But now I have slight problem. I had the whole blog operating just the way it was supposed to and all was working fine, until I noticed that the comments part doesn't work properly. When I add a comment, on an entry, it only works once. I can only add one comment that shows up but the other ones don't.
Let's say that I want to make a comment on an entry with id=8 . I click the "Leave a comment" link which opens a popup with the comment form. I add a comment, press the submit button and the comment is added to the database, the page reloads, but alas if I try to add another comment, it will not be linked to entry number 8 but some seemingly random number.
And I have no idea what's wrong...
Link to my site: http://leaves.in-the-shadows.net
So here's my single entry code (I only have the comments part here, no actual entry):
CODE
<?php
mysql_connect ('localhost', 'username', 'password');
mysql_select_db ('databasename');
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
die("Invalid ID specified.");
}
$id = (int)$_GET['id'];
$sql = "SELECT id FROM php_blog WHERE id='$id' LIMIT 1";
$commenttimestamp = strtotime("now");
$sql = "SELECT * FROM php_blog_comments WHERE entry='$id' ORDER BY timestamp";
$result = mysql_query ($sql) or print ("Can't select comments from table php_blog_comments.<br />" . $sql . "<br />" . mysql_error());
while($row = mysql_fetch_array($result)) {
$date = date("M d Y", $row['timestamp']);
$url = stripslashes($row['url']);
$comment = stripslashes($row['comment']);
$name = stripslashes($row['name']);
$id = $row['id'];
?>
<div id="actual"><?php echo $comment; ?></div>
<div id="bottom"><div style="width:200px; float:left;">Posted on <?php echo $date; ?> by <a href="<?php echo $url; ?>"><?php echo $name;?></a></div><div style="width:750px; float:right;" align="right"></div></div>
<?php
}
?>
<div style="width:350px; margin-bottom:10px;"><form method="post" action="process.php">
<input type="hidden" name="entry" id="entry" value="<?php echo $id; ?>" />
<input type="hidden" name="timestamp" id="timestamp" value="<?php echo $commenttimestamp; ?>"><br />
<strong><label for="name">Name:</label></strong> <input type="text" name="name" id="name" size="25" /><br />
<strong><label for="email">E-mail:</label></strong> <input type="text" name="email" id="email" size="25" /><br />
<strong><label for="url">URL:</label></strong> <input type="text" name="url" id="url" size="25" value="http://" /><br />
<strong><label for="comment">Comment:</label></strong><br />
<textarea cols="25" rows="5" name="comment" id="comment"></textarea><br />
<input type="submit" name="submit_comment" id="submit_comment" value="Add Comment" />
</form></div>
mysql_connect ('localhost', 'username', 'password');
mysql_select_db ('databasename');
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
die("Invalid ID specified.");
}
$id = (int)$_GET['id'];
$sql = "SELECT id FROM php_blog WHERE id='$id' LIMIT 1";
$commenttimestamp = strtotime("now");
$sql = "SELECT * FROM php_blog_comments WHERE entry='$id' ORDER BY timestamp";
$result = mysql_query ($sql) or print ("Can't select comments from table php_blog_comments.<br />" . $sql . "<br />" . mysql_error());
while($row = mysql_fetch_array($result)) {
$date = date("M d Y", $row['timestamp']);
$url = stripslashes($row['url']);
$comment = stripslashes($row['comment']);
$name = stripslashes($row['name']);
$id = $row['id'];
?>
<div id="actual"><?php echo $comment; ?></div>
<div id="bottom"><div style="width:200px; float:left;">Posted on <?php echo $date; ?> by <a href="<?php echo $url; ?>"><?php echo $name;?></a></div><div style="width:750px; float:right;" align="right"></div></div>
<?php
}
?>
<div style="width:350px; margin-bottom:10px;"><form method="post" action="process.php">
<input type="hidden" name="entry" id="entry" value="<?php echo $id; ?>" />
<input type="hidden" name="timestamp" id="timestamp" value="<?php echo $commenttimestamp; ?>"><br />
<strong><label for="name">Name:</label></strong> <input type="text" name="name" id="name" size="25" /><br />
<strong><label for="email">E-mail:</label></strong> <input type="text" name="email" id="email" size="25" /><br />
<strong><label for="url">URL:</label></strong> <input type="text" name="url" id="url" size="25" value="http://" /><br />
<strong><label for="comment">Comment:</label></strong><br />
<textarea cols="25" rows="5" name="comment" id="comment"></textarea><br />
<input type="submit" name="submit_comment" id="submit_comment" value="Add Comment" />
</form></div>
And here is my process.php code:
CODE
<?php
if (isset($_POST['submit_comment'])) {
if (empty($_POST['name']) || empty($_POST['email']) || empty($_POST['comment'])) {
die("You have forgotten to fill in one of the required fields! Please make sure you submit a name, e-mail address and comment.");
}
$entry = htmlspecialchars(strip_tags($_POST['entry']));
$timestamp = htmlspecialchars(strip_tags($_POST['timestamp']));
$name = htmlspecialchars(strip_tags($_POST['name']));
$email = htmlspecialchars(strip_tags($_POST['email']));
$url = htmlspecialchars(strip_tags($_POST['url']));
$comment = htmlspecialchars(strip_tags($_POST['comment']));
$comment = nl2br($comment);
if (!get_magic_quotes_gpc()) {
$name = addslashes($name);
$url = addslashes($url);
$comment = addslashes($comment);
}
if (!eregi("^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$", $email)) {
die("The e-mail address you submitted does not appear to be valid. Please go back and correct it.");
}
mysql_connect ('localhost', 'username', 'password');
mysql_select_db ('databasename');
$result = mysql_query("INSERT INTO php_blog_comments (entry, timestamp, name, email, url, comment) VALUES ('$entry','$timestamp','$name','$email','$url','$comment')");
header("Location: entry.php?id=" . $entry);
}
else {
die("Error: you cannot access this page directly.");
}
?>
if (isset($_POST['submit_comment'])) {
if (empty($_POST['name']) || empty($_POST['email']) || empty($_POST['comment'])) {
die("You have forgotten to fill in one of the required fields! Please make sure you submit a name, e-mail address and comment.");
}
$entry = htmlspecialchars(strip_tags($_POST['entry']));
$timestamp = htmlspecialchars(strip_tags($_POST['timestamp']));
$name = htmlspecialchars(strip_tags($_POST['name']));
$email = htmlspecialchars(strip_tags($_POST['email']));
$url = htmlspecialchars(strip_tags($_POST['url']));
$comment = htmlspecialchars(strip_tags($_POST['comment']));
$comment = nl2br($comment);
if (!get_magic_quotes_gpc()) {
$name = addslashes($name);
$url = addslashes($url);
$comment = addslashes($comment);
}
if (!eregi("^([_a-z0-9-]+)(\.[_a-z0-9-]+)*@([a-z0-9-]+)(\.[a-z0-9-]+)*(\.[a-z]{2,4})$", $email)) {
die("The e-mail address you submitted does not appear to be valid. Please go back and correct it.");
}
mysql_connect ('localhost', 'username', 'password');
mysql_select_db ('databasename');
$result = mysql_query("INSERT INTO php_blog_comments (entry, timestamp, name, email, url, comment) VALUES ('$entry','$timestamp','$name','$email','$url','$comment')");
header("Location: entry.php?id=" . $entry);
}
else {
die("Error: you cannot access this page directly.");
}
?>
Thanks so much in advance
