News comment error.

Decellor

Decellor

Member
Feb 3, 2014
42
3
So when i try and post a comment i get the error "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') VALUES ('13', '245', 'whats the error', 'Apr 7, 2016 6:35 PM')' at line 1"
My code for news.php:
PHP: 
<?php
if(isset($_GET['id']))
{
$id = mysql_real_escape_string($_GET['id']);
$query = mysql_query( "SELECT * FROM `cms_news` WHERE id = '{$id}'" );
$array = mysql_fetch_array($query);

if ($array == null)
{
$getMax = mysql_fetch_array(mysql_query("SELECT MAX(id) FROM cms_news LIMIT 1"));
header("Location: ".$_CONFIG['hotel']['url']."/index.php?url=news&id=". $getMax['MAX(id)'] ."");
exit();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>{hotelName}: News Articles</title>

<script type="text/javascript">
var andSoItBegins = (new Date()).getTime();
</script>
<link rel="shortcut icon" href="{url}/app/tpl/skins/Habbo/web-gallery/v2/favicon.ico" type="image/vnd.microsoft.icon" />
<link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/web-gallery/static/styles/common.css" type="text/css" />
<script src="{url}/app/tpl/skins/Habbo/web-gallery/static/js/libs2.js" type="text/javascript"></script>
<script src="{url}/app/tpl/skins/Habbo/web-gallery/static/js/visual.js" type="text/javascript"></script>
<script src="{url}/app/tpl/skins/Habbo/web-gallery/static/js/libs.js" type="text/javascript"></script>
<script src="{url}/app/tpl/skins/Habbo/web-gallery/static/js/common.js" type="text/javascript"></script>
<script src="{url}/app/tpl/skins/Habbo/web-gallery/static/js/fullcontent.js" type="text/javascript"></script>

<script type="text/javascript">
document.habboLoggedIn = true;
var habboName = "{username}";
var habboId = {userid};
var facebookUser = false;
var habboReqPath = "";
var habboStaticFilePath = "{url}/app/tpl/skins/Habbo/web-gallery";
var habboImagerUrl = "http://www.habbo.com/habbo-imaging/";
var habboPartner = "";
var habboDefaultClientPopupUrl = "{url}/client";
window.name = "habboMain";
if (typeof HabboClient != "undefined") {
HabboClient.windowName = "ac96433fa782a85a4d9d1724e256d10df092be19";
HabboClient.maximizeWindow = true;
}


</script>

<meta name="description" content="{meta_description}" />
<meta name="keywords" content="{meta_keywords}" />

<!--[if IE 8]>
<link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/web-gallery/static/styles/ie8.css" type="text/css" />
<![endif]-->
<!--[if lt IE 8]>
<link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/web-gallery/static/styles/ie.css" type="text/css" />
<![endif]-->
<!--[if lt IE 7]>
<link rel="stylesheet" href="{url}/app/tpl/skins/Habbo/web-gallery/static/styles/ie6.css" type="text/css" />
<script src="{url}/app/tpl/skins/Habbo/web-gallery/static/js/pngfix.js" type="text/javascript"></script>
<script type="text/javascript">
try { document.execCommand('BackgroundImageCache', false, true); } catch(e) {}
</script>

<style type="text/css">
body { behavior: url(/js/csshover.htc); }
</style>
<![endif]-->
<meta name="build" content="63-BUILD2470 - 30.09.2013 11:10 - com" />

<style type="text/css">
input[type="text"], input[type="password"] {
background-color: #F1F1F1;
border: 1px solid #999999;
width: 175px;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}

input[type="submit"] {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}

textarea {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
width: 528px;
max-width: 528px;
height: 70px;
font-family: verdana;
font-size: 10px;
color: #666666;
}

