Stop comments form resubmitting same information on page refresh

  • (2 Pages)
  • +
  • 1
  • 2

17 Replies - 9221 Views - Last Post: 06 July 2011 - 01:34 PM Rate Topic: -----

#1 maxwell@  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 45
  • Joined: 23-March 11

Stop comments form resubmitting same information on page refresh

Posted 03 July 2011 - 04:02 PM

Hi

I have a webpage with a comments form.
Currently when the form is submitted the page reloads and the comment
appears on the page.
If I refresh the page the same comment is again added to the page.

I thought perhaps I could load a blank page that redirects back to my comments page in say 3 or 4 seconds!
Or is there a better way?

This is the form and variable referenced in the action attribute.

$_action = $_SERVER['PHP_SELF'] . '?id=' . $_id . '&software_id=' . $_soft_id;

<form method="post" action="<?php echo $_action; ?>">
	<table>
  <input type="hidden" name="id" value="<?php echo $_id; ?>"/>
	  <br/>
	 <input type="hidden" name="software_id" value="<?php echo $_soft_id; ?>"/>
     <tr><td>Name:</td></tr>
	  <tr>
	    <td> <input name="name" type="text" value="" size="45" /></td></tr>
       <tr><td>Email:</td></tr>
        <tr><td><input type="text" name="email" value="" size="45" /></td></tr>
        <tr><td>Comment:</td></tr>
   <tr><td><textarea cols="80" rows="6" name="comment" value="" ></textarea></td></tr>    
   <tr><td><input type="submit" name="submit" value="Add Comment" /></td><td>&nbsp;</td></tr>
  </table>
</form>


Best regards Maxwell



Is This A Good Question/Topic? 0
  • +

Replies To: Stop comments form resubmitting same information on page refresh

#2 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3719
  • View blog
  • Posts: 5,991
  • Joined: 08-June 10

Re: Stop comments form resubmitting same information on page refresh

Posted 03 July 2011 - 05:08 PM

Typically you send the form to a second page, and then redirect back. Then you'll have to use the back button to resubmit, and the browser will show you a "Are you sure you want to do this?" dialog first.

However, if you want to keep it all on one page, you could do something like this:
session_start(); // In case you don't do this already.

function add_comment()
{
    if (isset($_POST['comment'])) {
        // Create a MD5 hash based on the comment text.
        $comment_hash = md5($_POST['comment']);
        
        // See if the comment hash matches the hash created 
        // when the user added his last comment.
        if (isset($_SESSION['last_comment_hash']) && $_SESSION['last_comment_hash'] == $comment_hash) {
            // If it does, don't add the comment.
            return false;
        }
        else {
            // If it doesn't, add the hash to the session
            $_SESSION['last_comment_hash'] = $comment_hash;
            
            // And then add the comment to the database and refresh.
            // ...
        }
    }
}


Get what I mean?
Was This Post Helpful? 1
  • +
  • -

#3 noorahmad  Icon User is offline

  • Untitled
  • member icon

Reputation: 209
  • View blog
  • Posts: 2,290
  • Joined: 12-March 09

Re: Stop comments form resubmitting same information on page refresh

Posted 04 July 2011 - 12:58 AM

use header after comment inserted.
Example:

if($insertQuery){
     header("Location: pagename.php");
}


Was This Post Helpful? 1
  • +
  • -

#4 codeprada  Icon User is offline

  • Changed Man With Different Priorities
  • member icon

Reputation: 947
  • View blog
  • Posts: 2,356
  • Joined: 15-February 11

Re: Stop comments form resubmitting same information on page refresh

Posted 04 July 2011 - 06:59 AM

Ultimately separating your PHP from HTML will prevent such a problem. If you really don't want to leave the page utilize Ajax.
Was This Post Helpful? 0
  • +
  • -

#5 maxwell@  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 45
  • Joined: 23-March 11

Re: Stop comments form resubmitting same information on page refresh

Posted 04 July 2011 - 12:43 PM


Hi

I tried adding the add_comment() function to my page with no effect.
Can you please advise how the function should be used?
A SESSION has already been started when the user logged in.

function add_comment()
{
    if (isset($_POST['comment'])) {
      $comment_hash = md5($_POST['comment']);
        
       if (isset($_SESSION['last_comment_hash']) && $_SESSION['last_comment_hash'] == $comment_hash) {
           return false;
        }
        else {
         $_SESSION['last_comment_hash'] = $comment_hash;
        }
    }
}


try {  

$pdo = new PDO("mysql:host=$hostname;dbname=abe", $username, $password); 

