-1
106: $profile_img = mysqli_query($con, "SELECT * FROM `users` WHERE `profile_img` = '$profile_img'") or die(mysqli_error($con));
107: $date = date("Y-m-d");
108: mysqli_query($con, "INSERT INTO `messageuser` (`profile_img`, `from`, `message`, `date`) VALUES ('$profile_img', $username', '$message', DATE('$date'))") or die(mysqli_error($con));

And thats how i want to display the content

<?php
$result = mysqli_query($con, "SELECT * FROM `messageuser` ORDER BY `id` DESC " );
while ($row = mysqli_fetch_assoc($result)) {
echo '
<th scope="row"><img class="img-avatar-thumb" src="'.$row['profile_img'].'" draggable="false" width="37" height="37"></th>
<td><b>'.$row['from'].'</b></td>
<td><b>'.$row['message'].'</b></td>
<td><b> '.$row['date'].'</b></td>
</tr>
';
}
?>

Basically what i want to do is when somebody sends a message the code checks their pfp from the users table and then it saves the value from profile_img in users table to profile_img in messageuser. Then to display the image

Dharman
  • 26,923
  • 21
  • 73
  • 125
0t9j
  • 11
  • 2
  • `mysqli_result` is not found in the code example? – Paul T. May 21 '22 at 23:04
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman May 22 '22 at 08:09

0 Answers0