select {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
</style>
</head>
<?php
if (isset($_GET['deleteID']) && $_GET['deleteID'] != null && is_numeric($_GET['deleteID']))
{
$deleteID = filter($_GET['deleteID']);
if ($_SESSION['user']['rank'] >= 5)
{
$getRank = mysql_fetch_array(mysql_query("SELECT `rank` FROM `users` WHERE `id` = '".$_SESSION['user']['id']."'"));
if ($getRank >= 5)
{
mysql_query("DELETE FROM `site_news_comments` WHERE `id` = '".$deleteID."'");
mysql_query("INSERT INTO `stafflogs` (`type`,`userid`,`action`,`timestamp`) VALUES ('CMS','".$_SESSION['user']['id']."','Deleted a news comment','".time()."')");
}
}
}else if (isset($_GET['banID']) && $_GET['banID'] != null && is_numeric($_GET['banID']))
{
$banID = filter($_GET['banID']);
if ($_SESSION['user']['rank'] >= 5)
{
$getRank = mysql_fetch_array(mysql_query("SELECT `rank` FROM `users` WHERE `id` = '".$_SESSION['user']['id']."'"));
if ($getRank >= 5)
{
$getComments = mysql_query("SELECT * FROM `site_news_comments` WHERE `id` = '".$banID."'")  or die(mysql_error());
if (mysql_num_rows($getComments) > 0)
{
$commentData = mysql_fetch_array($getComments);
mysql_query("DELETE FROM `site_news_comments` WHERE `userid` = '".$commentData['userid']."'") or die(mysql_error());
mysql_query("UPDATE `users` SET `cms_comment_banned` = '1' WHERE `id` = '".$commentData['userid']."' LIMIT 1");
mysql_query("INSERT INTO `stafflogs` (`type`,`userid`,`action`,`timestamp`) VALUES ('CMS','".$_SESSION['user']['id']."','Banned a user from posting news comments.','Banned user ID: ('".filter($_GET['ban'])."')','".time()."')");
}
}
}
}
?>
<body id="news" class=" ">
<div id="overlay"></div>

<?php

$navigatorID = 2;
require_once ('app/tpl/skins/Habbo/template/header.php');

?>


<div id="content-container">

<div id="navi2-container" class="pngbg">
<div id="navi2" class="pngbg clearfix">
<ul>
<?php

$subNavigatorID = 2;
require_once ('app/tpl/skins/Habbo/template/sub_header.php');

?>
</ul>
</div>
</div>

<div id="container">
<div id="content" style="position: relative" class="clearfix">
<div id="column1" class="column">
<div class="habblet-container ">       
<div class="cbb clearfix orange ">
<h2 class="title"><span style="float: center;">News</span></h2>                       

<div id="article-archive">
<?php
{
for ($i = 0; $i < 6; $i++)
{
$sectionName = "";
$sectionCutoffMax = 0;
$sectionCutoffMin = 0;

switch ($i)
{
case 0:
$sectionName = 'Today';
$sectionCutoffMax = time();
$sectionCutoffMin = time() - 86400;
break;

case 1:
$sectionName = 'Yesterday';
$sectionCutoffMax = time() - 86400;
$sectionCutoffMin = time() - 172800;
break;

case 2:
$sectionName = 'This week';
$sectionCutoffMax = time() - 172800;
$sectionCutoffMin = time() - 604800;
break;

case 3:
$sectionName = 'Last week';
$sectionCutoffMax = time() - 604800;
$sectionCutoffMin = time() - 1209600;
break;

case 4:
$sectionName = 'This month';
$sectionCutoffMax = time() - 1209600;
$sectionCutoffMin = time() - 2592000;
break;

case 5:
$sectionName = 'Last month';
$sectionCutoffMax = time() - 2592000;
$sectionCutoffMin = time() - 5184000;
break;
}

$q = "SELECT * FROM cms_news WHERE published >= " . $sectionCutoffMin . " AND published <= " . $sectionCutoffMax .  " ORDER BY published DESC";
$getArticles = mysql_query($q);
if (mysql_num_rows($getArticles) > 0)
{
echo '<h2>' . $sectionName . '</h2>';

while ($a = mysql_fetch_assoc($getArticles))
{
if($a['id'] == $_GET['id'])
{
echo '' . $a['title'] . '&nbsp;&raquo;';
}else
{
echo '<li><a href="/index.php?url=news&id=' . $a['id'] . '">' . $a['title'] . '&nbsp;&raquo;</a></li>';
}
}
}
}
}
?>
</div>
</div>
</div>
<script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>
</div>

<div id="column2" class="column">
<div class="habblet-container ">
<div class="cbb clearfix notitle ">
<div id="article-wrapper">
<h2>{newsTitle}</h2>

<div class="article-meta">{newsDate}</div>

<div class="article-body">
<br>
{newsContent}
<style type="text/css"> .style5 {
font-weight: bold;
color: #F66200;
background: url() no-repeat;
background: url()no-repeat,url(http://www.boonforums.com/styles/sub_bgs/bg6.gif);
padding-left: 1px;
}</style>
<span class="style5">Posted by: {newsAuthor}</span>
</div>
</div>
</div>
</div>
<script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>           