}catch (PDOExeption $e){  

 echo $e->getMessage();  
 } 
 
// extract $_GET values from URL

$_def_soft_id = 1;
$_def_id = 9876;

$_soft_id = isset($_GET['software_id']) ? $_GET['software_id'] : $_def_soft_id;
$_id = isset($_GET['id']) ? $_GET['id'] : $_def_id;

$_action = $_SERVER['PHP_SELF'] . '?id=' . $_id . '&amp;software_id=' . $_soft_id;

//////////////////////////////////////////////////

// insert contents of form fields into the database
 
if(isset($_POST['submit'])) {
$mysql = new mysqli('127.0.0.1','root','root','abe') or die('There was a problem connecting to the database');
if($stmt = $mysql->prepare('INSERT INTO guest(name, email, comment, software_id) VALUES (?,?,?,?)')) {

$stmt->bind_param('sssi',$_POST['name'],$_POST['email'],$_POST['comment'],$_POST['software_id']);
	
$stmt->execute();


$stmt->close();
} else {
  echo 'error: ' . $mysql->error;
}
}

////////////////////////////////////////////

// display database contents on in table

$dbh = $pdo->prepare("SELECT `date`, `name`, `email`, `comment`, `software_id` FROM `guest` WHERE `software_id` = ? ORDER BY `date` DESC"); 

$dbh->bindValue(1, $_GET['software_id'], PDO::PARAM_INT);

$dbh->execute();   
$dbh->setFetchMode(PDO::FETCH_ASSOC); 

while($row = $dbh->fetch()) {echo '<table width="100%" cellspacing="0" cellpadding="3" class="tablebg">
        <tr class="formlabels">
          <td align="left" class="tl" width="40%">Author:&nbsp;'.$row['name'].'</td>
          <td width="45%" align="left">Date:&nbsp;'.$row['date'].'</td>
          <td width="15%" align="center" class="tr"><a href="mailto:'.$row['email'].'">Email Author</a></td>
          </tr>
        <tr class="formlabels">
          <td colspan="4" class="bl">'.$row['comment'].'</td>
          </tr>
      </table>';
	  }
	   
///////////////////////////////////////////
?>


<html>
<head>
<link rel="stylesheet" href="styles.css" type="text/css" media="screen" />
</head>
<body>
<hr />
<form method="post" action="<?php echo $_action; ?>">
	<table>
  <input type="hidden" name="id" value="<?php echo $_id; ?>"/>
	  <br/>
	 <input type="hidden" name="software_id" value="<?php echo $_soft_id; ?>"/>
     <tr><td>Name:</td></tr>
	  <tr>
	    <td> <input name="name" type="text" value="" size="45" /></td></tr>
       <tr><td>Email:</td></tr>
        <tr><td><input type="text" name="email" value="" size="45" /></td></tr>
        <tr><td>Comment:</td></tr>
   <tr><td><textarea cols="80" rows="6" name="comment" value="" ></textarea></td></tr>    
   <tr><td><input type="submit" name="submit" value="Add Comment" /></td><td>&nbsp;</td></tr>
  </table>
</form>
<br />
<br />
</body>
</html>














View PostAtli, on 03 July 2011 - 05:08 PM, said:

Typically you send the form to a second page, and then redirect back. Then you'll have to use the back button to resubmit, and the browser will show you a "Are you sure you want to do this?" dialog first.

However, if you want to keep it all on one page, you could do something like this:
session_start(); // In case you don't do this already.

function add_comment()
{
    if (isset($_POST['comment'])) {
        // Create a MD5 hash based on the comment text.
        $comment_hash = md5($_POST['comment']);
        
        // See if the comment hash matches the hash created 
        // when the user added his last comment.
        if (isset($_SESSION['last_comment_hash']) && $_SESSION['last_comment_hash'] == $comment_hash) {
            // If it does, don't add the comment.
            return false;
        }
        else {
            // If it doesn't, add the hash to the session
            $_SESSION['last_comment_hash'] = $comment_hash;
            
            // And then add the comment to the database and refresh.
            // ...
        }
    }
}


Get what I mean?

Was This Post Helpful? 0
  • +
  • -

#6 SirHenrik  Icon User is offline

  • New D.I.C Head

Reputation: 17
  • View blog
  • Posts: 31
  • Joined: 31-December 10

Re: Stop comments form resubmitting same information on page refresh

Posted 04 July 2011 - 04:20 PM

I think you should consider the header() function as noorahmad suggested.

