0

I am trying to create a commenting system that is linked with videos hosted on my server. The videos are displayed on a watch page (watch.php) and the commenting system is included below the video player. When new comments are posted from the watch page they are then processed and validated by my post class (post.php) and submit.php. Finally a link to script.js implements the AJAX slide down animation to prevent automatic page reloads.

The problem I'm having is that when i try and submit a new comment as a logged in user the form doesn't submit nor does it through an error message so I am having a hard time debugging. I'm OK with PHP but I must admit that I did most all of the AJAX with copy and paste so I'm totally lost.

I will include a link to the site page and then include each of the four scripts.

The site page:
http://budgetgaming.org/watch.php?v=1

watch.php (commenting code starts on line 65)

<?php
include('layouts/header.php');	
?>		

	<div id="outer">
		
		<div id="mainWrapper">
		
			<div id="home"><a href="index.php"></a></div>
			
			<ul class="mainNav">
				<li><a class="current" href="reviews.php">Reviews ↪</a></li>
				<li><a href="http://budgetgaming.org/forums/index.php">Forums</a></li>
				<li><a href="http://budgetgaming.org/blogs/index.php/posts/index">Blogs</a></li>
				<li><a href="about.php">About</a></li>
			</ul>
			
			<div class="searchBar">
			<p>searchBar</p>
			</div> <!-- searchBar -->
			
		</div> <!-- mainWrapper -->
			
		<div id="contentWrapper">
			
			<div class="mainContent">
				
				<div class="breadCrumbs">
				<p>Reviews &rarr; Watch &rarr;</p>
				</div> <!-- breadCrumbs -->

				<div class="videoPlayer">
					
					<?php
						
						require ("../dbConnect.php");
						
						if (isset($_GET['v'])) {
							
							$vId = $_GET['v'];
							
							$q = "SELECT videoUrl FROM videos WHERE vId = $vId";
							$r = @mysqli_query ($dbc, $q);
							
							while ($video = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
								$currentVideo = $video['videoUrl'];
							}
							
							echo '<a href=' . $currentVideo . ' style="display:block; width:619px; height:350px;" id="player"></a>';
							
							mysqli_free_result ($r);
						}
			
					?>
					
				</div> <!-- videoPlayer -->
				
				<script>
					flowplayer("player", "flowplayer-3.2.2.swf");
				</script>
				
				<?php
				// PHP intercepts the form submission AND injects database information from previous comments
					
				require ("posts.php");
				
				if (isset($_GET['v'])) {
							
					$vId = $_GET['v'];
					
					$posts = array();
					
					$q = "SELECT * FROM phpbb_users INNER JOIN posts ON posts.vId = $vId WHERE posts.user_id = phpbb_users.user_id";
					$r = @mysqli_query ($dbc, $q);
					
					while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
						$posts[] = new Post($row);	
					}
				
					foreach($posts as $p) {
						echo $p->markup();
					}
					
					mysqli_free_result ($r);
					mysqli_close($dbc);
				}
				
				?>
				
				<!-- Include the xhtml for comment system under the video player -->
				
				<div id="addCommentContainer">
	    			<p>Add a Comment</p>
	    			<form id="addCommentForm" method="post" action="">
	       				 <div>
	            			<label for="body">Comment Body</label>
	            			<textarea name="body" id="body" cols="20" rows="5"></textarea>
	            			<input type="submit" id="submit" value="Submit" />
	        			</div>
	    			</form>
				</div>
				
				<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
				<script type="text/javascript" src="http://budgetgaming.org/script.js"></script>

				<div class="mostViewed">
				<p class="p2">mostViewed</p>
				</div> <!-- mostViewed -->
				
				<div class="mostCommented">
				<p class="p2">mostCommented</p>
				</div> <!-- mostCommented -->
			
				<div class="recentForum">
				<p class="p2">recentForum</p>
				</div> <!-- recentForum -->
			
				<div class="recentBlog">
				<p class="p2">recentBlog</p>
				</div> <!-- recentBlog -->
				
