About the Twitter creation reply function in PHP

I started studying PHP on my own a week ago.
Therefore, I am trying to create a service like Twitter as one goal, but there are some things that I can't solve by myself, so I would like to ask you a question.

Currently, I am writing a program to register, log in, and reply to other users on my timeline.Therefore, when replying, we have provided reply_post_id to store the ID of the reply destination.In the id14 part of the image, the member_id10 user is replying to the member_id8 user, but it is not reflected in reply_post_id.I put the code below, but is there something wrong?I look forward to your kind cooperation.

php

// Record Posts 
if(!empty($_POST)){ 
    if($_POST['message']!='){ 
        $sql=sprintf('INSERT INTO posts SET member_id=%d,  
            message="%s", reply_post_id=%d, created=NOW(), 
        mysqli_real_escape_string($mysqli, $member['id']), 
        mysqli_real_escape_string($mysqli,$_POST['message']), 
        mysqli_real_escape_string($mysqli,$_POST['reply_post_id']) 
        ); 
        mysqli_query($mysqli,$sql) or die($mysqli_error()); 
        header('Location:index.php'); 
        exit(); 
    } 
}

html


php
mysql
					
					

	


		
	

	
		2022-09-30 19:25



			

			
			1 Answers


	
		
I don't know where the $_REQUEST['res'] comes from, but I think the reply_post_id field is empty or stringed.Check the source while viewing the form in your browser.
(It's not good to have space, but it should work…) 
Also, if SQL is assembled in sprintf, there is a risk of SQL injection.
$sql='INSERT INTO posts(member_id, message, reply_post_id, created)VALUES(?,?,?, NOW())';
$stmt = mysqli_prepare($sql);
mysqli_stmt_bind_param($stmt, "i", $member['id']);
mysqli_stmt_bind_param($stmt, "s", $_POST['message']);
mysqli_stmt_bind_param($stmt, "i", $_POST['reply_post_id']);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);
Use the binding mechanism as shown in 
Also, if you don't pay attention to the web application, you will easily create a security hole.At least read IPA's How to create a secure website.It is recommended that you study with trusted books such as "How to Create a Secure Web Application to Learn Systematically" (ISBN 4797361190).


		
		
			

				

					
				

				
					2022-09-30 19:25
				
			
		
	
			
			If you have any answers or tips



		

	
		Popular Tags
	
	python x 4647
android x 1593
java x 1494
javascript x 1427
c x 927
c++ x 878
ruby-on-rails x 696
php x 692
python3 x 685
html x 656
	


	
		Popular Questions
	
	
	650 When building Fast API+Uvicorn environment with PyInstaller, console=False results in an error

	546 Who developed the "avformat-59.dll" that comes with FFmpeg?

	517 The method of the class of the application that I am creating in Typescript does not work as I expected.

	551 Scrap text information after the "View More" button when searching in the Yahoo! News search window

	542 PHP ssh2_scp_send fails to send files as intended