Hello, so i made a php forum that worked perfectly. However i wanted to make it more secure and now when i to view a topic it doesn’t show the description of the topic any-one . Can someone help ?
view_topic.php
[php]<?php
$tbl_name=“fquestions”; // Table name
try {
$dbh = new PDO(‘mysql:host=localhost;dbname=simpleFourm’,‘root’,‘linux’);
} catch (PDOException $e) {
print "Error!: " . $e->getMessage() . “
”;
die();
}
// get value of id that sent from address bar
$id=$_GET[‘id’];
$sql=“SELECT * FROM $tbl_name WHERE id=’$id’”;
$stmt = $dbh->prepare($sql);
$stmt->execute();
?>
|
<?php $tbl_name2="fanswer"; // Switch to table "forum_answer" $sql2="SELECT * FROM $tbl_name2 WHERE question_id='$id'"; $stmt = $dbh->prepare($sql2); $stmt->execute(); while ($rows = $stmt->fetch()) { ?>
|
<?php } $sql3="SELECT view FROM $tbl_name WHERE id='$id'"; $stmt = $dbh->prepare($sql3); $stmt->execute(); $rows = $stmt->fetch(PDO::FETCH_ASSOC); $view=$rows['view']; // if have no counter value set counter = 1 if(empty($view)){ $view=1; $sql4="INSERT INTO $tbl_name(view) VALUES('$view') WHERE id='$id'"; $stmt = $dbh->prepare($sql4); $stmt->execute(); } // count more value $addview=$view+1; $sql5="update $tbl_name set view='$addview' WHERE id='$id'"; $stmt = $dbh->prepare($sql5); $stmt->execute(); $dbh = null ; ?>
|
add_new_topic.php
[php]<?php
$tbl_name=“fquestions”; // Table name
try {
$dbh = new PDO(‘mysql:host=localhost;dbname=simpleFourm’,‘root’,‘linux’);
} catch (PDOException $e) {
print "Error!: " . $e->getMessage() . “
”;
die();
}
// get data that sent from form
$topic=$_POST[‘topic’];
$detail=$_POST[‘detail’];
$name=$_POST[‘name’];
$email=$_POST[‘email’];
$datetime=date(“d/m/y h:i:s”); //create date time
$sql=“INSERT INTO $tbl_name(topic, detail, name, email, datetime)VALUES(’$topic’, ‘$detail’, ‘$name’, ‘$email’, ‘$datetime’)”;
$stmt = $dbh->prepare($sql);
$stmt->execute();
if($stmt){
echo “Successful
”;
echo “View your topic”;
}
else {
echo “ERROR”;
}
die();
?>
[/php]