回复功能在PM系统中不起作用

时间:2016-02-05 07:58:54

标签: php mysql

我正在使用消息传递系统并且我正在使用PHP和MySQL,一切正常,除了read_pm.php中的回复功能,我可以发送,读取和接收消息但是当我阅读消息,我尝试回复,我收到错误"发送消息时出错。"当它无法进入数据库时​​会发生这种情况所以我想它应该是我的查询但是无法解决它,我检查了代码的每一部分并且找不到错误,任何想法?

数据库中有2个表,一个用户和一个pm用于消息 这是read_pm.php:

<?php
//We check if the user is logged
if(isset($_SESSION['id']))
{
//We check if the ID of the discussion is defined
if(isset($_GET['id']))
{
$id = intval($_GET['id']);

//We get the title and the narators of the discussion

$req1 = mysqli_query($link,'select title, user1, user2 from pm where id="'.$id.'" and id2="1"');
$dn1 = mysqli_fetch_array($req1);

//We check if the discussion exists

if(mysqli_num_rows($req1)==1)
{
//We check if the user have the right to read this discussion

if($dn1['user1']==$_SESSION['id'] or $dn1['user2']==$_SESSION['id'])
{
//The discussion will be placed in read messages

if($dn1['user1']==$_SESSION['id'])
{
        mysqli_query($link,'update pm set user1read="yes" where id="'.$id.'" and id2="1"');
        $user_partic = 2;
}
else
{
        mysqli_query($link,'update pm set user2read="yes" where id="'.$id.'" and id2="1"');
        $user_partic = 1;
}

//We get the list of the messages

$req2 = mysqli_query($link,'select pm.timestamp, pm.message, users.id as userid, users.email,users.firstname from pm, users where pm.id="'.$id.'" and users.id=pm.user1 order by pm.id2');

//We check if the form has been sent

if(isset($_POST['message']) and $_POST['message']!='')
{
        $message = $_POST['message'];

        //We remove slashes depending on the configuration

        if(get_magic_quotes_gpc())
        {
               $message = stripslashes($message);
        }
        //We protect the variables

        $message = mysqli_real_escape_string(nl2br(htmlentities($message, ENT_QUOTES, 'UTF-8')));

        //We send the message and we change the status of the discussion to unread for the recipient

       if(mysqli_query($link,'insert into pm (id, id2, title, user1, user2, message, timestamp, user1read, user2read)values("'.$id.'", "'.(intval(mysqli_num_rows($req2))+1).'", "", "'.$_SESSION['id'].'", "", "'.$message.'", "'.time().'", "", "")') and mysqli_query($link,'update pm set user'.$user_partic.'read="yes" where id="'.$id.'" and id2="1"'))
        {
?>
<div class="message">Your message has successfully been sent.<br />
<a href="read_pm.php?id=<?php echo $id; ?>">Go to the discussion</a></div>
<?php
        }
        else
        {
?>
<div class="message">An error occurred while sending the message.<br />
<a href="read_pm.php?id=<?php echo $id; ?>">Go to the discussion</a></div>
<?php
        }
}
else
{
//We display the messages
?>
<div class="content">
<h3><?php echo $dn1['title']; ?></h3>
<table class="messages_table">
        <tr>
        <th class="author">User</th>
        <th>Message</th>
    </tr>
<?php
while($dn2 = mysqli_fetch_array($req2))
{
?>

        <tr>
        <td class="author center"><?php
if($dn2['avatar']!='')
{
        echo '<img src="'.htmlentities($dn2['avatar']).'" alt="Image Perso" style="max-width:100px;max-height:100px;" />';
}
?><br /><a href="profile.php?id=<?php echo $dn2['userid']; ?>"><?php echo $dn2['firstname']; ?></a></td>
        <td class="left"><div class="date">Sent: <?php echo date('m/d/Y H:i:s' ,$dn2['timestamp']); ?></div>
        <?php echo $dn2['message']; ?></td>
    </tr>
<?php
}
//We display the reply form
?>
</table><br />
<h3>Reply</h3>
<div class="center">
    <form class="marginTop" action="read_pm.php?id=<?php echo $id; ?>" method="post">
        <label for="message" class="center">Message</label><br />
        <textarea class="form-control marginTop" cols="40" rows="5" name="message" id="message"></textarea><br />
        <input class="btn btn-success" type="submit" value="Send" />
    </form>
</div>
</div>
<?php
}
}
else
{
        echo '<div class="message">You dont have the rights to access this page.</div>';
}
}
else
{
        echo '<div class="message">This discussion does not exists.</div>';
}
}
else
{
        echo '<div class="message">The discussion ID is not defined.</div>';
}
}
else
{
        echo '<div class="message">You must be logged to access this page.</div>';
}
?>

