I have a table called flagged_posts in my database, and it has the following columns:
id
thought_id
flagged_by_id
What I am trying to do is that if the logged in user has already flagged the post, then don't allow them to flag the post again, and I am trying to achieve this by removing the anchor link and replacing it by a message.
Here is a snippet of my code:
<?php
$query = mysqli_query($connect, "SELECT * FROM user_thoughts WHERE added_by='$user' AND shared ='yes' "."ORDER BY id DESC LIMIT {$start}, {$limit}");
while ($row = mysqli_fetch_array($query)) {
$thought_id = $row['id'];
$message_content = $row['message'];
$date_of_msg = $row['post_details'];
$thoughts_by = $row['added_by'];
$attachent = $row['attachment'];
$shared = $row['shared'];
// getting the id of the user who is logged in.
$see_if_flagged_q = mysqli_query($connect, "SELECT id FROM users WHERE username = '$username'");
$getting_deets = mysqli_fetch_assoc ($see_if_flagged_q);
$logged_in_user_id = $getting_deets ['id'];
echo "
<div class='more_options' style='float: right;'>";
$see_if_flagged_q2 = mysqli_query($connect, "SELECT * FROM flagged_posts WHERE flagged_by_id ='$logged_in_user_id' ");
while ($getting_deets2 = mysqli_fetch_assoc ($see_if_flagged_q2)){
$flagged_post_by_id = $getting_deets2 ['flagged_by_id'];
// If the user logged in has not flagged the post, i.e. there is no data in the database ..
// .. which says their user id has flagged this thought_id.. then display the link...
if ($logged_in_user_id == $flagged_post_by_id){
echo "<a href='/inc/flagged_post.php?id=$thought_id'> Flag </a>";
}
// if there is data stating this user has flagged this thought_id, then echo a message
if ($logged_in_user_id != $flagged_post_by_id) {
echo "Flagged";
}
}
echo " </div>";
}
?>
So assume I am logged in as Conor. Conor has an id of 8 (id obtained from users table). Conor flags a post with an id of 209 (thought_id obtained from user_thoughts table). So in my flagged posts table, I will see the following row:
id: 1
thought_id: 209
flagged_by_id: 8
At the moment, neither link nor the message is appearing. If I change my query, i.e. $see_if_flagged_q2 = mysqli_query($connect, "SELECT * FROM flagged_posts "); (removed the WHERE clause) then I get the message Flagged echo'd four times (because there are four rows in the flagged_posts table and they are echo's on every post, even those which have not been flagged by the logged in user.
Update:
Here is the updated code first of all:
$see_if_flagged_q2 = mysqli_query($connect, "SELECT * FROM flagged_posts WHERE flagged_by_id = '$logged_in_user_id'");
$test_num = mysqli_num_rows ($see_if_flagged_q2);
$getting_deets2 = mysqli_fetch_assoc ($see_if_flagged_q2);
$flagged_post_by_id = $getting_deets2['flagged_by_id'];
if ($flagged_post_by_id == $logged_in_user_id){
echo "<a href='/inc/flagged_post.php?id=$thought_id'> Flag </a>";
echo $test_num;
}
if ($flagged_post_by_id != $logged_in_user_id) {
echo "Flagged";
}
With the above, the link appears for all posts now, even if they are flagged. I have echo'd both $flagged_post_by_id and '$logged_in_user_id', which both echo the value of 12 (the id of Conor from users table). The values are correct and the number of rows returned by $test_num is also correct.
Ok, here's a reworking of your original code. I moved the data gathering part up front, so we have a setup section before we run the while loop on the thoughts. I changed a variable name here and there. Basically, we build a list of flagged entries, and then in the while loop the job is simpler. If the current row id is in the flagged_posts array, it's flagged, else present the link.