			</div> <!-- mainContent -->

		</div> <!-- contentWrapper -->
		
<?php include('layouts/footer.php')?>

posts.php (posting class):

<?php

class Post {
					
	private $data = array();
				
	public function __construct($row) {
		$this->data = $row;
	}
				
	public function markup() {
		// Just an alias so I don't have to type $this->data every time
		$d = &$this->data;
				
		$name = $d['username'];
		$body = $d['post'];
		$date = strtotime($d['postDate']);
				
		return '
		<div class="comment">
 			<div class="avatar">
        		<img src="http://www.gravatar.com/avatar/112fdf7a8fe3609e7af2cd3873b5c6bd?size=50&default=http%3A%2F%2Fdemo.tutorialzine.com%2F2010%2F06%2Fsimple-ajax-commenting-system%2Fimg%2Fdefault_avatar.gif"></a>
    		</div>
	 
    		<div class="name"><a href="http://tutorialzine.com/">' . $name . '</a></div>
	    	<div class="date" title="Added at'. date('H:i \o\n M d Y',$date) . '">' . date('d M Y',$date) . '</div>
	   		<p>'.$body.'</p>
		</div>
		';
	}
						
	public static function validate(&$arr) {
							
		// This function validates the data sent via AJAX
		// It should return true/false depending on whether the data is valid
		// The array variable, $arr, is passed a paramenter containing either the valid input data or error messages 
							
		$errors = array();
		$data = array();
							
		// Use of filter_input funtion, this is built in as of PHP 5.2.0
							
		if(!$data['body'] = filter_input(INPUT_POST, 'body', FILTER_CALLBACK, array('options'=>'Post::validateText'))) {
			$errors['body'] = 'Please enter a comment first.';
		}
							
		if(!empty($errors)) {
			// If there arn't any errors, copy the $errors array to $arr
			$arr = $errors;
			return false;
		}
							
		// If the data is valid, sanitize all the info and copy it to $arr:
							
		foreach($data as $k=>$v) {
			$arr[$k] = mysql_real_escape_string($v);
		}
							
		return true;
	}
						
	private static function validateText($str) {
		// This function is used internally as a FILTER_CALLBACK
		if(mb_strlen($str, 'utf8')<1)
			return false;
								
		// Encode all html special characters (<, >, ", & .. etc) and convert the new line characters to <br /> tags:
		$str = nl2br(htmlspecialchars($str));
							
		// Remove the new line characters left
		$str = str_replace(array(chr(10), chr(13)), '', $str);
							
		return $str;
	}
}

?>

submit.php (handles the submitted post information):

<?php

//Error reporting:
error_reporting(E_ALL^E_NOTICE);
	
include "../dbConnect.php";
include "post.php";

//This array is going to be populated with either the data that was sent to the script, or the error messages
$arr = array();
$validates = Post::validate($arr);

//save the current user_id as a variable for the sql insert
$currentUser = $_SESSION['user_id'];
	
if($validates) {
// If everything is OK, insert the information into the database
		mysql_query("INSERT INTO posts(user_id, post, postDate, vId) 
		 			 VALUES (
		 					  $currentUser,
		 					  '".$arr['body']."', 
		 					  CURRENT_TIMESTAMP, 
		 					  $vId
		 			  )");
	
		// The data in $arr is escaped for the mysql query
		// But we need to unescape the text
		// So, we apply stripslashes to all of the elements in the array:
	
		$arr = array_map('stripslashes', $arr);
		$insertedPost = new Post($arr);
	
		// Outputting the markup of the just-inserted post:
		echo json_encode(array('status'=>1, 'html'=>$insertedPost->markup()));
	
	} else {
		// Outputting the error messages
		echo '{"status":0,"errors":'.json_encode($arr).'}';
	}

?>

script.js (The AJAX):

$(document).ready(function(){
	// The following code is executed once the DOM is loaded
	
	// This flag will prevent multiple comment submits:
	var working = false;
	
