StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POBuilding a PM system
text
Body
copied!<p><strong>First of all I am very new to PHP/MySQL and I am aware as others have pointed out that my code is vunerable to MySQL injection, but right now I am working on learning the functionality before I move onto security.</strong></p> <p>Ok so I am building a Private Messaging system from scratch to help with my understanding of the coding, i have hit a road block where I am trying to POST the "to_user" data in a reply string, and I can get everything else to successfully post but the"to_user"(the person who sent the PM) and the subject data isn't carrying over.</p> <p>Here is my "view_pm.php" file.</p> <pre><code><?php include 'core/init.php'; include 'includes/overall/header.php'; ?> <?php include "includes/inbox-menu.php"; ?> <table> <?php $id = $_GET['id']; $to_user = $user_data['user_id']; $sql = "SELECT users.user_id, users.username, users.profile, messages.id, messages.to_user, messages.from_user, messages.subject, messages.message, messages.has_read, messages.deleted, messages.date_sent FROM `messages` JOIN `users` ON messages.from_user = users.user_id WHERE messages.to_user = '$to_user' AND messages.id = '$id' ORDER BY messages.date_sent DESC"; $result = mysql_query($sql); $rows = mysql_fetch_array($result); ?><tr> <td width="50px" align="center"> <img src="<?php echo $rows['profile']; ?>" width="40px"><br><?php echo $rows['username']; ?> </td> <td valign="top" width="350px"> <b><?php echo $rows['subject']; ?></b><br> <?php echo $rows['message']; ?> </td><td><?php echo $rows['date_sent']; ?></td> </tr> <tr> <td colspan="3"><hr></td> </tr> <?php $sql2 = "SELECT users.user_id, users.username, users.profile, messages.id, messages.reply_id, messages.to_user, messages.from_user, messages.subject, messages.message, messages.has_read, messages.deleted, messages.date_sent FROM `messages` JOIN `users` ON messages.from_user = users.user_id WHERE messages.to_user = '$to_user' AND messages.reply_id = '$id' ORDER BY messages.date_sent DESC"; $result2 = mysql_query($sql2); while ($rows = mysql_fetch_assoc($result2)) { ?> <tr> <td width="50px" align="center"> <img src="<?php echo $rows['profile']; ?>" width="40px"><br><?php echo $rows['username']; ?> </td> <td valign="top" width="350px"> <b><?php echo $rows['subject']; ?></b><br> <?php echo $rows['message'] ?> </td><td><?php echo $rows['date_sent']; ?></td> </tr> <tr> <td colspan="3"><hr></td> </tr> <?php } ?> </table> <form method="post" action="parsers/reply_pm.php"> Reply: <textarea name="message"></textarea><br> <input type="hidden" name="from_user" value="<? echo $to_user; ?>"> <input type="hidden" name="to_user" value="<? echo $rows['from_user']; ?>"> <input type="hidden" name="subject" value="<? echo $rows['subject']; ?>"> <input type="hidden" name="reply_id" value="<? echo $id ?>"> <input type="submit" name="submit" value="Send Message"> </form> <?php include 'includes/overall/footer.php'; ?> </code></pre> <p>And here is my "reply_pm.php" file.</p> <pre><code><?php include '../core/init.php'; $reply_id = $_POST['reply_id']; $to_user = $_POST['to_user']; $from_user = $user_data['user_id']; $subject = $_POST['subject']; $message = $_POST['message']; echo $sql = "INSERT INTO `messages` (reply_id, to_user, from_user, subject, message, date_sent) VALUES ('$reply_id','$to_user','$from_user','$subject','$message',now())"; $result = mysql_query($sql); exit(); if($result){ header("Location: ../view_pm.php?id=$reply_id"); } else { echo "Error sending message."; } ?> </code></pre> <p>And you may or may not have noticed I am echoing the result while testing, it's currently returning..</p> <p>INSERT INTO <code>messages</code> ( reply_id, to_user, from_user, subject, message, date_sent ) VALUES ( '8','','1','','test reply goes here',now() )</p> <p>Thanks in advance.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload