I have a reviews system on my site where users can rate other users. When a user logs in they can go to their pending reviews section where they can either approve or delete a review.
I pull through the reviews from the table ptb_reviews and list them on the page reviews.php. Each review then has an approve or delete link which goes to either approve_review.php or delete_review.php and in there is the SQL function to set the relevant column in my table, so approve or delete, from 0 to 1.
So if a user approves a review it updates approve in the table to 1 where that specific review has been chosen to be approved and then its the same for deleted.
I'm having a problem in that when I try to approve or delete a review, I echo out the query to test it to see what's happening and to see if its doing what I'm asking it to do and I get this:
UPDATE ptb_reviews SET approved = 1 WHERE id = '' LIMIT 1
this is implying that it cant find the review id and it wont therefore apply the update to 1 in the table where appropriate for that review.
here's my code for reviews.php where the reviews are pulled through:
<?php
$reviews_set = get_new_reviews();
while ($reviews = mysql_fetch_array($reviews_set)) {
$review_id = (int) $_GET['review_id'];
// Just this, is a great security enhancement. Forces the variable to be int (like all id's are).
// You can also check if its a numeric by doing
if (is_numeric($review_id)){
// continue with the update query
} else {
// something fishy is going on..
}
?>
<div class="prof-content-pend-reviews" id="reviews">
<div class="pend-review-content">
<?php echo "{$reviews['content']}"; ?>
</div>
<div class="message_pic">
<?php echo "<img width=\"50px\" height=\"50px\" src=\"data/photos/{$reviews['from_user_id']}/_default.jpg\" />";?>
</div>
<div class="forum-text">
<?php echo "Posted by {$reviews['display_name']}"; ?> <?php echo "".$age." days ago"; ?>
</div>
<div class="approve"></div>
<div class="delete"></div>
</div>
<? } ?>
And next is my code that carry's out the SQL function for approve_review.php:
<?php
require_once("session.php");
require_once("functions.php");
require('_config/connection.php');
$query = "UPDATE ptb_reviews SET approved = 1 WHERE id = '$review_id' LIMIT 1";
mysql_query($query, $connection);
echo $query;
die();
// See what is really sent to MySQL
if (!mysql_query($query, $connection)){
die(mysql_error());
}
?>
I'm basically asking is the reason nothing updates because it can not find the id for the review which is being either approved or deleted and what can I do to get it to update and so that it knows which review I'm asking it to approve or delete?
I'm still learning PHP and MySQL so if someone could show me or explain what to do that'd be great.
You are getting the query variable like this:
$review_id = (int) $_GET['review_id'];
But in your link you use:
<a href="includes/approve_review.php?review=<?php echo $reviews['review_id']; ?>">
^^^^^^
So your review ID is stored in $_GET['review'] and not $_GET['review_id'].
To start you should change that line to (or the other way around...):
$review_id = (int) $_GET['review'];
Related
I have a page called profiles.php that displays the users own information when logged in. Recently I made it so the user can click on the name of someone else and it will take them to profiles.php. I want it to display the user's they clicked on profile/information, but it only shows your own information.
The way I have the page now is, it uses a session varaible based on if your logged in and from there it puts your data out in its designated places if that makes sense.
//if theuser is logged in then it turns their database id into a variable for later use
if(isset($_SESSION['userUid'])){
$current = $_SESSION['Id'];
}
//This is the link a person clicks on thats supposed to take them to that user's page. $post is a varaible from a foreach. I tried to make it so once they click it takes them to profiles.php users id (href = "profiles.php/id"'.$post["idUser"].'")
<a href = "profiles.php/id"'.$post["idUser"].'" ><h1>'.$post["UserID"].'</h1></a>
I expect the output to be taking the the current user to the desired user's profile page, but the actual output is taking the current user to their own profile page.
From what I understand you would like to show specific users profile information.