	// Listening for the submit event of the form
	$('#addCommentForm').submit(function(e){
		
		e.preventDefault();
		if(working) return false;
		
		working = true;
		$('#submit').val('Sending..');
		$('span.error').remove();
		
		// Sending the form fields to submit.php
		$.post('submit.php', $(this).serialize(), function(msg){
			
			working = false;
			$('#submit').val('Submit');
			
			if(msg.status){
				// If the insert was successful, add the comment below the last on the page with a slide effect
				$(msg.html).hide().insertBefore('#addCommentContainer').slideDown();
				$('#body').val('');
			} else {
				// If there were errors, loop through the msg.errors object and display them on the page
				$.each(msg.errors, function(k,v){
					$('label[for='+k+']').append('<span class="error">'+v+'</span>');
				});
			}
		},'json');
	});
});

Any help would be greatly appreciated and thanks in advance.

2
Contributors
12
Replies
14
Views
6 Years
Discussion Span
Last Post by jfarny
0

Using firebug for Firefox, I found that on the page the ajax posts to it is saying that post.php cannot be found.

0

Using firebug for Firefox, I found that on the page the ajax posts to it is saying that post.php cannot be found.

That is interesting. I have firebug as well but only use it for the html/css links. Where did you see this error? And does it give any details other than that the file i "missing"?

0

Ive found the broken include statement that was throwing the error you reported and fixed it. However, I am still left with the same broken functionality with no more clues as to what is wrong.

0

Here is the error now:

<br />
<b>Warning</b>:  mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: Access denied for user 'jfarnyc1'@'localhost' (using password: NO) in <b>/home/jfarnyc1/public_html/budgetgaming.org/posts.php</b> on line <b>56</b><br />
<br />
<b>Warning</b>:  mysql_real_escape_string() [<a href='function.mysql-real-escape-string'>function.mysql-real-escape-string</a>]: A link to the server could not be established in <b>/home/jfarnyc1/public_html/budgetgaming.org/posts.php</b> on line <b>56</b><br />
<br />
<b>Warning</b>:  mysql_query() [<a href='function.mysql-query'>function.mysql-query</a>]: Access denied for user 'jfarnyc1'@'localhost' (using password: NO) in <b>/home/jfarnyc1/public_html/budgetgaming.org/submit.php</b> on line <b>24</b><br />
<br />
<b>Warning</b>:  mysql_query() [<a href='function.mysql-query'>function.mysql-query</a>]: A link to the server could not be established in <b>/home/jfarnyc1/public_html/budgetgaming.org/submit.php</b> on line <b>24</b><br />
{"status":1,"html":"\n\t\t<div class=\"comment\">\n \t\t\t<div class=\"avatar\">\n        \t\t<img src=\"http:\/\/www.gravatar.com\/avatar\/112fdf7a8fe3609e7af2cd3873b5c6bd?size=50&default=http%3A%2F%2Fdemo.tutorialzine.com%2F2010%2F06%2Fsimple-ajax-commenting-system%2Fimg%2Fdefault_avatar.gif\"><\/a>\n    \t\t<\/div>\n\t \n    \t\t<div class=\"name\"><a href=\"http:\/\/tutorialzine.com\/\"><\/a><\/div>\n\t    \t<div class=\"date\" title=\"Added at18:00 on Dec 31 1969\">31 Dec 1969<\/div>\n\t   \t\t<p><\/p>\n\t\t<\/div>\n\t\t"}

This shows up when I submit a comment via ajax. This is the response that the browser is receiving from your server.

Edited by somedude3488: n/a

0

This is a troubling error message as it means that in some instances my database connection file (dbConnect.php) is being ignored. I am still confused as to how you are able to view these error messages. Could you elaborate on your findings please?

0

I saw the response through Firebug. All you have to do is enable the "Net" section of the software and it lists out all http calls. You can view the data you are posting as well as the response for each individual request.

