BetterPHP

Hi I'm here again because I have been looking around for 2 months now for this type of help and I have gotten pretty much no where with my website and I'm here right now to ask if anyone can assist me in creating a friend request system and a profile commenting script that works with jaceks profile tutorial and if anyone can I'll be truely grateful thanks smg

Nobody is just going to do it for you, but we can definitely help

Have you tried anything so far ?

yes i have been stuck on the commenting system... all i need to figure out is to have a comment to stay on the users profile which it should be on and not any other users profile. like a example when i post on my page it shows on everyone elses.

here are my codes if anyone can help and assist me:

Profile.php
[syntax=php]<?php

include('core/init.inc.php');

$user_info = fetch_user_info($_GET['uid']);

$commenting_form = '<form action="addcomment.php" method="post">
<table border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="2"><strong>Add Comment:</strong></td>
</tr>
<tr>
<td colspan="2" align="center"><textarea name="msg_message" id="msg_message" cols="50" rows="7" style="font-family:Courier New">Message</textarea></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="Add Comment" name="msg_submit" id="msg_submit" style="width:200px;" /></td>
</tr>
</table>
</form>';
$get_comments = mysql_query("SELECT * FROM `comments`");
$comments_count = mysql_num_rows($get_comments);
if ($comments_count>0)
{
while ($com = mysql_fetch_array($get_comments))
{
$id = $com['id'];
$title = $com['text'];
$message = $com['comment'];
$comment .= '<b>'.$title.'</b><br />'.$message.'<hr />';
}
$comment .= $commenting_form;
$page_title = $comments_count.' Comments';
}
else
{
$comment = 'there are no comments at the moment.<br />'.$commenting_form;
$page_title = 'NO COMMENTS';
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style type="text/css">
table { width: 800px; border-collapse: collapse; }
td, th { padding: 5px; border: solid 1px #444; }
</style>
<title><?php echo $user_info['username']; ?>'s Profile</title>
</head>
<body>
<center>
<?php
if (fetch_user_rank() == 1) {
// give permission
echo '<b><a href="index.php"><img src="ext/images/home.jpg"></a><a href="admin.php"><img src="ext/images/admin.jpg"></a><a href="status.php"><img src="ext/images/server-status.jpg"></a><a href="user_list.php"><img src="ext/images/members.jpg"></a><a href="edit_profile.php"><img src="ext/images/edit-profile.jpg"></a><a href="logout.php"><img src="ext/images/logout.jpg"></a></b>';
} else {
//redirect them
echo '<b><a href="index.php"><img src="ext/images/home.jpg"></a><a href="status.php"><img src="ext/images/server-status.jpg"></a><a href="user_list.php"><img src="ext/images/members.jpg"></a><a href="edit_profile.php"><img src="ext/images/edit-profile.jpg"></a><a href="logout.php"><img src="ext/images/logout.jpg"></a></b>';
}
?>
</center>


<table align="center" border="0" cellspacing="0" cellpadding="0">
<thead>
<tr>
<th width="250"><img src="<?php echo $user_info['avatar']; ?>" alt="Avatar" /></th>
<th><h1><?php echo $user_info['firstname']; ?> <?php echo $user_info['lastname']; ?></h1></th>
</tr>
</thead>
<tbody>
<?php

if ($user_info === false){
echo 'That user does NOT exist!';
}else if (fetch_user_rank() == 1) {
?>
<tr>
<td><p>Username: <?php echo $user_info['username']; ?></p></td>
<td><p>Gender: <?php echo ($user_info['gender'] == 1) ? 'Male' : 'Female'; ?></p></td>
</tr>
<tr>
<td><p>Location: <?php echo $user_info['location']; ?></p></td>
<td><p>Email: <?php echo $user_info['email']; ?></p></td>
</tr>
<tr>
<td><p>IP: <?php echo $user_info['ip']; ?></p></td>
<td><p>About Me:<br />
<?php echo $user_info['about']; ?>
</p></td>
</tr>
<tr>
<td colspan="2">
<?php echo $comment; ?><br /></td>
</tr>
<?php
}else if (fetch_user_rank() == 0){
?>
<tr>
<td><p>Username: <?php echo $user_info['username']; ?></p></td>
<td><p>Gender: <?php echo ($user_info['gender'] == 1) ? 'Male' : 'Female'; ?></p></td>
</tr>
<tr>
<td><p>Location: <?php echo $user_info['location']; ?></p></td>
<td><p>About Me:<br />
<?php echo $user_info['about']; ?>
</p></td>
</tr>
<tr>
<td colspan="2">
<?php echo $comment; ?><br /></td>
</tr>
<?php
}
?>
</tbody>
</table>
</body>
</html>[/syntax]