// get the id of the current user
$user_id_q = mysqli_query($connect, "SELECT id FROM users WHERE username = '$username'");
$getting_deets = mysqli_fetch_assoc($user_id_q);
$logged_in_user_id = $getting_deets['id'];
// build array of posts flagged by current user
$flagged_posts_q = mysqli_query($connect, "SELECT thought_id FROM flagged_posts WHERE flagged_by_id = '$logged_in_user_id'");
$flagged_posts = array();
while ($row = mysqli_fetch_array($flagged_posts_q)) {
$flagged_posts[] = $row['thought_id'];
}
$query = mysqli_query($connect, "SELECT * FROM user_thoughts WHERE added_by='$user' AND shared ='yes' "."ORDER BY id DESC LIMIT {$start}, {$limit}");
while ($row = mysqli_fetch_array($query)) {
//You could just use $row['foo'] down below, and skip all this
/*
$thought_id = $row['id'];
$message_content = $row['message'];
$date_of_msg = $row['post_details'];
$thoughts_by = $row['added_by'];
$attachent = $row['attachment'];
$shared = $row['shared'];
*/
echo "<div class='more_options' style='float: right;'>";
if (in_array($row['id'], $flagged_posts)){
echo "Flagged";
} else {
echo "<a href='/inc/flagged_post.php?id=".$row['id']."'> Flag </a>";
}
echo "</div>";
}
Related
I'm working on attendance base on login and logout, Is there a way I can make this code work, I'm having a problem on after successfully update the data it will go to another notepad and in there it has a select query that will display the image and basic info of user. But when I tried to logout it displays different user info and images.
Here is my code for php:
<?php
include_once ('connection.php');
if(isset($_POST['submit']))
{
$username2 = $_POST['username2'];
$password1= $_POST['password1'];
$time=date("H:i:s");
$sql = mysqli_query($conn,"SELECT tbl_visitor.Birthday,tbl_visitor.School_Company,tbl_visitor.Contact_number,tbl_visitor.Visitor_Address,tbl_visitor.image,tbl_visitor.Visitor_username,tbl_visitor.Visitor_id,tbl_visitor.Visitor_password,concat(Visitor_first_name,'',Visitor_last_name) as name,
tbl_visitor_form.Time_in,tbl_visitor_form.Time_out , tbl_visitor_form.Number FROM tbl_visitor LEFT JOIN tbl_visitor_form on tbl_visitor.Visitor_id = tbl_visitor_form.Visitor_id WHERE tbl_visitor.Visitor_username = '$username2' and tbl_visitor.Visitor_password = '$password1'
order by Number DESC limit 1");
$count = mysqli_num_rows($sql);
if ($count == 0) {
$_SESSION['error_message'] = "Incorrect username or password";
header("Location:logout.php?");
} else{
while ($row = mysqli_fetch_array($sql)) {
$username2 = $row['Visitor_username'];
$password1 = $row['Visitor_password'];
$name=$row['name'];
$id=$row['Visitor_id'];
$image=$row['image'];
if(empty($row['Time_in'])) {
header("location:visitorvalidate1.php");
} else if(empty($row['Time_out'])){
$InsertSql = "Update tbl_visitor_form set Time_out = '$time' where Visitor_username='$username2' and Visitor_password = '$password1' order by Number DESC limit 1 ";
$res = mysqli_query($conn, $InsertSql);
header("location:outsuccess.php?");
}else{
header("location:visitorvalidate1.php");
}
}
}
}
?>
here is my outsuccess.php:
<?php
include_once('connection.php');
$sql = "select Visitor_username, image, Visitor_name from tbl_visitor_form
order by Number DESC limit 1 ";
$result = mysqli_query($conn,$sql);
while( $row = mysqli_fetch_array($result)) {
$uname=$row['Visitor_username'];
$name=$row['Visitor_name'];
$image=$row['image'];
}
?>
the first query above is working but the second query in select has the problem, it selects different value after the update. for example, there is two user has already login user1 and user2 when I try to logout user1 it successfully updated but it displays the info of user2 instead of user1 on outsuccess.php. Hope you can help me fix this. Advance Thanks