0

I see. This is a very useful tool that I didn't even know I had access to. Thank you very much for pointing it out. I have a new error message now. It seems that my posts class (posts.php) is throwing a database connection error on line 56.

posts.php

<?php

class Post {
					
	private $data = array();
				
	public function __construct($row) {
		$this->data = $row;
	}
				
	public function markup() {
		// Just an alias so I don't have to type $this->data every time
		$d = &$this->data;
				
		$name = $d['username'];
		$body = $d['post'];
		$date = strtotime($d['postDate']);
				
		return '
		<div class="comment">
 			<div class="avatar">
        		<img src="http://www.gravatar.com/avatar/112fdf7a8fe3609e7af2cd3873b5c6bd?size=50&default=http%3A%2F%2Fdemo.tutorialzine.com%2F2010%2F06%2Fsimple-ajax-commenting-system%2Fimg%2Fdefault_avatar.gif"></a>
    		</div>
	 
    		<div class="name">' . $name . '</a></div>
	    	<div class="date" title="Added at'. date('H:i \o\n M d Y',$date) . '">' . date('d M Y',$date) . '</div>
	   		<p>'.$body.'</p>
		</div>
		';
	}
						
	public static function validate(&$arr) {
							
		// This function validates the data sent via AJAX
		// It should return true/false depending on whether the data is valid
		// The array variable, $arr, is passed a paramenter containing either the valid input data or error messages 
							
		$errors = array();
		$data = array();
							
		// Use of filter_input funtion, this is built in as of PHP 5.2.0
							
		if(!$data['body'] = filter_input(INPUT_POST, 'body', FILTER_CALLBACK, array('options'=>'Post::validateText'))) {
			$errors['body'] = 'Please enter a comment first.';
		}
							
		if(!empty($errors)) {
			// If there arn't any errors, copy the $errors array to $arr
			$arr = $errors;
			return false;
		}
							
		// If the data is valid, sanitize all the info and copy it to $arr:
		
		foreach($data as $k=>$v) {
			$arr[$k] = mysql_real_escape_string($v);
		}
							
		return true;
	}
						
	private static function validateText($str) {
		// This function is used internally as a FILTER_CALLBACK
		if(mb_strlen($str, 'utf8')<1)
			return false;
								
		// Encode all html special characters (<, >, ", & .. etc) and convert the new line characters to <br /> tags:
		$str = nl2br(htmlspecialchars($str));
							
		// Remove the new line characters left
		$str = str_replace(array(chr(10), chr(13)), '', $str);
							
		return $str;
	}

}

?>

I connect to the database before this code it called on the watch.php page (line 66) and close after (line 87) so I'm not sure why I am getting this error.

watch.php

<?php
include('layouts/header.php');	
?>		

	<div id="outer">
		
		<div id="mainWrapper">
		
			<div id="home"><a href="index.php"></a></div>
			
			<ul class="mainNav">
				<li><a class="current" href="reviews.php">Reviews &#8618;</a></li>
				<li><a href="http://budgetgaming.org/forums/index.php">Forums</a></li>
				<li><a href="http://budgetgaming.org/blogs/index.php/posts/index">Blogs</a></li>
				<li><a href="about.php">About</a></li>
			</ul>
			
			<div class="searchBar">
			<p>searchBar</p>
			</div> <!-- searchBar -->
			
		</div> <!-- mainWrapper -->
			
		<div id="contentWrapper">
			
			<div class="mainContent">
				
				<div class="breadCrumbs">
				<p>Reviews &rarr; Watch &rarr;</p>
				</div> <!-- breadCrumbs -->

				<div class="videoPlayer">
					
					<?php
						
						include ('../dbConnect.php');
						
						if (isset($_GET['v'])) {
							
							$vId = $_GET['v'];
							
