PHP评论系统

Question

我试图用PHP和Mysql建立一个评论系统。我想链接一个有很多评论的帖子。所以我有一个posts表和一个comments表。comments表有一个外键post_id，它类似于posts表的id列(这是posts表中的主键)。管理员添加帖子后，将使用该帖子的id插入post_id列。这意味着当添加注释时，某人必须更新comments表，在我的例子中，它不需要更新。

if(isset($_POST['cmt-btn'])){
if(!empty($_GET['id'])){
    $current_id = $_GET['myid'];
    echo $current_id;
    $comment = filter_var($_POST['comment'], FILTER_SANITIZE_STRING);
    $author = filter_var($_POST['author_name'], FILTER_SANITIZE_STRING);
    $post_id = $current_id;
    $time = now();  
    $sql = "UPDATE comments SET comments = '$comment', author = '$author', timeposted = '$time' WHERE post_id = '$current_id'";
    $result = $connection->query($sql);
}

comment表只是用NULL填充空列。我似乎不知道问题出在哪里。

Answer 1

首先，您需要插入而不是更新，并使用prepare语句来防止SQL注入。请找到代码来执行此操作

$comment = "This is Comment";
$author = "Nikita";
$post_id = 1;
$time = "12:00:00";

function insertComment($comment,$author,$post_id,$time){
  global $mysqli;
  $stmt = $mysqli->prepare("INSERT INTO comments(
    comments,
    author,
    timeposted,
    post_id
     )VALUES (
      ?,
      ?,
      ?,
      ?
    )");
    $stmt->bind_param("ssss",$comment,$author,$post_id,$time);
    $stmt->execute();
    $inserted_id = $mysqli->insert_id;
    return $instered_id;
 }
 $sql = insertComment($comment,$author,$post_id,$time);
 echo $sql;