i am retrieving posts from a table called post . I wanted to add a commenting feature to this code, The problem is that the latest posts variables are dominant over others in that if you comment on an older post, the variables of the "latest post(which appears first because of the ORDER BY ID DECS criteria"
Someone help me make this posts independent on their own...Thanks
<?php
$sqlhash="SELECT * FROM posts ORDER BY id DESC ";
$result_hash = mysqli_query($conn,$sqlhash);
while($rowhash = mysqli_fetch_assoc( $result_hash))
{
$user = $rowhash['user'];
$message = $rowhash['post'];
$time = $rowhash['time'];
$id= $rowhash['id'];
$tt = date('m/d/Y H:i:s',$time);
$my_id = $_SESSION['user_id'];
$sql="SELECT * FROM users WHERE Full_name='$user' ";
$result_set = mysqli_query($conn,$sql);
while($row = mysqli_fetch_assoc( $result_set))
{
$select_username = $row['Full_name'];
$profp = $row['pic'];
$my_id = $_SESSION['user_id'];
?>
<center><div class='post' style='width:48%; height:40%; align:middle; text-align:left; margin:30px 0'>
<img width="70" height="70" src='uploads/<?php echo $profp; ?>'><br><p style='color:#0c88b5'><b> <?php echo $id ;?><br><?php echo $user ;?>On:<?php echo $tt ; ?><h4><b><?php echo $message
;?></h4></p><hr>
<?php
$sqlcom="SELECT * FROM comment WHERE hash='$id' ";
$result_com = mysqli_query($conn,$sqlcom);
while($rowcom = mysqli_fetch_assoc( $result_com))
{
$usercom = $rowcom['comment'];
$comenter = $rowcom['user'];
echo "<p style='color:#0c88b5' $comenter</p>". ":" ;
echo $usercom. "<br>" ;
}
if (isset($_POST['commen'])) {
$sqlhash= "SELECT * FROM posts WHERE post= '$message' ";
$result_hash = mysqli_query($conn,$sqlhash);
while($rowhash = mysqli_fetch_assoc( $result_hash))
{
$user1 = $_SESSION['username'];
$comment = $_POST['commen'];
$time = $rowhash['time'];
$time2 = $_SESSION['time'];
$sql3 = "INSERT INTO comment (user, comment, hash) VALUES
('$user1','$comment', '$id')";
if($conn->query($sql3) === TRUE) {
header('Location: timeline.php');
}else {
echo"error";
}
Make some changes at database level in your post table to manage the reply thread on a post.
Add a parent_id column with default null that contains the post id for which the reply or comment is made.
For each comment or reply, put an entry in parent_id column.
To show post, fetch the records having parent_id IS NULL. By this you will get the post only, put order by on id to get in a proper order.
For each post you can retrieve comment or reply by putting a condition like parent_id IS NOT NULL
This will help you.
Ok, so I am building on my first question here https://stackoverflow.com/questions/38102208/php-mysql-how-to-only-echo-links-with-search-bar-post-that-arent-already-echo
trying to only echo only usernames of people whose id is NOT in a mysql table called conversation along with a set id (the person who is signed in).
I echo the people who their id is user_two in a table conversation REGARDLESS if a search bar is posted here:
//$num = mysqli_query($con, "SELECT * FROM `pm_messages` WHERE user_from=".$account['id']."");
$numCon = mysqli_query($con, "SELECT * FROM `conversation` WHERE user_one=".$account['id']."");
$numrows = mysqli_num_rows($numCon);
while ($u = mysqli_fetch_assoc($numCon)) {
//get other users usernames to echo link
$getUserTwo = mysqli_query($con, "SELECT * FROM `accounts` WHERE id=".$u['user_two']."");
$s = mysqli_fetch_assoc($getUserTwo);
//echo $s['username'];
echo "<a href='message.php?id={$s['id']}'><li><img class = 'dmCircle' src = '../images/chatCircle.png'/>{$s['username']} </li></a>";
}
This works well, meaning only individuals who a conversation has been started with (a row exists for this user and the one signed in conversation table) are echoed in a link.