<?php
$checkBan = mysql_query("SELECT `cms_comment_banned` FROM `users` WHERE `cms_comment_banned` = '1' AND `id` = '".$_SESSION['user']['id']."' LIMIT 1");
if(mysql_num_rows($checkBan) > 0)
{
echo '
<div class="habblet-container ">
<div class="cbb clearfix default ">
<h2 class="title">Banned from posting news comments!</h2>
<div style="padding: 5px;">
<p align="center">You\'re banned from posting news comments, due to this you cannot post comments.</p>
</div>
</div>
</div>';
}else
{
if(isset($_POST['post_comment']) && $_SESSION['user']['id'] != null)
{
$getArticle = mysql_query("SELECT * FROM `cms_news` WHERE `id` = '".filter($_GET['id'])."'") or die(mysql_error());
if (mysql_num_rows($getArticle) > 0)
{
$articleInfo = mysql_fetch_array($getArticle) or die(mysql_error());

if (mysql_num_rows($checkBan) > 0)
{
$errorMessage = 'You\'re banned from leaving a comment.';
}else
{
if($_POST['comment'] == NULL)
{
$errorMessage = 'You have left a field empty.';
}else
{
$checkInfo = mysql_query("SELECT * FROM `site_news_comments` WHERE `article` = '".filter($_GET['id'])."' ORDER BY `id` DESC LIMIT 1") or die(mysql_error());
$newsInfo = mysql_fetch_array($checkInfo);
if($newsInfo['userid'] == $_SESSION['user']['id'])
{
$errorMessage = 'Hey! The last comment was from you, let somebody else comment first!';
}else
{
mysql_query("INSERT INTO `site_news_comments` (`id`, `article`, `userid`, `comment`, `posted_on`,) VALUES ('".filter($_GET['id'])."', '".$_SESSION['user']['id']."', '".filter($_POST['comment'])."', '".date("M j, Y g:i A")."')") or die(mysql_error());
$successMessage = 'You have successfully left a comment.';
}
}
}
}
}

echo'
<div class="habblet-container ">
<div class="cbb clearfix default ">
<h2 class="title">Post Comment</h2>
<div style="padding: 5px;">';

if (isset($errorMessage))
{
echo '
<div class="action-error flash-message">
<div class="rounded">
<div class="rounded-done">'.$errorMessage.'</div>
</div>
</div>';
}elseif (isset($successMessage))
{
echo '
<div class="action-confirmation flash-message">
<div class="rounded">
<div class="rounded-done">'.$successMessage.'</div>
</div>
</div>';
}

echo '
<form action="" method="post">
<textarea name="comment" maxlength="500"></textarea><br /><br />
<center><input type="submit" name="post_comment" value="Post Comment" /></center>
</form>
<script type="text/javascript">if (!$(document.body).hasClassName(\'process-template\')) { Rounder.init(); }</script>
</div>
</div>
</div>';
}           
?>
<div class="habblet-container ">
<div class="cbb clearfix notitle ">
<div id="article-wrapper">
<?php
$getComments = mysql_query("SELECT * FROM `site_news_comments` WHERE `article` = '".filter($_GET['id'])."' ORDER BY `id` DESC");
?>

<h2>Comments (<?php echo mysql_num_rows($getComments); ?>)</h2>
<div class="article-meta"></div>
<div style="padding:5px">
<?php
if(mysql_num_rows($getComments) == 0)
{
echo 'Sorry, but no one has posted a comment yet.';
}else
{
echo '
<table style="word-break: break-all; width="528px">';
while($commentInfo = mysql_fetch_array($getComments))
{
$userInfo = mysql_fetch_array(mysql_query("SELECT * FROM `users` WHERE `id` = '".$commentInfo['userid']."'"));
echo '
<tr>
<td width="90px" valign="top">
<div style="height: 80px; width: 50px; float: left; overflow: hidden;"><img src="http://www.habbo.fr/habbo-imaging/avatarimage?figure='.$userInfo['look'].'"></div>';
if($userInfo['username'] == 'Kirito' || $userInfo['username'] == 'sketch')
{
echo '<div style="position: absolute; z-index:1 alt="Owner""><img src="{url}/c_images/album1584/ADM.gif"></div>';
}elseif($userInfo['rank'] == 9)
{
echo '';
}elseif($userInfo['rank'] == 8)
{
echo '<div style="position: absolute; z-index:1"><img src="{url}/c_images/album1584/ADM.gif"></div>';
}elseif($userInfo['rank'] == 7)
{
echo '<div style="position: absolute; z-index:1"><img src="{url}/c_images/album1584/ADM.gif"></div>';
}elseif($userInfo['rank'] == 6)
{
echo '<div style="position: absolute; z-index:1 alt="Moderator""><img src="{url}/c_images/album1584/ADM.gif"></div>';
}elseif($userInfo['rank'] == 5)
{
echo '<div style="position: absolute; z-index:1"><img src="{url}/c_images/album1584/ADM.gif"></div>';
}elseif($userInfo['rank'] == 4)
{
echo '<div style="position: absolute; z-index:1"><img src="{url}/c_images/album1584/HBA.gif"></div>';
}elseif($userInfo['rank'] == 3)
{
echo '<div style="position: absolute; z-index:1"><img src="{url}/c_images/album1584/VIP.gif"></div>';
}elseif($userInfo['user']['rank'] == 2)
{
echo '<div style="position: absolute; z-index:1"><img src="{url}/c_images/album1584/VIP.gif]"></div>';
}