Atleast this worked fine in my testing area. When i went back in the history (pressed the back-button) it did not act to earlier post request. I tested with Chrome, Internet Explorer and Firefox.

Proof-of-concept code (source)
<?php

// If anything was posted, run this juice
if(isset($_POST['submit']))
{

/* ..
 * Insert database insert stuff here
 * ..
*/

header('Location: index.php');

}
// If NOT anything was posted (this doesn't have to be here)
else
{
}
?>

<html>
<head>
</head>
<body>
<form method="post" action="this_file.php">
<input type="text" name="user_input" />
<input type="submit" name="submit" value="POST IT" />
</form>
</body>
</html>


This post has been edited by SirHenrik: 04 July 2011 - 04:22 PM

Was This Post Helpful? 0
  • +
  • -

#7 maxwell@  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 45
  • Joined: 23-March 11

Re: Stop comments form resubmitting same information on page refresh

Posted 04 July 2011 - 05:11 PM

Hi

Thanks for the help!

I added

header('Location: comment_confirm.php');

to my comments page

then added

header('Location: fulltitle.php');

to comment_confirm.php

The redirect works seamlessly but I loose the two URL parameters id and software_id

This is the code that places the parameters in the URL

<a href="fulltitle.php?software_id=<?php echo $row_rsTitles['id']; ?>&amp;id=<?php echo $row_rsTitles['id']; ?>">Read / Make Comments About This Software</a>



This is the code that extracts the URL parameters on the fulltitle.php page and allows me to
access them when I submit the comments form.

$_def_soft_id = 1;
$_def_id = 9876;

$_soft_id = isset($_GET['software_id']) ? $_GET['software_id'] : $_def_soft_id;
$_id = isset($_GET['id']) ? $_GET['id'] : $_def_id;

$_action = $_SERVER['PHP_SELF'] . '?id=' . $_id . '&amp;software_id=' . $_soft_id;



Is there a way to combine these on my comment_confirm.php page so that thew same URL parameters
are in the URL when it redirects?

Best regards Maxwell

Was This Post Helpful? 0
  • +
  • -

#8 maniacalsounds  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 117
  • View blog
  • Posts: 472
  • Joined: 27-June 10

Re: Stop comments form resubmitting same information on page refresh

Posted 04 July 2011 - 08:40 PM

Can't you simply use $_GET requests for each page?

Like:
header("Location: comment_confirm.php?" . $VARIABLES);

If you keep passing it page to page, it works fine. :) Hope this helps.
Was This Post Helpful? 0
  • +
  • -

#9 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3719
  • View blog
  • Posts: 5,991
  • Joined: 08-June 10

Re: Stop comments form resubmitting same information on page refresh

Posted 05 July 2011 - 12:01 AM

View Postmaxwell@, on 04 July 2011 - 07:43 PM, said:

I tried adding the add_comment() function to my page with no effect.
Can you please advise how the function should be used?

It's only an example, to explain the method I was suggesting, not something you can just drop into your code. You'll have to implement it in a way that fits your existing code.

Also, you never even call the function so there is little chance of it actually doing anything.

Another huge concern about the code you posted. On line #18 you open a connection to MySQL via PDO, and on line #40 you open another connection via MySQLi. Why are you opening two connections to MySQL? You could use either one for both your queries and save yourself the overhead.

Also, you seem to be echoing a table based on your PDO query before opening the <html> tag in the following HTML code. That, and the lack of a doctype declaration, will definitely throw the browser into quirks mode, which is just... bad. Causes all sorts of rendering incompatibilities and other funky behavior.

View Postmaxwell@, on 04 July 2011 - 07:43 PM, said:

A SESSION has already been started when the user logged in.