Problem comes here with the search bar because it echoes all individuals even if a conversation has been started, resulting in duplicates:
(notice the 2 khusteds)
This does not make sense because here I select the row in conversation where user_one is the signed in user and user_two is the second user and only echo a link if the result is FALSE (meaning there's no conversation):
if (isset($_POST['searchbarpm'])) {
//$sess->getUsers();
$dbh = mysqli_connect("localhost","username","password","sqlserver");
$query = $_POST['searchbarpm'];
$q = mysqli_query($dbh, "SELECT * FROM sqlserver.accounts WHERE username LIKE '%".$query."%'");
//display all the results
while($row = mysqli_fetch_assoc($q)) {
$checkConvo = mysql_query("SELECT 'id' FROM sqlserver.conversation WHERE user_one=".$user_id." AND user_two=".$row['id']."");
//only output users they dont have convo going with because theyre already printed!!!
if ($checkConvo==false && $row['id']!= $user_id) {
echo "<a href='message.php?id={$row['id']}'><li><img class = 'dmCircle' src = '../images/noChatCircle.png'/> {$row['username']}</li></a>";
}
}
}
But it looks like the query is always false because again, all users are echoed. Why is this happening? How can I only echo users not in conversation table with the signed in user (user_one)?
EDIT:
new code (sorry for screenshot); :
#IanH -
$con = mysqli_connect("localhost","username","password","sqlserver");
//$num = mysqli_query($con, "SELECT * FROM `pm_messages` WHERE user_from=".$account['id']."");
$numCon = mysqli_query($con, "SELECT * FROM `conversation` WHERE user_one=".$account['id']."");
$numrows = mysqli_num_rows($numCon);
while ($u = mysqli_fetch_assoc($numCon))
{
//get other users usernames to echo link
$getUserTwo = mysqli_query($con, "SELECT * FROM `accounts` WHERE id=".$u['user_two']."");
$s = mysqli_fetch_assoc($getUserTwo);
//echo $s['username'];
if(isset($_POST['searchbarpm'])){
//$sess->getUsers();
$dbh = mysqli_connect("localhost","username","password","sqlserver");
$query = $_POST['searchbarpm'];
$q = mysqli_query($dbh, "SELECT * FROM sqlserver.accounts WHERE username LIKE '%".$query."%'");
//display all the results
while($row = mysqli_fetch_assoc($q)){
if($row['id']!= $user_id && $row['id']!=$s['id']) { //only output users they dont have convo going with because theyre already printed!!!
echo "<a href='message.php?id={$row['id']}'><li><img class = 'dmCircle' src = '../images/noChatCircle.png'/> {$row['username']}</li></a>";
}
}
}
else {
echo "<a href='message.php?id={$s['id']}'><li><img class = 'dmCircle' src = '../images/chatCircle.png'/>{$s['username']} </li></a>";
}
}//
First of all, you need change the mysql_query( ... ) on line 9 of your second posted code block to mysqli_query( ... ), for API consistency and compatibility.
Also, you could have duplicate results if you are allowing multiple entries in the conversation table where users A and B can be entered as user1 = A, user2 = B in one conversation, and user1 = B, user2 = A in a different conversation.
Lastly, as Jay Blanchard said, you should use prepared statements to avoid SQL injection.
I'm trying to set up a simple comment system and I want to create the correlation between the comment and the page landed.... so when a user arrives at blog.php?id=3 they would be presented the correct comments.
What I'm doing is creating the comments table with a pageid column. The pageid column will be filled when a user posts to the page. Maybe a hidden form field? How do I make this correlation within my MYSQLI
This is what I was thinking...