							$q = "SELECT videoUrl FROM videos WHERE vId = $vId";
							$r = @mysqli_query ($dbc, $q);
							
							while ($video = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
								$currentVideo = $video['videoUrl'];
							}
							
							echo '<a href=' . $currentVideo . ' style="display:block; width:619px; height:350px;" id="player"></a>';
							
							mysqli_free_result ($r);
							mysqli_close($dbc);
						}
			
					?>
					
				</div> <!-- videoPlayer -->
				
				<script>
					flowplayer("player", "flowplayer-3.2.2.swf");
				</script>
				
				<?php
				// PHP intercepts the form submission AND injects database information from previous comments
			
				include ('../dbConnect.php');
				include ("posts.php");
				
				if (isset($_GET['v'])) {
							
					$vId = $_GET['v'];
					
					$posts = array();
					
					$q = "SELECT * FROM phpbb_users INNER JOIN posts ON posts.vId = $vId WHERE posts.user_id = phpbb_users.user_id";
					$r = @mysqli_query ($dbc, $q);
					
					while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
						$posts[] = new Post($row);	
					}
				
					foreach($posts as $p) {
						echo $p->markup();
					}
					
					mysqli_free_result ($r);
					mysqli_close($dbc);
				}
				
				?>
				
				<!-- Include the xhtml for comment system under the video player -->
				
				<div id="addCommentContainer">
	    			<p>Add a Comment</p>
	    			<form id="addCommentForm" method="post" action="">
	       				 <div>
	            			<label for="body">Comment Body</label>
	            			<textarea name="body" id="body" cols="20" rows="5"></textarea>
	            			<input type="submit" id="submit" value="Submit" />
	        			</div>
	    			</form>
				</div>
		
				<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
				<script type="text/javascript" src="http://budgetgaming.org/script.js"></script>

				<div class="mostViewed">
				<p class="p2">mostViewed</p>
				</div> <!-- mostViewed -->
				
				<div class="mostCommented">
				<p class="p2">mostCommented</p>
				</div> <!-- mostCommented -->
			
				<div class="recentForum">
				<p class="p2">recentForum</p>
				</div> <!-- recentForum -->
			
				<div class="recentBlog">
				<p class="p2">recentBlog</p>
				</div> <!-- recentBlog -->
				
			</div> <!-- mainContent -->

		</div> <!-- contentWrapper -->
		
<?php include('layouts/footer.php')?>

Also I am getting an error on the submit.php (line 23) stating that it expects parameter 1 to be a sql result but instead I am passing a boolean which means that my database insert sql is failing, probably due to the fact that the database connection is not present.

submit.php

$validates = Post::validate($arr);

//save the current user_id as a variable for the sql insert
$currentUser = $_SESSION['user_id'];
	
if($validates) {

include ('../dbConnect.php');

// If everything is OK, insert the information into the database
$q = ("INSERT INTO posts(user_id, post, postDate, vId) VALUES ($currentUser, '".$arr['body']."', CURRENT_TIMESTAMP, $vId )"); 
$r = @mysqli_query ($dbc, $q);

mysqli_free_result ($r);
mysqli_close($dbc);
	
	// The data in $arr is escaped for the mysql query
	// But we need to unescape the text
	// So, we apply stripslashes to all of the elements in the array:
	
	$arr = array_map('stripslashes', $arr);
	$insertedPost = new Post($arr);
	
	// Outputting the markup of the just-inserted post:
	echo json_encode(array('status'=>1, 'html'=>$insertedPost->markup()));
	
} else {
	// Outputting the error messages
	echo '{"status":0,"errors":'.json_encode($arr).'}';
	
	mysqli_free_result ($r);
	mysqli_close($dbc);
}

?>

I guess the question I'm asking is why am I having trouble connecting to my database? script.js remains unchanged. from before.

0

You are using mysql_real_escape_string when you should be using mysqli_real_escape_string. I don't think they are interchangable.

Make sure you are keeping the functions consistent. Mysqli functions don't work with mysql functions (or at least I don't think they do).

Edited by somedude3488: n/a

0

You are using mysql_real_escape_string when you should be using mysqli_real_escape_string. I don't think they are interchangable.

Make sure you are keeping the functions consistent. Mysqli functions don't work with mysql functions (or at least I don't think they do).

