0

I am trying to post php code from my messages table. But it is not posting. For example:

<textarea name="update">User can write php codes here for sending</textarea>
<div class="send">Send</div>

When i click send button the text code <?php echo $message;?> must be in my messages table row post_text . But post_text is empty, you can see it in the screenshot.

enter image description here

What is the problem here. What i shoud do to fix this problem? Anyone can help me here ?

<?php
include_once '../inc/inc.php';
if(isset($_POST['update'])) {

   $update=mysqli_real_escape_string($db,$_POST['update']);
   if($update){
      $data=$DoDo->InsertText($uid,$update); 
      echo $update;
   }
}
?>

InsertText function

public function InsertText($uid, $update) {

    $time=time(); 
    $ip=$_SERVER['REMOTE_ADDR'];
    mysqli_query($this->db,"SET character_set_client=utf8") or die(mysqli_error($this->db));
    mysqli_query($this->db,"SET character_set_connection=utf8") or die(mysqli_error($this->db));

    $query = mysqli_query($this->db,"SELECT post_id,post_text FROM `posts` WHERE uid_fk='$uid' order by post_id desc limit 1") or die(mysqli_error($this->db));
    $result = mysqli_fetch_array($query, MYSQLI_ASSOC); 

     $query = mysqli_query($this->db,"INSERT INTO `posts` (post_text, uid_fk,time) VALUES (N'$update', '$uid','$time')") or die(mysqli_error($this->db));

     //The newquery to select for message
     $newquery = mysqli_query($this->db,"SELECT M.post_id, M.uid_fk, M.post_text, M.time,U.username FROM posts M, users U where M.uid_fk=U.uid and M.uid_fk='$uid' order by M.post_id desc limit 1 ") or die(mysqli_error($this->db));
     $result = mysqli_fetch_array($newquery, MYSQLI_ASSOC);
     return $result;
}

Note: This problem will be come when i send just php code. If i send normal text then normal text sending from post_text. enter image description here

I want to send php code like this screenshot.

enter image description here

Improve this question
9
  • From where do you get the $uid? Commented Mar 30, 2017 at 10:00
  • @from inc.php that is loged in uid Commented Mar 30, 2017 at 10:00
  • @DevStud the real question here is: "why" do you want to do this? Commented Mar 30, 2017 at 12:33
  • @Fred-ii- Because i need solution. No one can understand my real problem with this question. Commented Mar 30, 2017 at 12:36
  • 1
    @DevStud cool. You know that you can post your own answer and accept it once Stack lets you. Commented Mar 30, 2017 at 13:10

4 Answers 4

Reset to default
1

In your update query, you did not check the right variable;

$update=mysqli_real_escape_string($db,$_POST['update']);
   if($update){
      $data=$DoDo->InsertText($uid,$update); 
      echo $update;
   }

also in your insert query you have a funny character, remove the N

VALUES ('$update', '$uid','$time')"

$query = mysqli_query($this->db,"INSERT INTO `posts` (post_text, uid_fk,`time`) VALUES ('$update', '$uid','$time')") or die(mysqli_error($this->db));

Do this below

    <textarea name="update"><?php echo '<?php echo $message;?>';?></textarea>
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

that is not a problem. because when i send normal text like <textarea name="update">Normal Text</textarea> then it is sending this Normal Text from post_text row.
$uid coming from inc.php that is not a problem. Problem is just sending PHP codes. Normal text sending just php code is not sending.
please check my question i have updated and added another screenshot.
have you removed the weird N character?
<?php echo $message;?> is not value user can write another php code here or normal text
|
0

Instead if($login){ use if($update){

Improve this answer

Comments

0

change this

 VALUES (N'$update', '$uid','$time')"

to

VALUES ('$update', '$uid','$time')"
Improve this answer

Comments

0

wait, you literally want the string '<?php echo $message;?>' to be inserted, not the value of $message ?

if that is the case, you need to either make sure that PHP sees it as a string:

<textarea name="update"><?php echo '<?php echo $message;?>';?></textarea>

... or maybe it would be enough to post only the code, not the php tags

<textarea name="update">echo $message;</textarea>
Improve this answer

2 Comments

yes you understand the problem. I want to insert php code like <?php echo $cypherabe;?> but it is not inserting. For example when you send php code from facebook wale. That is showing normal text like <?php echo $cypherabe;?>
you need to mask the php tags <?php ... ?> so that the php interpreter doesn't execute the code. I don't know facebook wale, but I offered two basic methods in my answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.