addcomment.php
[syntax=php]<?php

include('core/init.inc.php');

function cleanText($text)
{
$text = str_replace("\\", "\\\\", $text);
$text = str_replace("&", "&amp;", $text);
$text = str_replace("<", "&lt;", $text);
$text = str_replace(">", "&gt;", $text);
$text = str_replace("\"", "&qout;", $text);
$text = str_replace(" ", "&nbsp;", $text);
$text = str_replace("\n", "<br />", $text);
$text = str_replace("'", "''", $text);
return $text;
}

$msg_title = $_SESSION['user_username'];
$msg_message = cleanText($_POST['msg_message']);
$msg_submit = $_POST['msg_submit'];

if ($msg_submit&&$msg_title&&$msg_message)
{
mysql_query("INSERT INTO `comments` VALUES ('', '".$msg_title."', '".$msg_message."')");
}
$ref = $_SERVER['HTTP_REFERER'];
header( 'refresh: 0.1; url='.$ref);

?>[/syntax]

so if anyone can help me id greatly appreciate it

Try adding another column to your comments table and call it `User_id` or whatever you'd like.
Store the user id that the comment belongs to together with the comment and then select the comments where the user id is the same as the one in the URL.

okay im sorry but im very confused i added the user_id and now its not working and i need help with coding this sorry im still a noob at php coding :S

here is what i have so far...

Comments.sql:
[syntax=sql]CREATE TABLE IF NOT EXISTS `comments` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`user_id` int(11) NOT NULL,
`text` varchar(50) NOT NULL,
`comment` text NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=5 ;

--
-- Dumping data for table `comments`
--

INSERT INTO `comments` (`id`, `user_id`, `text`, `comment`) VALUES
(1, 0, 'smg', 'im&nbsp;bored&nbsp;lets&nbsp;do&nbsp;something&nbsp;ok?'),
(2, 0, 'demo', 'uhm&nbsp;like&nbsp;what&nbsp;noob?'),
(3, 0, 'Smg', 'your&nbsp;the&nbsp;noob!&nbsp;lol'),
(4, 0, 'Smg', 'Message');

[/syntax]

and i need help with making the code into my script and thank you for helping me

The first thing you need to do is figure out which user's profile the comment is posted on and store that users ID in a variable.
Then, insert that user ID into the `user_id` column in your table.

Second thing you need to do is get the $_GET['uid'] variable and write some SQL to get the comments where `user_id` is equal to $_GET['uid'].

If you need further assistance, feel free to post.

ok thank you this is helping me a lot now i did this and im able to post but it just shows on my profile any way you can help me figure out how to make it goto the file needed? meaning the users id?

profile.php Snippet:
[syntax=php]$get_comments = mysql_query("SELECT * FROM `comments` WHERE `user_id` = {$_GET['uid']}");
$comments_count = mysql_num_rows($get_comments);
if ($comments_count>0)
{
while ($com = mysql_fetch_array($get_comments))
{
$id = $com['id'];
$user_id = $com['user_id'];
$title = $com['text'];
$message = $com['comment'];
$comment .= '<b>'.$title.'</b><br />'.$message.'<hr />';
}
$comment .= $commenting_form;
$page_title = $comments_count.' Comments';
}[/syntax]

addcomment.php Snippet:
[syntax=php]$user_id =
$msg_title = $_SESSION['user_username'];
$msg_message = cleanText($_POST['msg_message']);
$msg_submit = $_POST['msg_submit'];


if ($msg_submit&&$user_id&&$msg_title&&$msg_message)
{
mysql_query("INSERT INTO `comments` VALUES ('', '".$user_id."', '".$msg_title."', '".$msg_message."')");
}
$ref = $_SERVER['HTTP_REFERER'];
header( 'refresh: 0.1; url='.$ref);

?>[/syntax]

One thing you can do is assign the $_GET['uid'] variable to a $_POST variable in profile.php
[syntax=php]$_POST['user_id'] = $_GET['uid'][/syntax]
when you send the form, you get the $_POST['user_id'] and assign it to the $user_id variable in addcomment.php

Also, since both $_POST and $_GET variables are set by the user, you really want to clean the information before entering it in your sql.

