm going to assume the fix would be to put single quotes around $id, and then make sure $id is defined before the query (i say assume because i don't know for sure).

Edited by rc69, 16 August 2008 - 09:59 PM.

Back to top

#3 Arsenal19

Young Padawan

Members
41 posts

Posted 17 August 2008 - 01:40 AM

rc69, on Aug 16 2008, 09:58 PM, said:

It would be a lot easier if you could tell us which query is giving you that error, but since you only have two set up to display any errors, i'm going to assume its the following:

$commentcheck = mysql_query("SELECT * FROM `newscomments` WHERE newsid=$id") or die(mysql_error());

Since i didn't see $id defined anywhere, i'm going to assume the fix would be to put single quotes around $id, and then make sure $id is defined before the query (i say assume because i don't know for sure).

rc69 is right, you should add the or die(mysql_error()) to each of you select statements. Also you should try adding some sort of debugger to figure out which Select statement is giving you the error.

Change :

$commentcheck = mysql_query("SELECT * FROM `newscomments` WHERE newsid=$id") or die(mysql_error());

To :

$commentcheck = mysql_query("SELECT * FROM `newscomments` WHERE newsid=$id") or die("Select newscommments : " . mysql_error());

Or :

$commentcheck = mysql_query("SELECT * FROM `newscomments` WHERE newsid=$id") or die("SELECT * FROM `newscomments` WHERE newsid=$id : " . mysql_error());

That is what I normally do for debugging purposes.

rc69 : as far as needing single quotes around the $id , that is not necessary for Integers. I say this because I assume id is an int. Single quotes are need for everything else though.

Trying adding some of the Debug stuff i suggested and run you code again. That should tell you where you are having the problem. Then you can look at that section a little closer to figure out your problem.

Make sure $id is set though before you try to use it in a select.

Arsenal19

Back to top

#4 Matt L

Young Padawan

Members
272 posts

Gender:Male
Location:Newcastle

Posted 17 August 2008 - 05:53 AM

Cheers so far, but still having a problem. I'm now getting this error:

Quote

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in E:\AppServ\www\bluetutorials\newscomments.php on line 6

And the code starts from line 5:

$commentcheck = mysql_query("SELECT * FROM `newscomments` WHERE newsid='$newsid'") or die(mysql_error());
while($comments = mysql_fetch_array($commentsearch)) {

Back to top

#5 rc69

PHP Master PD

P2L Staff
3,827 posts

Gender:Male
Location:Here
Interests:Web Development

Posted 17 August 2008 - 10:10 PM

Arsenal19, on Aug 17 2008, 12:40 AM, said:

rc69 : as far as needing single quotes around the $id , that is not necessary for Integers. I say this because I assume id is an int. Single quotes are need for everything else though.

Right, but if $id isn't set, then it is nothing. Not an int, not a string, nothing. That results in a parse error. Putting the single quotes around it would result in proper parsing, and nothing being selected.

Matt L, on Aug 17 2008, 04:53 AM, said:

Cheers so far, but still having a problem. I'm now getting this error:

Quote

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in E:\AppServ\www\bluetutorials\newscomments.php on line 6

And the code starts from line 5:

$commentcheck = mysql_query("SELECT * FROM `newscomments` WHERE newsid='$newsid'") or die(mysql_error());
while($comments = mysql_fetch_array($commentsearch)) {

$commentcheck != $commentsearch

Edited by rc69, 17 August 2008 - 10:11 PM.

Back to top

#6 Arsenal19

Young Padawan

Members
41 posts

Posted 18 August 2008 - 05:47 PM

rc69, on Aug 17 2008, 09:10 PM, said:

Right, but if $id isn't set, then it is nothing. Not an int, not a string, nothing. That results in a parse error. Putting the single quotes around it would result in proper parsing, and nothing being selected.

Right, however single quotes are not necessary on Int's. However, I always use them as its a major headache saver.

Arsenal19

Back to top

Back to Programming and General Web Design · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users