Adding session in while (mysql)

Adding session in while (mysql) - php

if(isset($_SESSION['username']))
{
$con = mysql_connect('localhost','root','');
mysql_select_db('chatbox',$con);
$result = mysql_query("SELECT id FROM users");
mysql_query("UPDATE users SET `online` = 0 WHERE `username` = ".$username."");
}
Can you make the username is session (that is logged in) to be equal to
mysql_query("UPDATE users SET `online` = 0 WHERE `username` = "to_put_it_here");

Simple and cute trick
$username = $_SESSION['username'];
if(isset($username))
{
$con = mysql_connect('localhost','root','');
mysql_select_db('chatbox',$con);
$result = mysql_query("SELECT id FROM users");
mysql_query("UPDATE users SET `online` = 0 WHERE `username` = '$username' ");
}

If I was you, I would be using PDO. Although I think this would help you
mysql_query("UPDATE users SET `online` = 0 WHERE `username` = $_SESSION['username']);

Related

SQL update row if key exists else update a default row

Here is what I am trying to do (in pseudo code)
if (dB entry exists) {
UPDATE the dB entry
}else{
UPDATE a default dB entry
}
This is not a "INSERT INTO ... ON DUPLICATE" question.
I'm hoping there is some kind of UPDATE ... ON DUPLICATE type of slick code to do this in one line.
My code creates $userName from the $_GET['U'] request. If $userName exists in the database (it's a unique key), then increment a counter in the database. Else, increment a counter for a default entry.
Here is my current code to update the counter:
$userName = $_GET['U'];
$sql = "UPDATE `stats` SET `count`= `count` + 1 WHERE `userName` = '" . $userName . "'";
mysqli_query($conn,$sql);
And if this particular username doesn't exist, I want this to happen:
$sql = "UPDATE `stats` SET `count`= `count` + 1 WHERE `userName` = 'default'";
mysqli_query($conn,$sql);

Are you looking for this,
$userName = $_GET['U'];
$query_uname_exists = "SELECT count(*) FROM stats WHERE `userName` = '" . $userName . "'";
$uname_count = mysqli_query($conn,$query_uname_exists);
if($uname_count > 0){
#update
$sql = "UPDATE `stats` SET `count`= `count` + 1 WHERE `userName` = '" . $userName . "'";
mysqli_query($conn,$sql);
}
else{
#update default
$sql = "UPDATE `stats` SET `count`= `count` + 1 WHERE `userName` = 'default'";
mysqli_query($conn,$sql);
}

Use the following query
$sql = "Update stats SET count = count + 1 where username = (case when username= ". $userName ". then username else 'default' end)";

This is the most I can shrink it for you:
$userName = mysqli_query($conn, "SELECT count(*) FROM stats WHERE `userName` = '".$_GET['U']."' LIMIT 1") == 0 ? 'default' : $_GET['U'];
mysqli_query($conn, "UPDATE `stats` SET `count`= `count` + 1 WHERE `userName` = '".$userName."' LIMIT 1");

Boolean given where parameter should be resource

I'm having one error when I try to use my function and I don't know how can I fix it.
function is_valid($email_e, $email_code_e, $username_e) {
$email = mysql_real_escape_string($email_e);
$email_code = mysql_real_escape_string($email_code_e);
$username = sanitize($username_e);
return (mysql_result
(mysql_query
("SELECT COUNT(*) FROM `users`
WHERE `username` = $username
AND `email_code` = $email_code
AND `email` = $email"), 0) == 1) ? true : false;
}
Warning: mysql_result() expects parameter 1 to be resource, boolean given in /home/meuts3/public_html/core/functions/users.php on line 34
I'm trying to make a forget password system and when someone try to get a new password, he receives a link with email_code, username and email. When he clicks, he goes to a changepassword page, in this page, I will check if these information is valid using the function is_valid, so if is_valid I have to return the user_id to start a session user_id.
How can I do that?
Thanks, I really appreciate you guys.

You have an error in sql statement. You must quote $username, $email_code & $email in ''.
SELECT COUNT(*) FROM `users` WHERE `username` = '$username' AND `email_code` = '$email_code' AND `email` = '$email'
So mysql_query returns false, not a resource object.

