So i am pretty new in php and i am just working on a simple friend-chat site. So when the user hits the send button the text will be inserted into the database into the table messages with the colums id, body, sender, receiver, read. So in order to be able to insert the receiver by his id i need to get the id by the following code which search for the id from the user you are chatting with by his username. When i display $receiver with echo it shows me the correct id so this SQL-Injection must be correct(The $_GET['userchat'] is working fine i have tested it out):
$receiver = DB::query('SELECT id FROM users WHERE username=:username', array(':username'=>$_GET['userchat']))[0]['id'];
Then i ask if the button $_POST['message-submit'] was hit by the user. If it is i insert that message into the database which the following code:
if (isset($_POST['message-submit'])) {
DB::query('INSERT INTO messages VALUES (\'\', :body, :sender, :receiver, 0)', array(':body'=>$_POST['message'], ':sender'=>$_SESSION['myid'], ':receiver'=>$receiver));
}
But the website gives me this error:
"Integrity constraint violation: 1048 Column 'receiver' cannot be null"
So the SQL_injection stored in $reveiver does work because i can display it but inside the if-statemant $receiver seems not to exist. Can someone please help me? If you need any mor information please just ask.
Aucun commentaire:
Enregistrer un commentaire