Add comments to page but then refresh page to show comments instantly:

HairyArse

Hi guys

I'm working on a website and have added the option so that registered users can add comments to a page, the whole process sort of works, but when the user submits their comments, the page does not refresh and display the comments. Instead you have to manually refresh, and if you do a manual refresh, the page tries to resubmit that comments already added, so based on the code below, what do I need to change to make this work:


<? 
if (isset($_GET['id']))
{
   $article_id = $_GET['id'];
}
else if(!isset($_GET['id']))
{
echo ("You cannot add comments to this page!");
}

if (isset($CommentsSubmit))
{
//add comments to the database

$userid  = "SELECT id FROM tbl_users where username = '$username'";
		$select_user_id = mysql_query($userid);

	while ($row = mysql_fetch_assoc($select_user_id)) 
	{	
		foreach ($row as $field=>$value) 
		{
		if ($field==id)
		$id = $value;
		}
	}		

$user = $id;
$datestamp = date("YmdHis");
$comments = $_POST['frm_comments'];
$comments = stripslashes($comments); 

$insert_comments = "Insert into tbl_comments (user, datestamp, article_id, comments) VALUES('$user', '$datestamp', '$article_id', '$comments')";
$result1 = mysql_query($insert_comments);
}



if (isset($_SESSION['username']))
{
$username = $_SESSION['username']; 
echo("<hr>");
echo ("<div align='center'>Welcome $username, have your say below:</div><br />");
?>
<form name="form1" method="post" action="">
  <div align="center">
    <textarea name="frm_comments" cols="40" rows="5" id="frm_comments"></textarea>
    <br>
    <input name="CommentsSubmit" type="submit" id="CommentsSubmit" value="Submit">
    <input type="reset" name="Submit2" value="Reset">
  </div>
</form>
<?
}

else if (!isset($_SESSION['username']))
{
echo("<hr><br>");
echo("Please log in or register if you wish to post comments on this article:");
echo("<br><br>");
}
?>

HairyArse

It would probably help if I added the include file that actually shows the comments too:


<?
//checks to see if any comments have been posted for the article being viewed - if any have the comments are displayed, if any haven't then nothing is displayed.
$comments_check = "SELECT * FROM tbl_comments WHERE article_id='$article_id';";
$commentsfound = mysql_query($comments_check);
$num_rows = mysql_num_rows($commentsfound);

if ($num_rows > 0)
{
echo("<hr><br>");
echo("<h2>Comments so far on this article:</h2><br><br>");
//check to see the article type by querying based on the variable $id
$query  = "SELECT * FROM tbl_comments  WHERE article_id = $id;";
$result = mysql_query($query);

	while ($row = mysql_fetch_assoc($result)) 
		{	
				foreach ($row as $field=>$value) 
			{
					if ($field == user)
					{
					$user = $value;
					}
					else if ($field == datestamp)
					{
					$datestamp = $value;
					}
					else if ($field == article_id)
					{
					$article_id = $value;
					}
					else if ($field == comments)
					{
					$comments = $value;
					}
			}


	$userid  = "SELECT username FROM tbl_users where id = '$user'";
	$select_user_id = mysql_query($userid);

	while ($row = mysql_fetch_assoc($select_user_id)) 
	{	
		foreach ($row as $field=>$value) 
		{
		if ($field==username)
		$usernamecomments = $value;
		}
	}	


			$year = substr("$datestamp", 0, 4);
			$month = substr("$datestamp", 4, 2);
			$day = substr("$datestamp", 6, 2);
			$hour = substr("$datestamp", 8, 2);
			$minute = substr("$datestamp", 10, 2);
			$seconds = substr("$datestamp", 12, 2);
			if ($hour < 12)
			{
			$ampm=am;
			}
			else
			{
			$ampm=pm;
			}				
			echo("<h5>$usernamecomments</h5>$day/$month/$year at $hour:$minute$ampm wrote:<br><br>");
			echo("$comments<br><br>");
			}

}
else 
{ 
} 




?>

liquorvicar

First you're asking for trouble if you allow form data to be inserted straight into your db:

$user = $id;
$datestamp = date("YmdHis");
$comments = $_POST['frm_comments'];
$comments = stripslashes($comments);

$insert_comments = "Insert into tbl_comments (user, datestamp, article_id, comments) VALUES('$user', '$datestamp', '$article_id', '$comments')";
$result1 = mysql_query($insert_comments);

look up mysql_real_escape_string .
and you may want to check for magic_quotes before you use stripslashes: http://uk.php.net/manual/en/function.get-magic-quotes-gpc.php (otherwise you could get into trouble if you ever switch servers or your php.ini changes).

Second, this code:

$userid  = "SELECT id FROM tbl_users where username = '$username'";
        $select_user_id = mysql_query($userid);

    while ($row = mysql_fetch_assoc($select_user_id))
    {    
        foreach ($row as $field=>$value)
        {
        if ($field==id)
        $id = $value;
        }
    }        

$user = $id;

can surely be reduced to just

$userid  = "SELECT id FROM tbl_users where username = '$username'";
$select_user_id = mysql_query($userid);
$row = mysql_fetch_assoc($select_user_id);
$user = intval($row['id']);

unless i'm much mistaken!

Finally, in answer to your question, one way to do it is to use the header function in PHP to redirect back to the same page once you have inserted the data into the db. Watch out though as you need to make sure nothing has been sent to the browser before you use a header redirect.

HairyArse

Hi - thanks for your reply. I have actually sorted this out now.

It's simply because I queried $id instead of $article_id - I changed variable names as I'd actually used $id in another context elsewhere which cocked things up.

But I will take note of your other points, particularly the one about stripslashes etc, as I'm new to all that stuff and it's definitely worth me learning about. 🙂

Thanks mate.