if ($_SESSION['user']['rank'] >= 5)
{
echo '<br/><br/><br/><br/><br/><br/><br/>
<a href="{url}/index.php?url=news&id='.$_GET['id'].'&deleteID='.$commentInfo['id'].'">Delete</a> |
<a href="{url}/index.php?url=news&id='.$_GET['id'].'&banID='.$commentInfo['id'].'">Ban</a>';
}
echo '</td>
<td width="427px" valign="top">
<strong>RE: {newsTitle}</strong><br /><br />'.$commentInfo['comment'].'
</td>
</tr>

<tr>
<td width="90px" valign="top"></td>
<td width="427px" align="right">
<div align="right"><i>Posted by <strong><a href="{url}/home/'.$userInfo['username'].'">'.$userInfo['username'].'</a></strong> on '.$commentInfo['posted_on'].'</i></div><br /><br />
<div style="width:100%; height:1px; background-color:#ccc; margin-top:-17px;"></div>
</td>
</tr>';
}
echo '</table>';
} ?>
</div>
</div>
</div>
</div>
<script type="text/javascript">if (!$(document.body).hasClassName('process-template')) { Rounder.init(); }</script>
</div>
<?php include('includes/checktheban.php'); ?>
<?php require_once ('app/tpl/skins/Habbo/template/footer.php'); ?>
<?php include_once ("forcevote.php");
I have the table i think its something to do with the id of the table idk? some one help please

My table look like this :
You must be registered for see links

 
Oh i think im also missing the cms_comment)_banned table? idk how i would make it
 
Sort by date Sort by votes
HabboRetroHelper1

HabboRetroHelper1

Member
Feb 3, 2013
56
3
This is my Post Comment PHP CODE
Code: 
<?php


if(isset($_POST['post_comment']))
  $posted_on = date("M j, Y g:i A");

if (empty($_POST['comment']))
$_POST['comment'] = '';

$comment = strip_tags (filter($_POST['comment']));
if($comment == NULL){
        //define("ERROR", "You have to type in a reply!<br /><br />");
    //$error_message = 'You have to type in a reply!<br /><br />';
  }else{
if (isLogged)
{
  mysql_query("INSERT INTO cms_comments (article, userid, comment, posted_on, author) VALUES ('".filter($_GET['id'])."', '".$_SESSION['user']['id']."', '".filter($comment)."', '".$posted_on."', '" . $_SESSION['user']['username']. "');") or die(mysql_error());
    define('SUCCESS', 'You have successfully posted a comment on this news article!');


    define("ERROR", "<br>Thanks for your reply!<br />");

        //$error_message = 'Thanks for your reply!<br /><br />';
  }
}
?>

<div class="habblet-container ">
<div class="cbb clearfix notitle ">
<div id="article-wrapper"><h2>Place Comment</h2>
<div class="article-meta"></div>
<div class="article-body">
<?php
if($userPosts >= 1)
{
    define('ERROR', 'Sorry, you are only allowed one comment per article.');
}
if(defined("SUCCESS")){
?>
<div class="rounded rounded-green" width="20%">
                    <?php echo SUCCESS; ?><br />
                </div>
                <div>&nbsp;</div>
<?php
}
if(defined("ERROR")) {
?>
<div class="rounded rounded-red" width="20%">
                    <?php echo ERROR; ?><br />
                </div>
                <div>&nbsp;</div>
<?php
}
else
{
?>
<form action="" method="post">
<textarea name="comment" maxlength="500"></textarea><br /><br />
<input type="submit" name="post_comment" value="Place Comment" />
</form>
<?php
}
?>
</div>
</div>
</div>
</div>

