I have a problem with MySQL query and condition. The main problem is user with another ID can see / edit the same leads even though his id != owner.
I tried to change the vars and add '' or "", but none of these help.
$myuser_query = mysqli_query($conn,"SELECT * FROM users WHERE id = '".$_SESSION["id"]."'");
$myuser = mysqli_fetch_assoc($myuser_query);
$myleads = "SELECT * FROM leads WHERE owner = '".$myuser["id"]."' AND status = 1 OR status = 2 ORDER BY RAND() LIMIT 1";
$newleads = $conn->query($myleads);
if ($newleads->num_rows >= 1) {
(Here it's all the client side that's showing the date.)
You need to add parenthesis around the OR conditions in your query. Change this:
$myleads = "SELECT * FROM leads
WHERE owner = '".$myuser["id"]."' AND status = 1 OR status = 2
ORDER BY RAND() LIMIT 1";
To:
$myleads = "SELECT * FROM leads
WHERE owner = '".$myuser["id"]."' AND (status = 1 OR status = 2)
ORDER BY RAND() LIMIT 1";
Related
I am currently developing a social media app which includes users (you can add them as friend) and posts (text, image etc...)
I want to show to user 5 newest posts compared to user's posts and user's friends' posts when user enters to the app.
I know this is not the wisest method to achieve this but so far i did this. Query returned only one post while there are more and its not even newest nor oldest. I think the problem is in "OR" clause.
I get all sno's of friends of user and put in WHERE clause one by one with "OR" clause.
//CURRENT FRIENDS
$sql = 'SELECT current AS currents FROM friends WHERE sno = :sno';
$query = $this -> conn -> prepare($sql);
$query -> execute(array(':sno' => $usersSno));
$friends = $query -> fetchObject() -> currents;
//SELECT 5 NEWEST POST
$sql = 'SELECT operationId FROM posts WHERE operationId = :operationId';
$array = array(':operationId' => $usersSno);
if(isset($friends)) {
$ids = explode(",", $friends);
for($i = 0; $i < count($ids); $i++) {
$sql = $sql.' OR operationId = :operationId'.$i;
$array[':operationId'.$i] = $ids[$i];
}
}
if($from == null)
$sql = $sql.' ORDER BY operationId DESC LIMIT 5';
else {
$sql = $sql.' AND operationId < :from ORDER BY operationId DESC LIMIT 5';
$array[':from'] = $from;
}
$query = $this -> conn -> prepare($sql);
$query -> execute($array);
$result = $query -> fetchAll(PDO::FETCH_ASSOC);
User's sno is 1 and user has two friends which their sno's are 2 and 75.
echo $sql;
SELECT operationId FROM posts WHERE operationId = :operationId OR operationId = :operationId0 OR operationId = :operationId1 ORDER BY operationId DESC LIMIT 5
print_r($array);
Array
(
[:operationId] => 1
[:operationId0] => 2
[:operationId1] => 75
)
I feel like a stupid for realizing my mistake right after starting a bounty for it. I should've use WHERE sno (since i've been getting posts from user's id [sno]) not WHERE operationId in $sql
So echo $sql; be like:
SELECT operationId FROM posts WHERE sno = :sno OR sno = :sno0 OR sno = :sno1 ORDER BY operationId DESC LIMIT 5
And print_r($array) is:
Array
(
[:sno] => 1
[:sno0] => 2
[:sno1] => 75
)
At least i am happy to resolve this problem and even resolving it my own :)
EDIT: I noticed two logical error too in my sql query.
1- Comparing date string with operationId of post
I am comparing posts with their dates (you can also compare with operationId of post) to see which one is newest. But in the code i compared operationId with $from variable (which is a date string).