Thank you for the advice which was right on the money. My scripts are now error free. However, I am not out of the woods yet. It seems that there is something amiss with my sql INSERT statement (submit.php line 26).

submit.php

<?php

include $_SERVER['DOCUMENT_ROOT'] . '/phpbbSessionStart.php';
include ('../dbConnect.php');
include "posts.php";

//Error reporting:
error_reporting(E_ALL^E_NOTICE);
	
//This array is going to be populated with either the data that was sent to the script, or the error messages
$arr = array();
$validates = Post::validate($arr);

//remember which video this comment belongs to
if (isset($_GET['v'])) {						
	$vId = $_GET['v'];
}

//remember what user is logged in and assign this comment to them
if ($_SESSION['userId'] != "") {
	$currentUser = $_SESSION['user_id'];
}
	
if($validates) {
	// If everything is OK, insert the information into the database
	$q = 'INSERT INTO posts (user_id, post, postDate, vId) VALUES (' . $currentUser . ', ' . $arr['body'] . ', CURRENT_TIMESTAMP,' . $vId . ')'; 
	mysqli_query ($dbc, $q);
	
	// The data in $arr is escaped for the mysql query
	// But we need to unescape the text
	// So, we apply stripslashes to all of the elements in the array:
	
	$arr = array_map('stripslashes', $arr);
	$insertedPost = new Post($arr);
	
	// Outputting the markup of the just-inserted post:
	echo json_encode(array('status'=>1, 'html'=>$insertedPost->markup()));
	
} else {
	// Outputting the error messages
	echo '{"status":0,"errors":'.json_encode($arr).'}';
}

mysqli_close($dbc);

?>

If I only insert the CURRENT_TIMESTAMP into the database then the script works flawlessly meaning the database INSERT can be seen from phpMyAdmin and it animates and displays properly on watch.php. However, when I try to insert the other values (vId, user_id, and post) the INSERT fails and the watch page only animates with the timestamp, which disappears after reload.

In order for you to better understand why it isn't working I'll have to explain what each of these values is and where I think they should be coming from.

First, $vId is a stored integer that belongs the the current video being watched. I pass this variable through the url from the watch.php to submit.php (ex: submit.php?v=$vid). This can be seen in the JavaScript (script.js line 18).

script.js

$(document).ready(function(){
	// The following code is executed once the DOM is loaded
	
	// This flag will prevent multiple comment submits:
	var working = false;
	
	// Listening for the submit event of the form
	$('#addCommentForm').submit(function(e){
		
		e.preventDefault();
		if(working) return false;
		
		working = true;
		$('#submit').val('Sending..');
		$('span.error').remove();
		
		// Sending the form fields to submit.php
		$.post('submit.php?v=$vId', $(this).serialize(), function(msg){
			
			working = false;
			$('#submit').val('Submit');
			
			if(msg.status){
				// If the insert was successful, add the comment below the last on the page with a slide effect
				$(msg.html).hide().insertBefore('#addCommentContainer').slideDown();
				$('#body').val('');
			} else {
				// If there were errors, loop through the msg.errors object and display them on the page
				$.each(msg.errors, function(k,v){
					$('label[for='+k+']').append('<span class="error">'+v+'</span>');
				});
			}
		},'json');
	});
});

Next, the post field is the body of the submitted post. It is validated by the post.php script and is retrieved from the validated array by (arr). (post.php line 43 and submit.php line 11)

<?php

class Post {
					
	private $data = array();
				
	public function __construct($row) {
		$this->data = $row;
	}
				
	public function markup() {
		// Just an alias so I don't have to type $this->data every time
		$d = &$this->data;
				
		$name = $d['username'];
		$body = $d['post'];
		$date = strtotime($d['postDate']);
				
		return '
		<div class="comment">
 			<div class="avatar">
        		<img src="http://www.gravatar.com/avatar/112fdf7a8fe3609e7af2cd3873b5c6bd?size=50&default=http%3A%2F%2Fdemo.tutorialzine.com%2F2010%2F06%2Fsimple-ajax-commenting-system%2Fimg%2Fdefault_avatar.gif"></a>
    		</div>
	 