mysql_real_escape_string for strings and (int) typecasting for integers should be enough.

ok i did that and its still not working :S and i am still confused.

addcomment.php
[syntax=php]$user_id = $_POST['user_id'];
$msg_title = $_SESSION['user_username'];
$msg_message = cleanText($_POST['msg_message']);
$msg_submit = $_POST['msg_submit'];


if ($msg_submit&&$user_id&&$msg_title&&$msg_message)
{
mysql_query("INSERT INTO `comments` VALUES ('', '".$user_id."', '".$msg_title."', '".$msg_message."')");
}
$ref = $_SERVER['HTTP_REFERER'];
header( 'refresh: 0.1; url='.$ref);
[/syntax]

profile.php
[syntax=php]$commenting_form = '<form action="addcomment.php" method="post">
<table border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="2"><strong>Add Comment:</strong></td>
</tr>
<tr>
<td colspan="2" align="center"><textarea name="msg_message" id="msg_message" cols="50" rows="7" style="font-family:Courier New">Message</textarea></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="Add Comment" name="msg_submit" id="msg_submit" style="width:200px;" /></td>
</tr>
</table>
</form>';

$get_comments = mysql_query("SELECT * FROM `comments` WHERE `user_id` = {$_POST['user_id']}");
$_POST['user_id'] = $_GET['uid'];
$comments_count = mysql_num_rows($get_comments);
if ($comments_count>0)
{
while ($com = mysql_fetch_array($get_comments))
{
$id = $com['id'];
$user_id = $com['user_id'];
$title = $com['text'];
$message = $com['comment'];
$comment .= '<b>'.$title.'</b><br />'.$message.'<hr />';
}
$comment .= $commenting_form;
$page_title = $comments_count.' Comments';
}
else
{
$comment = 'there are no comments at the moment.<br />'.$commenting_form;
$page_title = 'NO COMMENTS';
}[/syntax]

[syntax=php]$get_comments = mysql_query("SELECT * FROM `comments` WHERE `user_id` = {$_POST['user_id']}");
$_POST['user_id'] = $_GET['uid'];[/syntax]

that won't work.
$_POST['user_id'] won't be set until after you need it. Swap the lines around.

ok i did what you said now its not posting comments how would i make that work?

it could be that you're using too many quotes around your variables.

[syntax=php]mysql_query("INSERT INTO `comments` VALUES ('', '{$user_id}', '{$msg_title}', '{$msg_message}')");[/syntax]

do like that instead.

ok i changed my code into the code you submitted for me but i think it is in addcomment.php i tried it and it still did not add the message so what else could it be?

here is my full codes for profile.php and addcomment.php

**edit**
i was thinking about this code... and i was wondering if i could change it into "function get_user_id" to get the user id needed?
how could i do that in this function and how can i change it to make it work?

[syntax=php]function fetch_current_user_id($username){
$sql = "SELECT `user_id` FROM `users` WHERE `user_username` = '{$_SESSION['user_username']}'";

$result = mysql_query($sql);
return mysql_result($result, 0);
}[/syntax]

profile
[syntax=php]<?php

include('core/init.inc.php');

$user_info = fetch_user_info($_GET['uid']);

$commenting_form = '<form action="addcomment.php" method="post">
<table border="0" cellspacing="0" cellpadding="0">
<tr>
<td colspan="2"><strong>Add Comment:</strong></td>
</tr>
<tr>
<td colspan="2" align="center"><textarea name="msg_message" id="msg_message" cols="50" rows="7" style="font-family:Courier New">Message</textarea></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit" value="Add Comment" name="msg_submit" id="msg_submit" style="width:200px;" /></td>
</tr>
</table>
</form>';