<?php
include_once("includes/check_login_status.php");
?>
<?php
// Check to see the URL variable is set and that it exists in the database
if (isset($_GET['id'])) {
// Connect to the MySQL database
include "includes/db_conx.php";
$id = preg_replace('#[^0-9]#i', '', $_GET['id']); // filter everything but numbers
// Use this var to check to see if this ID exists, if yes then get the product
// details, if no then exit this script and give message why
$sql = "UPDATE content SET views=views+1 WHERE ID=$id";
$update = mysqli_query($db_conx,$sql);
$sql = "SELECT * FROM content WHERE id=$id LIMIT 1";
$result = mysqli_query($db_conx,$sql);
$productCount = mysqli_num_rows($result);
if ($productCount > 0) {
// get all the product details
while($row = mysqli_fetch_array($result)){
$article_title = $row["article_title"];
$category = $row["category"];
$readmore = $row["readmore"];
$author = $row["author"];
$date_added = $row["date_added"];
$article_content = $row["content"];
}
} else {
echo "That item does not exist.";
exit();
}
} else {
echo "Data to render this page is missing.";
exit();
}
?>
<?php
include_once "includes/db_conx.php";
$sql = "SELECT * FROM comment WHERE pageid ="$id"ORDER BY id DESC";
$sql_comments = mysqli_query($db_conx,$sql);
while($row = mysqli_fetch_array($sql_comments)){
$name = $row["name"];
$comment = $row["comment"];
$commentlist .= 'name : '.$name.'<br />comment : '.$comment.'<hr>';
}
//////////////
?>
Is the lower half in scope of the get variable? So that I can determine what page we're on? Can this type of variable be passed thorugh a variable in the comment form?
The 3rd sql statement contains an error:
$sql = "SELECT * FROM comment WHERE pageid ="$id"ORDER BY id DESC";
to
$sql = "SELECT * FROM comment WHERE pageid =".$id."ORDER BY id DESC";
You might also want to change the pre_replace statement to intval:
$id = preg_replace('#[^0-9]#i', '', $_GET['id']);
to
$id = intval($_GET['id']);
The reason being if $_GET['id'] = 'ABC123' then preg_replace will return 123 whereas the intval will return 0.
I'm working in Drupal 6 with CCK. Under each text field there is a PHP section where you can run some PHP code to get allowed values. I'm running into trouble using an "if" statement to change the allowed values based on user type
So to start, I do a query to determine current users user type. -1 is default user, which is employees and user type id "1", is for site users. What I want is to restrict the site user to only the allowed values they need to see, while allowing employees to edit that value when on the node edit screen with all choices.
The first part of the if statement works. However, the "else" part doesn't work. Is this field set up to deal with control structures?
global $user;
$sql1 = "SELECT user_type_id FROM user_types_user WHERE uid = ".$user->uid." ";
$res1 = db_query($sql1);
if($res1 == '1'){
$sql = "SELECT account FROM users WHERE uid = ".$user->uid." ";
$res = db_query($sql);
while($row = db_fetch_array($res)){
$rows[] = $row['account'];
}
$rows = drupal_map_assoc($rows);
return $rows;
}
else {
$sql2 = "SELECT title FROM node WHERE type = 'accounts' ";
$res2 = db_query($sql2);
while($row2 = db_fetch_array($res2)){
$rows2[] = $row2['title'];
}
$rows2 = drupal_map_assoc($rows2);
return $rows2;
}
The choices are type=accounts in nodes, however, when a user is created one of the choices is selected and stored in the user table, under a column I created named "account"
If by 'the "else part does not work' you mean that it is never executed, even if user_type_id does not equal 1, it might be the missing db_fetch_array() on $res1. You're comparing your result object directly to the string '1', not the field value.
Here is the working code for this. There may have been a quicker/shorter way to do this.
global $user;
$sql1 = "SELECT user_type_id FROM user_types_user WHERE uid = ".$user->uid." ";
$res1 = db_query($sql1);
while($type = db_fetch_array($res1)){
$types[] = $type['user_type_id'];
}
$resType = $types[0];
if($resType == "1"){
$sql = "SELECT account FROM users WHERE uid = ".$user->uid." ";
$res = db_query($sql);
while($row = db_fetch_array($res)){
$rows[] = $row['account'];
}
$rows = drupal_map_assoc($rows);
return $rows;
}
else {
$sql2 = "SELECT title FROM node WHERE type = 'accounts' ";
$res = db_query($sql2);
while($row2 = db_fetch_array($res)){
$rows2[] = $row2['title'];
}
return $rows2;
}