    		<div class="name">' . $name . '</a></div>
	    	<div class="date" title="Added at'. date('H:i \o\n M d Y',$date) . '">' . date('d M Y',$date) . '</div>
	   		<p>'.$body.'</p>
		</div>
		';
	}
						
	public static function validate(&$arr) {
							
		// This function validates the data sent via AJAX
		// It should return true/false depending on whether the data is valid
		// The array variable, $arr, is passed a paramenter containing either the valid input data or error messages 
							
		$errors = array();
		$data = array();
							
		// Use of filter_input funtion, this is built in as of PHP 5.2.0
							
		if(!$data['body'] = filter_input(INPUT_POST, 'body', FILTER_CALLBACK, array('options'=>'Post::validateText'))) {
			$errors['body'] = 'Please enter a comment first.';
		}
							
		if(!empty($errors)) {
			// If there arn't any errors, copy the $errors array to $arr
			$arr = $errors;
			return false;
		}
							
		// If the data is valid, sanitize all the info and copy it to $arr:
		
		foreach($data as $k=>$v) {
			$arr[$k] = addslashes($v);
		}
							
		return true;
	}
						
	private static function validateText($str) {
		// This function is used internally as a FILTER_CALLBACK
		if(mb_strlen($str, 'utf8')<1)
			return false;
								
		// Encode all html special characters (<, >, ", & .. etc) and convert the new line characters to <br /> tags:
		$str = nl2br(htmlspecialchars($str));
							
		// Remove the new line characters left
		$str = str_replace(array(chr(10), chr(13)), '', $str);
							
		return $str;
	}

}

?>

Finally, the user_id is a variable which mirrors the current user's session id. I pull this session variable from the global sessions array and store it as a local variable (submit.php line 20)

<?php

include $_SERVER['DOCUMENT_ROOT'] . '/phpbbSessionStart.php';
include ('../dbConnect.php');
include "posts.php";

//Error reporting:
error_reporting(E_ALL^E_NOTICE);
	
//This array is going to be populated with either the data that was sent to the script, or the error messages
$arr = array();
$validates = Post::validate($arr);

//remember which video this comment belongs to
if (isset($_GET['v'])) {						
	$vId = $_GET['v'];
}

//remember what user is logged in and assign this comment to them
if ($_SESSION['userId'] != "") {
	$currentUser = $_SESSION['user_id'];
}
	
if($validates) {
	// If everything is OK, insert the information into the database
	$q = 'INSERT INTO posts (user_id, post, postDate, vId) VALUES (' . $currentUser . ', ' . $arr['body'] . ', CURRENT_TIMESTAMP,' . $vId . ')'; 
	mysqli_query ($dbc, $q);
	
	// The data in $arr is escaped for the mysql query
	// But we need to unescape the text
	// So, we apply stripslashes to all of the elements in the array:
	
	$arr = array_map('stripslashes', $arr);
	$insertedPost = new Post($arr);
	
	// Outputting the markup of the just-inserted post:
	echo json_encode(array('status'=>1, 'html'=>$insertedPost->markup()));
	
} else {
	// Outputting the error messages
	echo '{"status":0,"errors":'.json_encode($arr).'}';
}

mysqli_close($dbc);

?>

The watch.php page remains the same as before and I am 99.999% sure it is not causing the problem. However, for your convenience I will post it again.

watch.php

<?php
include('layouts/header.php');	
?>		

	<div id="outer">
		
		<div id="mainWrapper">
		
			<div id="home"><a href="index.php"></a></div>
			
			<ul class="mainNav">
				<li><a class="current" href="reviews.php">Reviews &#8618;</a></li>
				<li><a href="http://budgetgaming.org/forums/index.php">Forums</a></li>
				<li><a href="http://budgetgaming.org/blogs/index.php/posts/index">Blogs</a></li>
				<li><a href="about.php">About</a></li>
			</ul>
			