$_POST['user_id'] = $_GET['uid'];
$get_comments = mysql_query("SELECT * FROM `comments` WHERE `user_id` = {$_POST['user_id']}");
$comments_count = mysql_num_rows($get_comments);
if ($comments_count>0)
{
while ($com = mysql_fetch_array($get_comments))
{
$id = $com['id'];
$user_id = $com['user_id'];
$title = $com['text'];
$message = $com['comment'];
$comment .= '<b>'.$title.'</b><br />'.$message.'<hr />';
}
$comment .= $commenting_form;
$page_title = $comments_count.' Comments';
}
else
{
$comment = 'there are no comments at the moment.<br />'.$commenting_form;
$page_title = 'NO COMMENTS';
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<style type="text/css">
table { width: 800px; border-collapse: collapse; }
td, th { padding: 5px; border: solid 1px #444; }
</style>
<title><?php echo $user_info['username']; ?>'s Profile</title>
</head>
<body>
<center>
<?php
if (fetch_user_rank() == 1) {
// give permission
echo '<b><a href="index.php"><img src="ext/images/home.jpg"></a><a href="admin.php"><img src="ext/images/admin.jpg"></a><a href="status.php"><img src="ext/images/server-status.jpg"></a><a href="user_list.php"><img src="ext/images/members.jpg"></a><a href="edit_profile.php"><img src="ext/images/edit-profile.jpg"></a><a href="logout.php"><img src="ext/images/logout.jpg"></a></b>';
} else {
//redirect them
echo '<b><a href="index.php"><img src="ext/images/home.jpg"></a><a href="status.php"><img src="ext/images/server-status.jpg"></a><a href="user_list.php"><img src="ext/images/members.jpg"></a><a href="edit_profile.php"><img src="ext/images/edit-profile.jpg"></a><a href="logout.php"><img src="ext/images/logout.jpg"></a></b>';
}
?>
</center>


<table align="center" border="0" cellspacing="0" cellpadding="0">
<thead>
<tr>
<th width="250"><img src="<?php echo $user_info['avatar']; ?>" alt="Avatar" /></th>
<th><h1><?php echo $user_info['firstname']; ?> <?php echo $user_info['lastname']; ?></h1></th>
</tr>
</thead>
<tbody>
<?php

if ($user_info === false){
echo 'That user does NOT exist!';
}else if (fetch_user_rank() == 1) {
?>
<tr>
<td><p>Username: <?php echo $user_info['username']; ?></p></td>
<td><p>Gender: <?php echo ($user_info['gender'] == 1) ? 'Male' : 'Female'; ?></p></td>
</tr>
<tr>
<td><p>Location: <?php echo $user_info['location']; ?></p></td>
<td><p>Email: <?php echo $user_info['email']; ?></p></td>
</tr>
<tr>
<td><p>IP: <?php echo $user_info['ip']; ?></p></td>
<td><p>About Me:<br />
<?php echo $user_info['about']; ?>
</p></td>
</tr>
<tr>
<td colspan="2">
<?php echo $comment; ?><br /></td>
</tr>
<?php
}else if (fetch_user_rank() == 0){
?>
<tr>
<td><p>Username: <?php echo $user_info['username']; ?></p></td>
<td><p>Gender: <?php echo ($user_info['gender'] == 1) ? 'Male' : 'Female'; ?></p></td>
</tr>
<tr>
<td><p>Location: <?php echo $user_info['location']; ?></p></td>
<td><p>About Me:<br />
<?php echo $user_info['about']; ?>
</p></td>
</tr>
<tr>
<td colspan="2">
<?php echo $comment; ?><br /></td>
</tr>
<?php
}
?>
</tbody>
</table>
</body>
</html>[/syntax]

addcomment.php
[syntax=php]<?php

include('core/init.inc.php');

function cleanText($text)
{
$text = str_replace("\\", "\\\\", $text);
$text = str_replace("&", "&amp;", $text);
$text = str_replace("<", "&lt;", $text);
$text = str_replace(">", "&gt;", $text);
$text = str_replace("\"", "&qout;", $text);
$text = str_replace(" ", "&nbsp;", $text);
$text = str_replace("\n", "<br />", $text);
$text = str_replace("'", "''", $text);
return $text;
}

$user_id = $_POST['user_id'];
$msg_title = $_SESSION['user_username'];
$msg_message = cleanText($_POST['msg_message']);
$msg_submit = $_POST['msg_submit'];


if ($msg_submit&&$user_id&&$msg_title&&$msg_message)
{
mysql_query("INSERT INTO `comments` VALUES ('', '{$user_id}', '{$msg_title}', '{$msg_message}')");
}
$ref = $_SERVER['HTTP_REFERER'];
header( 'refresh: 0.1; url='.$ref);

?>[/syntax]

I'm sorry, that's my bad. The data wont transfer between pages if the $_POST value is from outside the form.
you could put in another field in the form. Make the input type hidden and call it "user_id" and give it the value of $_GET['uid'].

THANK YOU SO DAMN MUCH I FIGURED IT OUT XD OMFG THANK YOU TEMOR!

Was that the problem or was it something else?

Glad you got it to work.