I have a simple message board page that works like Facebook. User posts a message and users can comment on this message. Each message posts on the page and under each message there is a place to submit comments for that message. In my database there are tables for users, messages, and comments.
My question is: How do I know which specific message I am commenting on in order to properly pass this into the MySQL database with the corresponding message_id?
$comm = "INSERT INTO comments(user_id, message_id, comment, created_at, updated_at)
SELECT '{$_SESSION['id']}', '{$_SESSION['messages.id']}', '{$_SESSION['comment']}', NOW(), NOW()
FROM messages";
EDIT:
$query = "SELECT users.first_name AS first_name, users.last_name AS last_name, messages.id AS mess_id,
messages.message AS message, DATE_FORMAT(messages.created_at, '%M %e %Y') AS time
FROM users
LEFT JOIN messages
ON users.id = messages.user_id
ORDER BY time DESC";
$results = fetch($query);
foreach ($results as $row) {
$_SESSION['messages.id'] = $row['mess_id'];
echo
"<div class='post'>".
$row['first_name']. " ". $row['last_name']. " - ". $row['time']. "<br>".
"<p class='mess_content'>". $row['message']. "</p>
</div><br>
<div class='posted_comm'>";
$query = "SELECT users.first_name AS first_name, users.last_name AS last_name,
comments.message_id, DATE_FORMAT(comments.created_at, '%M %e %Y') AS time, comments.comment AS comment
FROM users
LEFT JOIN comments
ON users.id = comments.user_id
WHERE comments.message_id = '{$_SESSION['messages.id']}'
ORDER BY time ASC";
$results1 = fetch($query);
foreach ($results1 as $value) {
echo
"<div class='comments'>".
$value['first_name']. " ". $value['last_name']. " - ". $value['time']. "<br>".
"<p class='comm_content'>". $value['comment']. "</p>
</div><br>";
}
echo "<div class='write_comm'>
<form method='post' action='mess_comm.php'>
<input type='hidden' name='action' value='post_comm'>
Post a comment:<input type='text' name='comm' class='comm'>
<input type='submit' value='Post a comment' class='comm_sub'>
</form>
</div>";
extend your form to include the message id as a hidden field:
echo "<div class='write_comm'>
<form method='post' action='mess_comm.php'>
<input type='hidden' name='action' value='post_comm'>
<input type='hidden' name='message_id' value='{$row['mess_id']}'>
Post a comment:<input type='text' name='comm' class='comm'>
<input type='submit' value='Post a comment' class='comm_sub'>
</form>
</div>";
Then use the id in your query:
$comm = "INSERT INTO comments(user_id, message_id, comment, created_at, updated_at)
VALUES ('{$_SESSION['id']}', '{$_POST['message_id']}', '{$_POST['comm']}', NOW(), NOW())";
Note: I corrected errors in your INSERT query. And you should look into prepared statements, right now your code is open for SQL injections.