<?php
error_reporting(E_ALL ^ E_NOTICE);
// Connecting using PDO
$db = new PDO('mysql:host=localhost;dbname=myblog;charset=utf8', 'root', '');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if ($_POST['name'] != NULL && $_POST['comment'] != NULL) {
$comment_ = FilterComments($_POST['comment']);
putDataInDB($db, $_POST['name'], $comment_);
}
showDataInDB($db);
//Read data from MySQL
function showDataInDB($db)
{
foreach ($db->query('SELECT * FROM BlogComments') as $row) {
echo '<div class="commentBlog">';
echo $row['Name'] . ' ' . ': ' . ' ' . $row['Comment'];
echo "</div>";
echo "<br>";
}
}
//Protected against SQL Injection Attacks by Parameterized Query
//from https://zh.wikipedia.org/wiki/%E5%8F%83%E6%95%B8%E5%8C%96%E6%9F%A5%E8%A9%A2
function putDataInDB($db, $Name, $Comment)
{
$stmt = $db->prepare("INSERT INTO BlogComments (Name,Comment) VALUES(:Name,:Comment)");
$stmt->execute(array(':Name' => $Name, ':Comment' => $Comment));
}
function FilterComments($comment)
{
$FilterArray = array("f**k", "bitch", "dick", "asshole", "shit");
<?php
error_reporting(E_ALL ^ E_NOTICE);
// Connecting using PDO
$db = new PDO('mysql:host=localhost;dbname=myblog', 'root', '');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//check if the data got from post method is NULL
if ($_POST['name'] != NULL && $_POST['comment'] != NULL) {
//put data into data base
putDataInDB($db, $_POST['id'], $_POST['name'], $_POST['comment']);
}
showDataInDB($db);
//Read data from MySQL
function showDataInDB($db)
{
foreach ($db->query('SELECT * FROM movieinfo') as $row) {
echo '<div class="commentBlog">';
//set id as a $var
$var1 = $row['id'];
$var2 = $row['show_id'];
//echo $var2;
echo "<br>";
//pass id into the info1 page
echo '<a href=info1.php?id=' . $var1 . '&show_id=' . $var2 . '>';
//show titles and days
echo $row['title'] . ' ' . ': ' . ' ' . $row['Comment'];
echo '</a>';
echo "</div>";
echo "<br>";
}
}
