0

Hi DW.

I have built a website using Mobirise and now what I want to do is to enable the site to accept comments from people and also display them on the page on the section COMMENTS, now the problem is that I want the comments to use the themes format but the problem with that is that the javascript produce and error if I take the entire DIV section that produce this comment style so that it will be applied to each and every comment. Please check the site and click on the Piracy Impact and check the comment section to see how I want all of my comments to show like. I have 2 php files which one is for retrieving the comment and the other for retrieving the name, this helps me to keep the style but this only works for the first comment, then the rest just displays bellow the first comment and without separating the retrieving process the name is not displayed in a correct stye.

Bellow are the codes that I use to retrieve data:

1) Display Comments

<?php

$con = mysql_connect("xxxxx","xxxxx","xxxxx");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}

mysql_select_db("ndlelabyte",$con);

$article_id = $_GET['id'];

$query = "SELECT * FROM `ndlelabyte`.`messages` WHERE `articleid` =$article_id LIMIT 0 , 30";
$condolencey = mysql_query($query);

while($row = mysql_fetch_array($condolencey, MYSQL_ASSOC))
{

$cond = $row['comments'];

echo "<p>$cond</p>
";
}

mysql_close($con);

?>

2) Displaying the name is the similar code as above but this time I point/retrieve the name.

On my page I have this under the comment section.

<div class="mbr-testimonial card">
                        <div class="card-block"><p>
                    <?php include("display_comments.php"); ?></p></div>
                        <div class="mbr-author card-footer">

                            <div class="mbr-author-name">
<?php include("display_name.php"); ?>
</div>
</div>
</div>

Now as you can see doing this will only show the last comment but if I had placed the DIV inside the php files which retrieves data from a MySQL database I would'nt have a problem because each message was going to be displayed as it should be with the style I want to keep.

How can I solve this problem?

2
Contributors
3
Replies
37
Views
2 Months
Discussion Span
Last Post by Mr.M
1

I managed to get the solution to this problem and the solution is:

<?php
$mysqli = new mysqli($host, $user, $password, $database);
// DO ERROR CHECKING HERE

$article_id = isset($_GET['id']) ? $_GET['id'] : false;

if ($article_id) {
  $query = <<< QUERY
SELECT * 
FROM 
  `ndlelabyte`.`messages` 
WHERE 
  `articleid` ={$article_id} 
LIMIT 0 , 30
QUERY;

  $result = $mysqli->query($query);
  if ($result) {
    while ($row = $result->fetch_object()) {
      echo <<< COMMENT
  <div class="col-xs-12">
    <div class="mbr-testimonial card">
      <div class="card-block"><p>{$row['comments']}</p></div>
      <div class="mbr-author card-footer">
      <div class="mbr-author-name">{$row['author']}</div>
    </div>
    </div>
  </div>
COMMENT;
    }
  }
}
2

Thanks for including the solution you found. However, you are in danger of SQL Injection as your input variables are not sanitized. Here's an example of what you could do:

<?php
$mysqli = new mysqli($host, $user, $password, $database);
// DO ERROR CHECKING HERE
if(isset($_GET['id'])){
    $article_id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
    $stmt = $mysqli->prepare( "SELECT `comments`, `author` FROM `ndlelabyte`.`messages` WHERE `articleid`= ? LIMIT 0, 30" );
    $stmt->bind_param('i', $article_id);
    $stmt->bind_result($comments, $author);
    $stmt->execute();
    while ($stmt->fetch()) {
            echo <<< COMMENT
  <div class="col-xs-12">
    <div class="mbr-testimonial card">
      <div class="card-block"><p>$comments</p></div>
      <div class="mbr-author card-footer">
      <div class="mbr-author-name">$author</div>
    </div>
    </div>
  </div>
COMMENT;
    }
    $stmt->close();
}
$mysqli->close();

Edited by diafol

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.