A session needs to be started on every page that uses a session, otherwise the session data will be unavailable to that page. We call it "starting" a session because of the session_start() function, but in fact after the first page it's more like "resuming" the session.
Was This Post Helpful? 1
  • +
  • -

#10 maxwell@  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 45
  • Joined: 23-March 11

Re: Stop comments form resubmitting same information on page refresh

Posted 05 July 2011 - 04:41 AM

Hi

Thanks for your help!
I have moved the table code into the document body and added a DOCTYPE declaration.
Also removed the mysqli connection.
When I submit the form, I now get the following error -

Fatal error: Call to undefined method PDOStatement::bind_param()


try {  

$pdo = new PDO("mysql:host=$hostname;dbname=abe", $username, $password); 

}catch (PDOExeption $e){  

 echo $e->getMessage();  
 } 
 
// extract $_GET values from URL

$_def_soft_id = 1;
$_def_id = 9876;

$_soft_id = isset($_GET['software_id']) ? $_GET['software_id'] : $_def_soft_id;
$_id = isset($_GET['id']) ? $_GET['id'] : $_def_id;

$_action = $_SERVER['PHP_SELF'] . '?id=' . $_id . '&amp;software_id=' . $_soft_id;

//////////////////////////////////////////////////

// insert contents of form fields into the database
 
if(isset($_POST['submit'])) {

if($stmt = $pdo->prepare('INSERT INTO guest(name, email, comment, software_id) VALUES (?,?,?,?)')) {

$stmt->bind_param('sssi',$_POST['name'],$_POST['email'],$_POST['comment'],$_POST['software_id']);
	
$stmt->execute();


$stmt->close();

header('Location: comment_confirm.php');

} else {
  echo 'error: ' . $mysql->error;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link rel="stylesheet" href="styles.css" type="text/css" media="screen" />
</head>
<body>
<?php $dbh = $pdo->prepare("SELECT `date`, `name`, `email`, `comment`, `software_id` FROM `guest` WHERE `software_id` = ? ORDER BY `date` DESC"); 

$dbh->bindValue(1, $_GET['software_id'], PDO::PARAM_INT); // assuming it's an integer    

$dbh->execute();   
$dbh->setFetchMode(PDO::FETCH_ASSOC); 

while($row = $dbh->fetch()) {echo '<table width="100%" cellspacing="0" cellpadding="3" class="tablebg">
        <tr class="formlabels">
          <td align="left" class="tl" width="40%">Author:&nbsp;'.$row['name'].'</td>
          <td width="45%" align="left">Date:&nbsp;'.$row['date'].'</td>
          <td width="15%" align="center" class="tr"><a href="mailto:'.$row['email'].'">Email Author</a></td>
          </tr>
        <tr class="formlabels">
          <td colspan="4" class="bl">'.$row['comment'].'</td>
          </tr>
      </table>';
	  }
	   ?>
<hr />
<form method="post" action="<?php echo $_action; ?>">
	<table>
  <input type="hidden" name="id" value="<?php echo $_id; ?>"/>
	  <br/>
	 <input type="hidden" name="software_id" value="<?php echo $_soft_id; ?>"/>
     <tr><td>Name:</td></tr>
	  <tr>
	    <td> <input name="name" type="text" value="" size="45" /></td></tr>
       <tr><td>Email:</td></tr>
        <tr><td><input type="text" name="email" value="" size="45" /></td></tr>
        <tr><td>Comment:</td></tr>
   <tr><td><textarea cols="80" rows="6" name="comment" value="" ></textarea></td></tr>    
   <tr><td><input type="submit" name="submit" value="Add Comment" /></td><td>&nbsp;</td></tr>
  </table>
</form>
<br />
<br />
   </body>
</html>



Best regards Maxwell



Was This Post Helpful? 0
  • +
  • -

#11 codeprada  Icon User is offline

  • Changed Man With Different Priorities
  • member icon

Reputation: 947
  • View blog
  • Posts: 2,356
  • Joined: 15-February 11

Re: Stop comments form resubmitting same information on page refresh

Posted 05 July 2011 - 05:30 AM

You're confusing PDO with MySQLi. It's bindParam and not bind_param
Your parameters all wrong too. Check out this link.
Was This Post Helpful? 1
  • +
  • -

#12 maxwell@  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 45
  • Joined: 23-March 11

Re: Stop comments form resubmitting same information on page refresh

Posted 05 July 2011 - 04:15 PM


Hi

I am now using bindParam but getting following error

Fatal error: Call to undefined method PDO::createCommand()


 
try {  

$pdo = new PDO("mysql:host=$hostname;dbname=abe", $username, $password); 

}catch (PDOExeption $e){  

 echo $e->getMessage();  
 } 
 
// extract $_GET values from URL

$_def_soft_id = 1;
$_def_id = 9876;

$_soft_id = isset($_GET['software_id']) ? $_GET['software_id'] : $_def_soft_id;
$_id = isset($_GET['id']) ? $_GET['id'] : $_def_id;

$_action = $_SERVER['PHP_SELF'] . '?id=' . $_id . '&amp;software_id=' . $_soft_id;

