I have been googling for some time now with out success primarily because the way i am asking is most probably the wrong way.
What i want to know
I have made some PHP scripts that allow users to add data to a table (In a MYSQL datanase) and its displayed on a website, now i am working on the ability to edit and delete the entry however the script i have allow anyone to do this to anyone's entry's.
Now i don't know if there are PHP or Mysql functions that help with this, like i said my goggling has been in vain. So if i could be pointed to a webpage that has this information or better yet an example syntax chunk that will only allow the user that created the entry to modify the entry.
I am assuming there is some type of while or if statement to achieve this.
Example scenario
A user comes along adds an entry the entry is given an id can the user be linked to that id so only he can edit it ?.
Note
I am adding PHP to a word press site so as for the users login information a word press widget is controlling that however i can see the entries are still put in a database field when I'm strolling threw the databases.
What i am asking
Do you know of a webpage/example syntax or tutorial that will show me what i need to know or if ya got enough time explain it to me :).
Thanks
Ben
Update the new entry with the current user's id, where $entry_id is the ID of the new entry
$current_user_id = get_current_user_id(); // current user logged into WordPress
mysql_query("UPDATE `table` SET `user_id`='$current_user_id' WHERE `id`='$entry_id'") or die(mysql_error());
UPDATE: You could also insert the entry with the user_id at the same time with the rest of the data.
mysql_query("INSERT INTO `table` ([other column names], `user_id`) VALUES ([other values], '$current_user_id')") or die(mysql_error());
Check if the current user ID is equivalent to the allowed edit user ID in your database.
$query = mysql_query("SELECT * FROM `table` WHERE `id`='$entry_id' LIMIT 1") or die(mysql_error());
$data = mysql_fetch_array($query);
$allowed_user_edit_id = $data['user_id']; // user id who is allowed to edit
$current_user_id = get_current_user_id(); // current user logged into WordPress
if ($current_user_id == $allowed_user_edit_id) {
// Your code for editing the entry
}
Related
I have a site, and when I login I want to see my user id, I don't know what code to use or what to do.
And I need it in a sql code to:
mysql_query("UPDATE users SET ally='3' WHERE ID =THE CURRENT USER ID ");
Sorry for my bad English. Please help
the main concept of login is that the user logs in with his unique id.with the help of that id you have to fetch the users record.
the as per requirement write the sql as: select or update.
I'm trying to create a system similar to a Facebook LIKE button. I want to allow a user to like a picture, but only let them like it once. After they have liked it, they should only be able to unlike it.
My current code is:
<?php
$id = $_GET["picID"];
include 'db.php';
$colID = str_replace('_', ' ', $_GET['picID']);
$colID = mysql_escape_string($picID);
$sql = "SELECT * FROM picture WHERE id = $id";
$result = mysql_query($sql) or die (mysql_error()."<br/>".sql);
$row = mysql_fetch_array($result);
$update = "UPDATE picture SET likes=likes+1 WHERE id='$id'";
mysql_query($update) or die (mysql_error()."<br/>".update);
echo "Thank you";
?>
Currently I use a hyperlink to trigger the 'Like' action:
<a href='like.php?colID=$row[id]'>Like</a>
At the end I'd like to change this to AJAX so the user can simply click Like (as on Facebook) without any page change. I'm still reading up on how to do this. Is there a particular name for this task? Or can someone show me show I could do this?
EDIT:
The user needs to be logged in to be able to like a picture. I have two unlinked tables, User and Pictures. Currently a user can just keep clicking 'Like' and it adds 1 to the like column.
One method would be to create a table that contains columns for picture IDs and user IDs to show that a person has liked a particular picture. If a user ID is listed in the table with a picture ID, then you should not allow them to like the picture since they have already liked it. You can perform this check with a query to the database that will return a count of a 1 or a 0.
Make a string column in your database to indicate who liked the picture.
If the user is logged in (so can vote), search his name in the string by exploding it and looping it. Then remove his name from the string or add it.
Note that you could also save the array directly to the database using serialization: http://php.net/manual/en/function.serialize.php
For a fast loading, you could have an other column with the count of names of the first columns.
Can someone advise me if I am performing the below steps correctly:
When a user wants to register on the website, register.php handles his/her request. Below is some of the code from register.php:
$sql="INSERT INTO Members (fldFullName, fldEmail, Password, Gender, DOB)
VALUES
('$fname','$email','$pass', '$gender', '$date')";
Particularly when I wrote the above code, I was somewhat new to PHP/MySQL and still am. Therefore, I made all of the fields above manually in the table via phpmyadmin. Furthermore, I also added the ID field manually via phpmyadmin, as the first field with auto increment and primary key of course. Why I did it manually, I can't remember the reason of. But I'm pretty sure that this may be the reason why I'm having problems.
What I'm trying to do is, when a user registers on the website, I want a profile URL to be created for him/her. For example, the field in the table could be named ProfileURL, whereas the actual value could be http://www.domain.com/profile.php?id=1, where the id is inherited from the actual ID in the table. How can I do this with my above code? Did I do something wrong when I decided to save all the fields manually via phpmyadmin? Note: I've also been creating tables, databases, fields manually via phpmyadmin. However, its values are INSERTed automatically of course. Am I even on the right track?