这是new_pm.php,它发送一条新消息并正常工作:

<?php
//We check if the user is logged
if(isset($_SESSION['id']))
{
$form = true;
$otitle = '';
$orecip = '';
$omessage = '';
//We check if the form has been sent
if(isset($_POST['title'], $_POST['recip'], $_POST['message']))
{
        $otitle = $_POST['title'];
        $orecip = $_POST['recip'];
        $omessage = $_POST['message'];

        //We remove slashes depending on the configuration

            if(get_magic_quotes_gpc())
        {       
                //$otitle = stripslashes($otitle);
                //$orecip = stripslashes($orecip);
                //$omessage = stripslashes($omessage);
        }

        //We check if all the fields are filled

        if($_POST['title']!='' and $_POST['recip']!='' and $_POST['message']!='')
        {
                //We protect the variables

               // $title = mysqli_real_escape_string($otitle);
                //$recip = mysqli_real_escape_string($orecip);
               // $message = mysqli_real_escape_string(nl2br(htmlentities($omessage, ENT_QUOTES, 'UTF-8')));

                //We check if the recipient exists

                $dn1 = mysqli_fetch_array(mysqli_query($link,'select count(id) as recip, id as recipid , (select count(*) from pm) as npm from users where email ="'.$orecip.'"'));

                if($dn1['recip']==1)

                {
                        //We check if the recipient is not the actual user

                        if($dn1['recipid']!=$_SESSION['id'])
                        {
                                $id = $dn1['npm']+1;

                                //We send the message

                                if(mysqli_query($link,'insert into pm (id, id2, title, user1, user2, message, timestamp, user1read, user2read)values("'.$id.'", "1", "'.$otitle.'", "'.$_SESSION['id'].'", "'.$dn1['recipid'].'", "'.$omessage.'", "'.time().'", "yes", "no")'))
                                {
?>
<div class="message">The message has successfully been sent.<br />
<a href="list_pm.php">List of my Personal messages</a></div>
<?php
                                        $form = false;
                                }
                                else
                                {
                                        //Otherwise, we say that an error occured
                                        $error = 'An error occurred while sending the message';
                                }
                        }
                        else
                        {
                                //Otherwise, we say the user cannot send a message to himself
                                $error = 'You cannot send a message to yourself.';
                        }
                }
                else
                {
                        //Otherwise, we say the recipient does not exists
                        $error = 'The recipient does not exists.';
                }
        }
        else
        {
                //Otherwise, we say a field is empty
                $error = 'A field is empty. Please fill of the fields.';
        }
}
elseif(isset($_GET['recip']))
{
        //We get the username for the recipient if available
        $orecip = $_GET['recip'];
}
if($form)
{
//We display a message if necessary
if(isset($error))
{
        echo '<div class="message">'.$error.'</div>';
}
//We display the form
?>
 <div class="container contentContainer" id="topContainer">
        <div class="row">

            <div class="col-md-12 " id="topRow">


    <form class="marginTop" action="new_pm.php" method="post">
              <div class="form-group required">           
        <label for="title"> Subject* </label>
        <input class="form-control marginBottom" type="text" value="<?php echo htmlentities($otitle, ENT_QUOTES, 'UTF-8'); ?>" id="title" name="title" /><br />
              </div>

               <div class="form-group required">
        <label for="recip">Recipient<span class="small">(UserEmail)*</span></label>
        <input class="form-control marginBottom" type="text" value="<?php echo htmlentities($orecip, ENT_QUOTES, 'UTF-8'); ?>" id="recip" name="recip" /><br />
               </div>

         <div class="form-group required">
        <label for="message">Message*</label>
        <textarea class="form-control marginBottom" cols="40" rows="5" id="message" name="message"><?php echo htmlentities($omessage, ENT_QUOTES, 'UTF-8'); ?></textarea><br />
        <input type="submit" value="Send"  class="btn btn-success"/>
       </div>
    </form>
</div>
</div>
</div>
<?php
}
}
else
{
        echo '<div class="message">You must be logged to access this page.</div>';
}
?>           

1 个答案:

答案 0 :(得分:0)

当您通过$user_partic发送时,我认为nullPOST

 if(mysqli_query($link,'insert into pm (id, id2, title, user1, user2, message, timestamp, user1read, user2read)values("'.$id.'", "'.(intval(mysqli_num_rows($req2))+1).'", "", "'.$_SESSION['id'].'", "", "'.$message.'", "'.time().'", "", "")') and mysqli_query($link,'update pm set user'.$user_partic.'read="yes" where id="'.$id.'" and id2="1"')){}

可能导致查询:update pm set userread="yes" where id="id_value" and id2="1"

另外,检查HTTP请求是POST还是GET是重叠的?,你也可以检查一下