//////////////////////////////////////////////////

// insert contents of form fields into the database
 
if(isset($_POST['submit'])) {

$sql="INSERT INTO guest (name, email, comment, software_id) VALUES(:name,:email,:comment,:software_id)";
if($command=$pdo->createCommand($sql)){

$command->bindParam(":username",$_POST['name'],PDO::PARAM_STR);
$command->bindParam(":email",$_POST['email'],PDO::PARAM_STR);
$command->bindParam(":comment",$_POST['comment'],PDO::PARAM_STR);
$command->bindParam(":software_id",$_POST['software_id'],PDO::PARAM_INT);
$command->execute();

$command->close();

header('Location: comment_confirm.php');

} else {
  echo 'error: ' . $mysql->error;
}
}



Was This Post Helpful? 0
  • +
  • -

#13 codeprada  Icon User is offline

  • Changed Man With Different Priorities
  • member icon

Reputation: 947
  • View blog
  • Posts: 2,356
  • Joined: 15-February 11

Re: Stop comments form resubmitting same information on page refresh

Posted 05 July 2011 - 09:27 PM

You should visit here before trying to call non-existent functions.

I would believe you meant
$command = $pdo->prepare($sql)

Was This Post Helpful? 2
  • +
  • -

#14 maxwell@  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 45
  • Joined: 23-March 11

Re: Stop comments form resubmitting same information on page refresh

Posted 06 July 2011 - 02:18 AM

Hi

Can you please more clearly explain the following, especially the $VARIABLES part.


Quote

Can't you simply use $_GET requests for each page?

Like:
header("Location: comment_confirm.php?" . $VARIABLES);

If you keep passing it page to page, it works fine. Hope this helps



Best regards Maxwell

Was This Post Helpful? 0
  • +
  • -

#15 maxwell@  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 45
  • Joined: 23-March 11

Re: Stop comments form resubmitting same information on page refresh

Posted 06 July 2011 - 02:26 AM

View Postmaxwell@, on 05 July 2011 - 04:41 AM, said:

Hi

Thanks for your help!
I have moved the table code into the document body and added a DOCTYPE declaration.
Also removed the mysqli connection.
When I submit the form, I now get the following error -

Fatal error: Call to undefined method PDOStatement::bind_param()


try {  

$pdo = new PDO("mysql:host=$hostname;dbname=abe", $username, $password); 

}catch (PDOExeption $e){  

 echo $e->getMessage();  
 } 
 
// extract $_GET values from URL

$_def_soft_id = 1;
$_def_id = 9876;

$_soft_id = isset($_GET['software_id']) ? $_GET['software_id'] : $_def_soft_id;
$_id = isset($_GET['id']) ? $_GET['id'] : $_def_id;

$_action = $_SERVER['PHP_SELF'] . '?id=' . $_id . '&amp;software_id=' . $_soft_id;

//////////////////////////////////////////////////

// insert contents of form fields into the database
 
if(isset($_POST['submit'])) {

if($stmt = $pdo->prepare('INSERT INTO guest(name, email, comment, software_id) VALUES (?,?,?,?)')) {

$stmt->bind_param('sssi',$_POST['name'],$_POST['email'],$_POST['comment'],$_POST['software_id']);
	
$stmt->execute();


$stmt->close();

header('Location: comment_confirm.php');

} else {
  echo 'error: ' . $mysql->error;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link rel="stylesheet" href="styles.css" type="text/css" media="screen" />
</head>
<body>
<?php $dbh = $pdo->prepare("SELECT `date`, `name`, `email`, `comment`, `software_id` FROM `guest` WHERE `software_id` = ? ORDER BY `date` DESC"); 

$dbh->bindValue(1, $_GET['software_id'], PDO::PARAM_INT); // assuming it's an integer    