So final code;
$sql = $sql.') AND createdAt < :from ORDER BY operationId DESC LIMIT 5';
2- OR clauses should be separeted with AND clause by parentheses.
start of parenthese
$sql = 'SELECT operationId FROM posts WHERE (sno= :sno';
end of parenthese
if($from == null)
$sql = $sql.') ORDER BY operationId DESC LIMIT 5';
else {
$sql = $sql.') AND createdAt < :from ORDER BY operationId DESC LIMIT 5';
$array[':from'] = $from;
}
This first statement selects all users a user is following and the second statement select all notes of the user and all the other users they are following, I am trying to combine two select statement:
$get_user = $user_data['username']; $get_following = mysqli_query($con,"SELECT * FROM follows WHEREfollower= '$get_user' ")
$query = mysqli_query($con,"SELECT * FROM posts WHERE username = '$followe' OR username = '$get_user' ORDER BY date_added DESC LIMIT 0,5 ");
I tried using the following code, but it only fetches a single user's when the user is user following more than person:
$get_following = mysqli_query($con,"SELECT * FROM follows WHEREfollower= '$get_user' ");
$ffg = mysqli_fetch_assoc($get_following);
$ff = $ffg['follower'];
$query = mysqli_query($con,"SELECT * FROM posts WHERE username = '$ff' OR username = '$get_user' ORDER BY date_added DESC LIMIT 0,5 ");
Pls kindly help fix this problem, thanks.
i am working on a timeline for my website but i am having some problem when i ran the query to select all id that is less than given identifier its still return the identifier result upon every query
example if identifier is id=4 i want to select everything less than 4 and not from 4 > 3 > 2 > 1 i want it to be 3 > 2 > 1
here is my php. i know its not secure or what not but i have written it in prepared statement and get the same thign so i need some here.
if(isSet($_POST['lastmsg']))
{
$feed_id = mysqli_real_escape_string($con, $_POST['lastmsg']);
$get1 = mysqli_query($con, 'SELECT receiver FROM connection where sender="'.$_SESSION['userid'].'"');
$id_feed = array();
while($id_result1 = mysqli_fetch_array($get1)){
$id_feed[] = $id_result1['receiver'];
$ids1 = join(',', $id_feed);
$get_feed1 = mysqli_query ($con, "select * from feed where users in '".$ids1."' or users='".$_SESSION['userid']."' and 'feed_id' < '".$feed_id."' ORDER BY feed_id DESC LIMIT 2");
}
while($res1 = mysqli_fetch_array($get_feed1)){
echo $load = $res1['feed_id'];
}
}
I have the following code which selects information from one random row.
$query = mysql_query("SELECT * FROM lines_angles_shapes ORDER BY RAND() LIMIT 1 ");
while($rows = mysql_fetch_array($query))
{
$question = $rows['question'];
$hint = $rows['hint'];
$level = $rows['level'];
$keyword = $rows['keyword'];
$showme = $rows['showme'];
$picture_path = $rows['picture_path'];
}
This works well for me but I now I need to be able to select two more DIFFERENT pictures from the picture_path column and assign them to variables. Again, all three rows need to be different.
Any tips for a newbie on how to do this?
Just change your query as follows:
$query = mysql_query("SELECT * FROM lines_angles_shapes ORDER BY RAND() LIMIT 3");
You are ordering by ORD() so it will give you different records.
No, new modification, just change the limit to 3 (whatever your need).
$query = mysql_query("SELECT * FROM lines_angles_shapes ORDER BY RAND() LIMIT 3");
As your are already getting random values with order by clause it will always return different values so you just need to edit your limit value and you are done!
$query = mysql_query("SELECT * FROM lines_angles_shapes ORDER BY RAND() LIMIT 3");
I have this table: tbl_module_bid
image:
you see users: Ali2,Ali,blackbone,dickface,mhmd
let's call for each one of them it's called $player and the sql query I wanna use in:
mysql_query("UPDATE `bbcsystem`.`tbl_admin` SET games_played = games_played + 1 WHERE username = $player");
I also don't want them to be duplicated
I tried using this script below:
//Update Game Played (not working very good):
$num_qry = "Select DISTINCT * From tbl_module_bid where user = '".$_SESSION['LOGIN_BALANCE_FRONT']['name']."' AND module = '$mod_id' order by bid asc";
$get_pick = $db->get_results($num_qry,ARRAY_A);
foreach($get_pick as $arr_pic)
{
$player = $arr_pic['user'];
mysql_query("UPDATE `bbcsystem`.`tbl_admin` SET games_played = games_played + 1 WHERE username = $player");
}