Help with reply to message function

Beginners - Learning PHP
#1

Currently working on a PHP script that allows users to post comments, edit, delete and reply to other comments from other users. Same as what you see on you tube.

Cannot get the reply to other people’s comments part to work.

[php]<?php

function setComments($conn) {
if (isset($_POST[‘commentSubmit’])) {
$uid = $_POST[‘uid’];
$date = $_POST[‘date’];
$message = $_POST[‘message’];

$sql = “INSERT INTO comments (uid, date, message) VALUES (’$uid’, ‘$date’, ‘$message’)”;
$result = mysqli_query($conn, $sql);
}
}

function getComments($conn) {
$sql = “SELECT * FROM comments”;
$result = mysqli_query($conn, $sql);
while ($row = mysqli_fetch_assoc($result)) {
$id = $row[‘uid’];
$sql2 = “SELECT * FROM user WHERE id = ‘$id’”;
$result2 = mysqli_query($conn, $sql2);
if (($row2 = mysqli_fetch_assoc($result2))) {
echo “

”;
echo $row2[‘uid’]."
";
echo $row[‘date’]."
";
echo nl2br($row[‘message’]);
echo “

”;
if (isset($_SESSION[‘id’])) {
if ($_SESSION[‘id’] == $row2[‘id’]) {
echo "
<input type=‘hidden’ name=‘cid’ value=’".$row[‘cid’]."’>
Delete

	<form class='edit-form' method='POST' action='editcomment.php'>
	<input type='hidden' name='cid' value='".$row['cid']."'>
	<input type='hidden' name='uid' value='".$row['uid']."'>
	<input type='hidden' name='date' value='".$row['date']."'>
	<input type='hidden' name='message' value='".$row['message']."'>
	<button>Edit</button>
	</form>";

	} else {
		echo "<form class='edit-form' method='POST' action='".deleteComments($conn)."'>
	<input type='hidden' name='cid' value='".$row['cid']."'>
	<button type='submit' name='commentReply'>Reply</button>
</form>";
	}
} else {
	echo "<p class='commentmessage'>You need to be logged in to reply</p>";
}
echo "</div>";
	}

	
}

}

function editComments($conn) {
if (isset($_POST[‘commentSubmit’])) {
$cid = $_POST[‘cid’];
$uid = $_POST[‘uid’];
$date = $_POST[‘date’];
$message = $_POST[‘message’];

$sql = “UPDATE comments SET message=’$message’ WHERE cid=’$cid’”;
$result = mysqli_query($conn, $sql);
header(“Location: index.php”);
}
}

function deleteComments($conn) {
if (isset($_POST[‘commentDelete’])) {
$cid = $_POST[‘cid’];

$sql = “DELETE FROM comments WHERE cid=’$cid’”;
$result = mysqli_query($conn, $sql);
header(“Location: index.php”);
}
}

function replyComments($conn) {
if (isset($_POST[‘commentSubmit’])) {
$cid = $_POST[‘cid’];

$sql = “INSERT INTO comments (uid, date ‘uid’) VALUES (’$uid’, ‘$date’ ‘$message’)”;

$result = mysqli_query($conn, $sql);
header(“Location: index.php”);
}
}

function getLogin($conn) {
if (isset($_POST[‘loginSubmit’])) {
$uid = $_POST[‘uid’];
$pwd = $_POST[‘pwd’];

$sql = "SELECT * FROM user WHERE uid='$uid' AND pwd = '$pwd'";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
	if ($row = mysqli_fetch_assoc($result)) {
		$_SESSION['id'] = $row['id'];
		header("Location: index.php?loginsuccess");
		exit();
}
} else {
		header("Location: index.php?loginfailed");
		exit();
}

}
}

function userLogout() {
if (isset($_POST[‘logoutSubmit’])) {
session_start();
session_destroy();
header(“Location: index.php?”);
exit();
}
}
[/php]
Any help wold be great.

Sam

#2

Sorry should have mentioned that the code specifically is lines 82 to 91

#3

You should be using prepared statments. And, you have an error in that sql statement.

#4

Sorry what do you mean by prepared statements? I just thought that all I needed as to insert the mysql function to replay to a comment.

$sql = “INSERT INTO comments (cid, uid, message, date) VALUES (’$cid’, ‘$uid’, ‘$message’, ‘$date’)”;

#5

http://php.net/manual/en/mysqli.quickstart.prepared-statements.php

Sponsor our Newsletter | Privacy Policy | Terms of Service