$dbh->execute();   
$dbh->setFetchMode(PDO::FETCH_ASSOC); 

while($row = $dbh->fetch()) {echo '<table width="100%" cellspacing="0" cellpadding="3" class="tablebg">
        <tr class="formlabels">
          <td align="left" class="tl" width="40%">Author:&nbsp;'.$row['name'].'</td>
          <td width="45%" align="left">Date:&nbsp;'.$row['date'].'</td>
          <td width="15%" align="center" class="tr"><a href="mailto:'.$row['email'].'">Email Author</a></td>
          </tr>
        <tr class="formlabels">
          <td colspan="4" class="bl">'.$row['comment'].'</td>
          </tr>
      </table>';
	  }
	   ?>
<hr />
<form method="post" action="<?php echo $_action; ?>">
	<table>
  <input type="hidden" name="id" value="<?php echo $_id; ?>"/>
	  <br/>
	 <input type="hidden" name="software_id" value="<?php echo $_soft_id; ?>"/>
     <tr><td>Name:</td></tr>
	  <tr>
	    <td> <input name="name" type="text" value="" size="45" /></td></tr>
       <tr><td>Email:</td></tr>
        <tr><td><input type="text" name="email" value="" size="45" /></td></tr>
        <tr><td>Comment:</td></tr>
   <tr><td><textarea cols="80" rows="6" name="comment" value="" ></textarea></td></tr>    
   <tr><td><input type="submit" name="submit" value="Add Comment" /></td><td>&nbsp;</td></tr>
  </table>
</form>
<br />
<br />
   </body>
</html>



Best regards Maxwell





Corrected code

try {  

$pdo = new PDO("mysql:host=$hostname;dbname=abe", $username, $password); 

}catch (PDOExeption $e){  

 echo $e->getMessage();  
 } 
 
// extract $_GET values from URL

$_def_soft_id = 1;
$_def_id = 9876;

$_soft_id = isset($_GET['software_id']) ? $_GET['software_id'] : $_def_soft_id;
$_id = isset($_GET['id']) ? $_GET['id'] : $_def_id;

$_action = $_SERVER['PHP_SELF'] . '?id=' . $_id . '&amp;software_id=' . $_soft_id;

//////////////////////////////////////////////////

// insert contents of form fields into the database
 
if(isset($_POST['submit'])) {

$sql="INSERT INTO guest (name, email, comment, software_id) VALUES(:name,:email,:comment,:software_id)";
if(
$command = $pdo->prepare($sql)){

$command->bindParam(":name",$_POST['name'],PDO::PARAM_STR);
$command->bindParam(":email",$_POST['email'],PDO::PARAM_STR);
$command->bindParam(":comment",$_POST['comment'],PDO::PARAM_STR);
$command->bindParam(":software_id",$_POST['software_id'],PDO::PARAM_INT);
$command->execute();

$command = null;

header('Location: comment_confirm.php');

} else {
  echo 'error: ' . $mysql->error;
}
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<link rel="stylesheet" href="styles.css" type="text/css" media="screen" />
</head>
<body>
<?php $dbh = $pdo->prepare("SELECT `date`, `name`, `email`, `comment`, `software_id` FROM `guest` WHERE `software_id` = ? ORDER BY `date` DESC"); 

$dbh->bindValue(1, $_GET['software_id'], PDO::PARAM_INT); // assuming it's an integer    

$dbh->execute();   
$dbh->setFetchMode(PDO::FETCH_ASSOC); 

while($row = $dbh->fetch()) {echo '<table width="100%" cellspacing="0" cellpadding="3" class="tablebg">
        <tr class="formlabels">
          <td align="left" class="tl" width="40%">Author:&nbsp;'.$row['name'].'</td>
          <td width="45%" align="left">Date:&nbsp;'.$row['date'].'</td>
          <td width="15%" align="center" class="tr"><a href="mailto:'.$row['email'].'">Email Author</a></td>
          </tr>
        <tr class="formlabels">
          <td colspan="4" class="bl">'.$row['comment'].'</td>
          </tr>
      </table>';
	  }
	   ?>
<hr />
<form method="post" action="<?php echo $_action; ?>">
	<table>
  <input type="hidden" name="id" value="<?php echo $_id; ?>"/>
	  <br/>
	 <input type="hidden" name="software_id" value="<?php echo $_soft_id; ?>"/>
     <tr><td>Name:</td></tr>
	  <tr>
	    <td> <input name="name" type="text" value="" size="45" /></td></tr>
       <tr><td>Email:</td></tr>
        <tr><td><input type="text" name="email" value="" size="45" /></td></tr>
        <tr><td>Comment:</td></tr>
   <tr><td><textarea cols="80" rows="6" name="comment" value="" ></textarea></td></tr>    
   <tr><td><input type="submit" name="submit" value="Add Comment" /></td><td>&nbsp;</td></tr>
  </table>
</form>
<br />
<br />
    <?php //var_dump($_GET); exit; ?>
</body>
</html>




Was This Post Helpful? 0
  • +
  • -

  • (2 Pages)
  • +
  • 1
  • 2