<style type="text/css">
input[type="text"], input[type="password"] {
background-color: #F1F1F1;
border: 1px solid #999999;
width: 175px;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
input[type="submit"] {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
textarea {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
width: 517px;
height: 70px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
select {
background-color: #F1F1F1;
border: 1px solid #999999;
padding: 5px;
font-family: verdana;
font-size: 10px;
color: #666666;
}
</style>
<?php
$getComments = mysql_query("SELECT * FROM cms_comments WHERE article = '".filter($_GET['id'])."' ORDER by id DESC");
?>
<div class="habblet-container ">
<div class="cbb clearfix notitle ">
<div id="article-wrapper"><h2>Comments <?php echo mysql_num_rows($getComments); ?></h2>
<div class="article-meta"></div>
<div class="article-body">
<?php
      if(mysql_num_rows($getComments) == 0) {
          echo "No comments for this article!";
      } else {
          echo '<table width="528px">';
          while($Comments = mysql_fetch_array($getComments)){
          $getUserInfo = mysql_query("SELECT * FROM users WHERE username = '".$Comments['author']."'");
          $userInfo = mysql_fetch_array($getUserInfo);
                  echo '
                  <tr>
                    <td width="90px" valign="top"></div>
                    <div style="
height: 65px;
width: 50px;
float: left;
overflow: hidden;
">
                      <div style="float:left"><img position:absolute; src="http://www.habbo.nl/habbo-imaging/avatarimage?figure='.$userInfo['look'].'&size=b&direction=2&head_direction=3&gesture=sml&size=2"></div>
                      ';
                        if($userInfo['rank'] >= 4) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/album1584/ADM.gif"></div>';
                        }
                        if($userInfo['rank'] == 2) {
                            echo '<div style="position: absolute; z-index:1"><img src="{url}/r63/c_images/album1584/VIP.gif"></div>';
                        }
                        if($userInfo['rank'] == 1) {
                            echo '<div style="position: absolute; z-index:1"><img src=""></div>';
                        }
       

                echo '

                </td>
                    <td width="427px" valign="top">
                    <i><a href="/me">'.$userInfo['username'].' </a></i>
                                        <br /><br />'.$Comments['comment'].'
                           

                    </td>
                  </tr>
          <tr>
                    <td width="80px" valign="top">
       
                    </td>
                                <td width="400px" align="right">

                                 
                                 

           

</div></div></div></div>
<br>
<div style="width:125%; height:1px; background-color:#ccc; margin-top:-17px;"></div>


            </td>
          </tr>';
          }
          echo '</table>';
        }
        ?></div> </div> </div> </div>
</div>
</div>
</div>
</div>
Run this SQL
Code: 
DROP TABLE IF EXISTS `cms_comments`;
CREATE TABLE `cms_comments` (
  `id` int(6) NOT NULL AUTO_INCREMENT,
  `story` int(6) DEFAULT NULL,
  `comment` text NOT NULL,
  `date` int(10) DEFAULT NULL,
  `author` varchar(999) NOT NULL,
  `article` int(9) NOT NULL,
  `userid` int(11) NOT NULL,
  `posted_on` varchar(50) NOT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=101 DEFAULT CHARSET=utf8;
You may need to deleted cms_comments..... For other uses if i said anything wrong just correct me :)
 
Upvote 0 Downvote
JayC

JayC

Always Learning
Aug 8, 2013
5,493
1,398
Literally, whoever coded that news page needs to kill themselves.
if ($_SESSION['user']['rank'] >= 5) //Current User Rank >= 5
{
$getRank = mysql_fetch_array(mysql_query("SELECT `rank` FROM `users` WHERE `id` = '".$_SESSION['user']['id']."'")); //Lets grab the current user rank after we just fucking tested it and do the same thing?
if ($getRank >= 5)
{
mysql_query("DELETE FROM `site_news_comments` WHERE `id` = '".$deleteID."'");
mysql_query("INSERT INTO `stafflogs` (`type`,`userid`,`action`,`timestamp`) VALUES ('CMS','".$_SESSION['user']['id']."','Deleted a news comment','".time()."')");
}
}
 
Upvote 0 Downvote

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
☀️  Switch to Light Theme

Latest posts

Top