Try this:
function is_valid($email_e,$email_code_e,$username_e) {
$email = mysql_real_escape_string($email_e);
$email_code = mysql_real_escape_string($email_code_e);
$username = sanitize($username_e);
$sql = "SELECT user_id FROM `users`
WHERE `username` = $username
AND `email_code` = $email_code
AND `email` = $email";
$result = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($result) <= 0)
return -1;
return mysql_result($result,1);
}

first, avoid mysql_* functions as they're deprecated.
second,
the process should be like,
we select the user_id
If number of rows fetched is 0 then no such user else we get a unique user_id
so let's write the sql considering your column name for user_id is user_id and user_id is always>0:
$q = "SELECT user_id FROM `users` WHERE `username` = '$username' AND `email_code` = '$email_code' AND `email` = '$email'";
$r = mysql_query($q); //warning I don't like mysql_* functions
if(mysql_num_rows($r)>0){ //we have got more than 0 rows
$d = mysql_fetch_assoc($r);
return $d['user_id'];
} else { // No such username, email, email_code combination found in database
return 0;
}

hash passwords not matching

I'm using the functions below. When I register a user, the hash seems to work fine. When I try to login the hash doesn't match. It has the correct hash, plus extra hash.
What's the issue?
function salt($pass){
$salt = 'hello';
return hash('sha512', $pass.$salt);
}
function valid_credentials($user,$pass) {
$user = mysql_real_escape_string($user);
$pass = salt($pass);
$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '".$user."' AND `password` = '{$pass}' ");
return (mysql_result($total, 0) == '1' ) ? true : false;
}
function add_user($user, $pass) {
$user = mysql_real_escape_string(htmlentities($user));
$pass = salt($pass);
$time = now();
mysql_query("INSERT INTO `users` ( user_name, password, date_created ) VALUES ( '{$user}', '{$pass}', '{$time}' )");
}

I think in your validation code this line:
$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '".$user."' AND `password` = '{$pass}' ");
needs to be changed to something like so:
$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '".$user."' AND `password` = '".$pass."' ");
Right now it appears to be checking for the password column being equal to "{$pass}".

just double check your value returned before and after inserting the value to db table. Echo it with a trim function. or use strcmp to check the values that is inserted in the db with your generated value.

MySQL rows are not being updated upon deletion

I am deleting a row (user) from the table Accounts and I am trying to set the values "Following Count" and "Follower Count" to their value with one subtracted. But for some reason that does not happen. The account deletes successfully, but the decrement doesn't happen.
Please can you tell me what I am doing wrong:
$query = mysql_query("SELECT * FROM `Accounts` WHERE `Username` = '$username' AND `Password` = '$password' AND `Email Address` = '$emailAdd'");
if (mysql_num_rows($query) < 1) {
exit("Account doesn't exist");
}
$row = mysql_fetch_assoc($query);
$id = $row["id"];
$query = NULL;
mysql_query("DELETE FROM `Comments` WHERE `accountID` = '$id'");
mysql_query("DELETE FROM `Likes` WHERE `accountID` = '$id'");
mysql_query("DELETE FROM `Posts` WHERE `accountID` = '$id'");
mysql_query("DELETE FROM `Accounts` WHERE `id` = '$id'");
$arg = mysql_query("SELECT * FROM Following WHERE followingUserID = '$id'");
if (mysql_num_rows($arg) >= 1) {
for ($i = 0; $i < mysql_num_rows($arg); $i++) {
$arr = mysql_fetch_assoc($arg);
$followingUserID = $arr['followingUserID'];
$followedUserID = $arr['followedUserID'];
$art = mysql_fetch_assoc(mysql_query("SELECT `Following Count` FROM Accounts WHERE `id` = '$followedUserID'"));
$followingCount = $art['Following Count'];
$followingCount = $followingCount-1;
$arts = mysql_fetch_assoc(mysql_query("SELECT `Follower Count` FROM Accounts WHERE `id` = '$followingUserID'"));
$followedCount = $arts['Followed Count'];
$followedCount = $followedCount-1;
mysql_query("UPDATE Accounts SET `Following Count` = '$followingCount' WHERE `id` = '$followingUserID'");
mysql_query("UPDATE Accounts SET `Follower Count` = '$followedCount' WHERE `id` = '$followedUserID'");
mysql_query("DELETE FROM Following WHERE followingUserID = '$id'");
}
}
exit("Closed");

Why not simply do
mysql_query("UPDATE Accounts SET `Following Count` = (`Following Count` - 1) WHERE `id` = '$followingUserID'");
mysql_query("UPDATE Accounts SET `Follower Count` = (`Following Count` - 1) WHERE `id` = '$followedUserID'");
this way you wont need the 2 selects.