Thank you.
As stated above, you don't need to save a profile URL to the database. I'm guessing all profile URLs are going to follow some standard form (i.e. www.example.com/profile.php?id=1)?
Well, if you saved all of those in your database and then you decided you were going to change the format to something like www.example.com/profile/1 you're going to have a lot of out-of-date data in your database. You're going to have to go through each record and update it, and that could be dangerous on a database table with say, millions of rows.
Therefore, the solution is to have a script that takes a parameter. Say profile.php. As above, you would check for the profile using the data in the $_GET array:
<?php
if (isset($_GET['id'])) {
$id = mysql_real_escape_string($_GET['id']);
$sql = "SELECT * FROM members WHERE id = '$id' LIMIT 1";
$res = mysql_query($sql);
if (mysql_num_rows() > 0) {
$member = mysql_fetch_object($res);
// handle displaying of member's profile here
}
else {
// member does not exist with ID
}
}
?>
That way, if you decide to change the script name or use search engine-friendly URLs, you don't need to change your database structure.
In profile.php, check for $_GET['id'], then if it exists, use a SELECT query for the same ID in the database. It would look something like this.
<?php
if (isset($_GET['id']))
{
$id = (int) $_GET['id'];
$sql = 'SELECT * FROM Members WHERE ID = ' . $id;
// Then the rest of the code to check the results goes here
}
?>
A user with an ID of 1 would be profile.php?id=1
You are doing right. Now write SQL like this:
$sql = sprintf("SELECT * FROM Members WHERE ID=%d", mysql_real_escape_string($_GET['id']));
And you'll be able to get userdata by $_GET['id']. Remember to use mysql_real_escape_string to protect your queries against SQL injection. sprintf is also a good thing to substitute right data types like numbers or strings.
You don't heed to save profile url.
You have to build it dynamically.
Because most of the url remains the samy, only id is changing.
So, get id from the database and add it to the url.
I am having endless troubles with duplicate entries, so I need to check the database, and if a user has already entered that day, their entry will not be submitted and they will be redirected to a landing page that tells them they have already entered that day, and that they may only enter again tomorrow.
The field I would like to check is the id_number field in the database, since each user has a unique id number, so basically, if a user with the same id number submitted on the same date they should be redirected to a landing page, how would I go about doing this? I am still new to a lot of this, so please be forgiving.
Thanx in advance.
before you submit your sql query to add a new record you can read the DB first to make sure the ID is not already in there. Get the users id into a variable and do this query.
$query = "select * from mytable where `id` = '$id'";
$result = mysql_query($query);
then you can count the number of records returned and do different things depending on the result, checking that its zero before adding them. If its not zero then redirect.
if(mysql_num_rows($result) > 0)
{
//add them
}
else
{
//redirect them
}
Hope this helps you out
hey can some one tell me query using php mysql that how to add date and time when a person logged in and logged out inside a database table.
To keep track of the last logging-in and logging-out, you need to add two datetime fields in your "user" table (or any equivalent you can have) ; for instance :
log_in datetime
log_out datetime
Then, when you have a user logging-in, you update the log_in field, with a query such as this one :
update user
set log_in = NOW()
where user_id = 123
Of course, you have to use the right table name ,the right name for the "id" field, and the right user-id ;-)
Same when you detect a user logging-out, for the other field :
update user
set log_out = NOW()
where user_id = 123
(and same notes)
As a sidenote : detecting when a user logs-in is quite easy : he has to type his login/password, or something like that, and you can put the update query in the action of the form used to deal with that...
But detecting logging-out is not as easy : if the user clicks on some "log-out" link, of course, it's easy -- but if the user just closes his browser (or leaves its computer turned on, but just leaves), you don't have any "log-out" action...
It is not easy to detect when the user logs out (close browser or restart the computer)
The solution could be add a last activity field/table to update last activity (page load/request data/view main page) of the user by adding this update on top of all files,
Finally you want to know when the user logs out (or when was the user's last activity)
that you can find from the last activity field/table.
<?php
$userid = ....;
$query = "UPDATE users SET last_activity = NOW() WHERE user_id = $userid;";
mysql_query($query) or die('Error in MySQL query : '.mysql_error());
.
. your code here
.
?>
You can save the time with an SQL query. Say that you have a column called "last_login" which is of the DATETIME datatype. Then you do this when the user logs in:
<?php
$userid = 1337; //This is an example ID
$query = "UPDATE users SET last_login = NOW() WHERE user_id = $userid;";
mysql_query($query) or die('Error in MySQL query. Here is the error message: '.mysql_error());
?>
Note that it's really hard to know when a user logs out. Most users just leave the page without logging out. You could have a field called "last_activity" that you update every time the user does something on the page, and count them as logged out when it's been five minutes since the last recorded activity.
You cannot do it so easy.
You should use session_set_save_handler feature.