			<div class="searchBar">
			<p>searchBar</p>
			</div> <!-- searchBar -->
			
		</div> <!-- mainWrapper -->
			
		<div id="contentWrapper">
			
			<div class="mainContent">
				
				<div class="breadCrumbs">
				<p>Reviews &rarr; Watch &rarr;</p>
				</div> <!-- breadCrumbs -->

				<div class="videoPlayer">
					
					<?php
						
						include ('../dbConnect.php');
						
						if (isset($_GET['v'])) {
							
							$vId = $_GET['v'];
							
							$q = "SELECT videoUrl FROM videos WHERE vId = $vId";
							$r = @mysqli_query ($dbc, $q);
							
							while ($video = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
								$currentVideo = $video['videoUrl'];
							}
							
							echo '<a href=' . $currentVideo . ' style="display:block; width:619px; height:350px;" id="player"></a>';
							
							mysqli_free_result ($r);
							mysqli_close($dbc);
						}
			
					?>
					
				</div> <!-- videoPlayer -->
				
				<script>
					flowplayer("player", "flowplayer-3.2.2.swf");
				</script>
				
				<?php
				// PHP intercepts the form submission AND injects database information from previous comments
			
				include ('../dbConnect.php');
				include ("posts.php");
				
				if (isset($_GET['v'])) {
							
					$vId = $_GET['v'];
					
					$posts = array();
					
					$q = "SELECT * FROM phpbb_users INNER JOIN posts ON posts.vId = $vId WHERE posts.user_id = phpbb_users.user_id";
					$r = @mysqli_query ($dbc, $q);
					
					while ($row = mysqli_fetch_array($r, MYSQLI_ASSOC)) {
						$posts[] = new Post($row);	
					}
				
					foreach($posts as $p) {
						echo $p->markup();
					}
					
					mysqli_free_result ($r);
					mysqli_close($dbc);
				}
				
				?>
				
				<!-- Include the xhtml for comment system under the video player -->
				
				<div id="addCommentContainer">
	    			<p>Add a Comment</p>
	    			<form id="addCommentForm" method="post" action="">
	       				 <div>
	            			<label for="body">Comment Body</label>
	            			<textarea name="body" id="body" cols="20" rows="5"></textarea>
	            			<input type="submit" id="submit" value="Submit" />
	        			</div>
	    			</form>
				</div>
		
				<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
				<script type="text/javascript" src="http://budgetgaming.org/script.js"></script>

				<div class="mostViewed">
				<p class="p2">mostViewed</p>
				</div> <!-- mostViewed -->
				
				<div class="mostCommented">
				<p class="p2">mostCommented</p>
				</div> <!-- mostCommented -->
			
				<div class="recentForum">
				<p class="p2">recentForum</p>
				</div> <!-- recentForum -->
			
				<div class="recentBlog">
				<p class="p2">recentBlog</p>
				</div> <!-- recentBlog -->
				
			</div> <!-- mainContent -->

		</div> <!-- contentWrapper -->
		
<?php include('layouts/footer.php')?>

If you need me to elaborate on something or have more advice for me I am eager to respond and look forward to hearing your conclusions.

0

The values in your insert query should be surrounded by quotes. Ex.

$q = "INSERT INTO posts (user_id, post, postDate, vId) VALUES ('" . $currentUser . "', '" . $arr['body'] . "', CURRENT_TIMESTAMP,'" . $vId . "')";

Make sure you run mysql_real_escape_string on each values before putting it in the query. This is make your sql statement more secure and keep it from breaking when someone put's an apostrophe in one of the fields.

0

After extensive trial and error I have fixed my commenting system. Thanks again for the firebug tip. If anyone wants to see the full-functional script feel free to post you request and I'll supply my code.

0

After extensive trial and error I have fixed my commenting system. Thanks again for the firebug tip. If anyone wants to see the full-functional script feel free to post you request and I'll supply my code.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.