MySQL not decrementing values

I can't get the values in the table Accounts to decrement when I try to delete a post. The values I would like to decrement are "PostCount", "Likes Count" and "CommentsCount". Currently only the "PostCount" works.
Please can you tell me what I am doing wrong:
$arg = mysql_query("SELECT `numberOfLikes` FROM Posts WHERE `id` = '$postID'") or die(mysql_error());
$query = mysql_query("SELECT * FROM Likes WHERE `postID` = '$postID'");
while ($row = mysql_fetch_assoc($query)) {
$b = $row['accountID'];
mysql_query("UPDATE Accounts SET `numberOfLikes` = (`numberOfLikes` - 1) WHERE `id` = '$b'");
}
$arg = mysql_query("SELECT `numberOfComments` FROM Posts WHERE `id` = '$postID'");
$query = mysql_query("SELECT * FROM Posts WHERE `id` = '$postID'");
while($row = mysql_fetch_assoc($arg)) {
$b = $row['accountID'];
mysql_query("UPDATE Accounts SET `CommentsCount` = (`CommentsCount` - 1) WHERE `id` = '$b'");
}
$arg = mysql_query("SELECT `PostCount` FROM Accounts WHERE `id` = '$accountID'");
while ($row = mysql_fetch_assoc($arg)) {
mysql_query("UPDATE Accounts SET `PostCount` = (`PostCount` - 1) WHERE `id` = '$accountID'");
}
mysql_query("DELETE FROM Likes WHERE `postID` = '$postID'");
mysql_query("DELETE FROM Comments WHERE `postID` = '$postID'");
mysql_query("DELETE FROM Posts WHERE `id` = '$postID' AND `accountID` = '$accountID'") or die(mysql_error());
exit("Deleted post");

First up looping queries kills your execution time. You want to limit it to as little queries as possible, this is where implode comes into play:
// what is this for? I do not see it being used. $arg = mysql_query("SELECT `numberOfLikes` FROM Posts WHERE `id` = '$postID'") or die(mysql_error());
$query = mysql_query("SELECT * FROM Likes WHERE `postID` = '$postID'");
while ($row = mysql_fetch_assoc($query)) {
$b[] = $row['accountID'];
}
mysql_query("UPDATE Accounts SET `numberOfLikes` = (`numberOfLikes` - 1) WHERE `id` IN(" . implode(',', $b) . ")") or trigger_error('MySQL Update Failed: ' . mysql_error());
This will be much more efficient and have to same effect.
The next query, should be similar:
$arg = mysql_query("SELECT `numberOfComments` FROM Posts WHERE `id` = '$postID'");
// again an extra unnecessary query not being used. $query = mysql_query("SELECT * FROM Posts WHERE `id` = '$postID'");
$b=array();
while($row = mysql_fetch_assoc($arg)) {
$b[] = $row['accountID'];
}
mysql_query("UPDATE Accounts SET `CommentsCount` = (`CommentsCount` - 1) WHERE `id` IN(".implode(',', $b) . ")") or trigger_error(mysql_error());
This next one, I do not even know why you are looping through it:
//$arg = mysql_query("SELECT `PostCount` FROM Accounts WHERE `id` = '$accountID'");
//while ($row = mysql_fetch_assoc($arg)) {
mysql_query("UPDATE Accounts SET `PostCount` = (`PostCount` - 1) WHERE `id` = '$accountID'") or trigger_error(mysql_error());
//}
As you are not utilizing that data anywhere, just run the update query.
Implementing the above should speed up your application and reduce redundancy. implode is very handy and running 1 query vs several is almost always preferred. I am not sure if that will solve your problem, but it is a huge step in the right direction in fixing your code.

I re-coded my if statement containing the code I posted and it is now working perfectly:
mysql_query("UPDATE Accounts SET `PostCount` = (`PostCount` - 1) WHERE `id` = '$accountID'");
$query = mysql_query("SELECT * FROM Likes WHERE `postID` = '$postID'") or die(mysql_error());
while($row = mysql_fetch_assoc($query)) {
$accID = $row['accountID'];
mysql_query("UPDATE Accounts SET `Likes Count` = (`Likes Count` - 1) WHERE `id` = '$accID'");
}
$query = mysql_query("SELECT * FROM Comments WHERE `postID` = '$postID'");
while($row = mysql_fetch_assoc($query)) {
$accID = $row['accountID'];
mysql_query("UPDATE Accounts SET `CommentsCount` = (`CommentsCount` - 1) WHERE `id` = '$accID'");
}
mysql_query("DELETE FROM Likes WHERE `postID` = '$postID'");
mysql_query("DELETE FROM Comments WHERE `postID` = '$postID'");
mysql_query("DELETE FROM Posts WHERE `id` = '$postID' AND `accountID` = '$accountID'") or die(mysql_error());
exit("Deleted post");

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

Adding session in while (mysql) - php

Simple and cute trick $username = $_SESSION['username']; if(isset($username)) { $con = mysql_connect('localhost','root',''); mysql_select_db('chatbox',$con); $result = mysql_query("SELECT id FROM users"); mysql_query("UPDATE users SET `online` = 0 WHERE `username` = '$username' "); }

If I was you, I would be using PDO. Although I think this would help you mysql_query("UPDATE users SET `online` = 0 WHERE `username` = $_SESSION['username']);

Related

SQL update row if key exists else update a default row

Boolean given where parameter should be resource

hash passwords not matching

MySQL rows are not being updated upon deletion

MySQL not decrementing values

Categories

Resources