I am working on a user profile page, and I have made it to where a user can post text and that will be uploaded to the "posts" database. That all works fine. But now I want to make it to where if a user goes to a users profile, it will echo out all their user posts. The database is laid out this way:
post_id user_id content
And I want to make it to where when a user lands on a user's page it grabs their $user_id and then forms a mysql_query and then echos out all of their posts that are present in the users database. What would be the best way to do this? Thanks
So far I have tried this:
mysql_result("SELECT * FROM posts WHERE user_id = $user_id");
You are doing right thing.
You have to just fetch all the data using the while loop.
like.
$res=mysql_query("SELECT * FORM posts WHERE user_id=$user_id");
while($row=mysql_fetch_assoc($res))
{
echo $row['post_id'];
}
You got my point?
// execute the query
$stmt = mysql_query("SELECT * FROM posts WHERE user_id ='".$user_id."'");
then fetch using different php functions used to fetch data and display..
while($row = mysql_fetch_array($stmt)){
echo $row['db_column_field'];
}
Related
I am trying to create a social media prototype where user can log in, add others, send small file to others, etc. at the add friends page I have printed all the users name. when printing my name is also getting printed. what I want is to hide my my name from that list so that I get a list of all the other person except mine.
Try This:
select * from table where user_name not in ($_SESSION["name"]);
select * from table where user_name != '$_SESSION["name"]';
from php session you will get loggin user id, use that userid in your mysql query like following
$query = "select * from users where user_id not in(".$loggedInUserId.")";
where $loggedInUserId is the php session user id.
I have written an SQL query and a $_SESSION cookie called "username" basically what I am trying to do is query the database for the "logged in" users rank that is contained in the "rank" column in the "members" table of my database.
Here is my header code to check that they are actually logged in (otherwise it redirects them to the login page)
session_start();
if (!isset($_SESSION['username'])) {
header("location:login/main_login.php");
}
AND Here is what I have so far for my query but I have absolutely no clue how to proceed in only selecting the user that is logged in. Note: I am aware that the query is not completed
$result = $conn->query("SELECT rank FROM members WHERE ");
$userrank = $result->fetchAll(PDO::FETCH_OBJ);
I've also set a variable for MyRank so that I can check the users rank to display specific content. (Not sure if that really matters in terms of my query but hopefully you get the idea.)
$MyRank = $userrank[1]->rank;
EDIT: additional information.
So basically I am trying to display content based on what the users rank is in my database. IE) if they are an administrator I want to show specific html. If they are a user I want to show a different set of html. How I'm doing it currently (that isn't working) is by a php if statement like so:
if ($MyRank == "Administrator"){
echo adminpanel();
}else if ($MyRank == "User") {
echo userpanel();
}
Basically the problem I'm having is that my User or Admin panels wont display unless ALL the users in my database are "Administrator" or "User". If there is an Administrator and a User in that table it will show nothing at all.
Based on guesses:
$authUser = $_SESSION['username']; // get the logged in user from session, guess this is the username
$result = $conn->query("SELECT rank FROM members WHERE username='$authUser';");
// if its userid then userid=$authUser without single quotes
$userrank = $result->fetchAll(PDO::FETCH_OBJ);
So right now, I've got a working PHP script that can delete posts from my network. But right now, everyone is able to delete everyones posts if they are logged in. I want restrict this to the authors of the posts, so they are only able to delete their own posts. How can I do this?
This is how my delete.php it looks like:
<?php
session_start();
if (empty($_SESSION['user_id'])) {
header('Location: index.php');
exit;
}
$user_id = $_SESSION['user_id'];
include "connect.php";
if(isset($_GET['id'], $user_id))
{
mysqli_query($GLOBALS["___mysqli_ston"], "DELETE FROM posts WHERE id=".$_GET['id']);
mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE users SET posts = posts - 1 WHERE id='$user_id' ");
header("location: index.php");
}
mysqli_connect();
?>
In the main page where the posts are being displayed, the button is displayed like this:
Delete
It finds the postid itself. I have two tables, users and posts. Both has the column user_id, so the post table does get same user_id as in users_id.
First, your code is not safe!
Keep in mind that everyone can mess with your system when not escaping user input! You should read more about here
As you are checking already by the session if the deleting user is logged in, you now have to fetch the data from the deleting post (look for the post with the given post id in $_GET['id'] (ESCAPE IT!!!)) in table "posts". As you said, your table "posts" contains the field "user_id" and if you get this value you can simply compare it by the id given by $_SESSION["user_id"]
I have two tables (blog_members and blog_posts) which are related 1 to many, 1 member to many posts. Therefore, in order to be able to relate the two I had to make one field in blog_posts named memberID and set up the relation between this field and the one from blog_members.
Now, I'm trying to make a script to add posts into the database. The thing is, now I have the field memberID in blog_posts which needs to be the same with the one from blog_members in order to be related. So, I'm trying to get the current logged in memberID from the blog_members so I can introduce it into the blog_posts.
I know this can be done with an input where you can type your ID but it doesn't feel right, I want this to be in the back, not to be seen.
Short story:
$memberID = get current logged in memberID from blog_members;
//insert into database
$sql="INSERT INTO blog_posts (memberID, postTitle,postDesc,postCont,postDate) VALUES('$memberID',$postTitle','$postDesc','$postCont','$postDate')";
$result=mysqli_query($link,$sql);
if($result){
echo '<p>Added successfully!</p>';
}else {
echo "Error: ".$sql."<br>".mysqli_error($link);
}
Normally you would store the ID of the logged in user in a session:
$_SESSION['login_userid'] = // THE USER ID OBTAINED FROM LOGIN
Now it will be stored in the browser as $_SESSION['login_userid'] and you can just put this to the top of your code:
$memberID = $_SESSION['login_userid'];
On every page where you use sessions you must run session_start() before the first line of HTML code. If you are not sure how to create your own login system, have a look at this tutorial.
Note: memberID is not unique in the blog_posts table, as one user can create many posts. You should probably create a primary key blogpostID as well.
This is a PHP/ databaseMySQL Question.
How do I take a number that user has enter entered in a php/html self referencing form and compare it to the data in the database and pull the users info by just using the id number they entered and then echoing the specified users info.
But the id will be different depending on what user is trying to access the data.
For instance
like:
SELECT * FROM clothes WHERE id =client id?
I do not know the correct syntax. I am new with php and mysql. I apologize in advance if this is too vague.
ok lets see if I can explain this better. Bob goes to a web page enters in his customer id of 45 and hits submit. It then takes his id and pulls and outputs the info related to that id for him to see.
"SELECT * FROM clothes WHERE id ='".$client id.'";
Or try googling
$id= mysqli_real_escape_string($_POST['id']);
$result = mysqli_query($connect, "SELECT * FROM clothes WHERE id='$id'");
if ($result->num_rows) {
echo "ID exist!";
}
else
{
echo "ID doesnt exist!"
}