// define your connection
require_once('connection.php');
$users = mysql_query($conn, "Select id, name from users);
$row = mysql_fetch_array($users)
?>
<ul>
<?php
while($row){
echo <? <a href='profile_display.php?id=<?php $row['id'] ?> > <li> <?php $row['name'] ?> </li></a> ;
}
</ul>
in profile display.php
<?php
require_once'connection.php' ;
$id = $_GET['id'];
if(isset($id)) {
$result = mysql_query($conn, 'select * from users where id=$id);
if(!empty($result)) {
// display all value here
} else {
echo "No user profile information was found!"
}
?>
This code is not tested by me. But I would say this is the strategy needed to be used here.
Pseudocode:
List all users
User click specific other user, grab their id
make a query on db for the user information
display if available else display error information
Hope this helps!
I'm trying to write a system that shows who is logged into my website.
I've tried so many things, and I feel like I'm onto something with this - but it isn't working. I need help trying to find where I am going wrong.
Here is my display code (I know I shouldn't format with tables, but I am using it for testing):
<?
$loggedInUsers2 = "SELECT * FROM techs WHERE Level='0' AND LastTimeSeen>DATE_SUB(NOW(), INTERVAL 5 MINUTE)";
$loggedInUsers3 = "SELECT * FROM techs WHERE Level>'0' AND LastTimeSeen>DATE_SUB(NOW(), INTERVAL 5 MINUTE)";
?>
<div class="col-sm-4">
<div class="thumbnail">
<center><h4 style="height:35px;">Users Online</h4></center>
<div class="modal-body" style="min-height:498px;">
<table>
<tr><td>
<?
mysqli_query($con, $loggedInUsers2) or die("Error " . mysqli_error($con));
while($row2 = mysqli_fetch_array($loggedInUsers2)) { //if level less than 1
echo $row2['Name']."<br/>";
}
?>
</td><td>
<?
mysqli_query($con, $loggedInUsers3) or die("Error " . mysqli_error($con));
while($row3 = mysqli_fetch_array($loggedInUsers3)) { //if level more than 1
echo $row3['Name']."<br/>";
}
?>
</td></tr>
</table>
</div>
</div>
</div>
Here is my saving to the database:
$userId = $_SESSION['UserId'];
$loggedInUsers1 = "UPDATE techs SET LastTimeSeen=NOW() WHERE UniqueID='$userId'";
mysqli_query($con, $loggedInUsers1) or die("Error " . mysqli_error($con));
This outputs to my database (In the LastTimeSeen field) to something like 2015-12-21 08:35:43 (Updates every few seconds via jquery reloading the footer of the page)
Basically, there is just no output in the tables from the first page.
EDIT:
It was suggested to use the login button to set a user active, and the logout button to set them inactive - here is my response to that:
"The problem with that is people won't use the logout button. They will just close the browser. I want this to keep track of only users that are online. The footer updates the time in the database, every couple of seconds, and then the table is listed on a part of the page that reloads every few seconds aswell, so they are both always up to date. It should only list people that have been on a page in the past 5 minutes."
When you use mysqli_query it returns a result object. You need to pass this object into mysqli_fetch_array not the query string.
<?
$loggedInUsers2 = "SELECT * FROM techs WHERE Level='0' AND LastTimeSeen>DATE_SUB(NOW(), INTERVAL 5 MINUTE)";
$loggedInUsers3 = "SELECT * FROM techs WHERE Level>'0' AND LastTimeSeen>DATE_SUB(NOW(), INTERVAL 5 MINUTE)";
?>
<div class="col-sm-4">
<div class="thumbnail">
<center><h4 style="height:35px;">Users Online</h4></center>
<div class="modal-body" style="min-height:498px;">
<table>
<tr><td>
<?
$results1 = mysqli_query($con, $loggedInUsers2) or die("Error " . mysqli_error($con));
while($row2 = mysqli_fetch_array($results1)) { //if level less than 1
echo $row2['Name']."<br/>";
}
?>
</td><td>
<?
$results2 = mysqli_query($con, $loggedInUsers3) or die("Error " . mysqli_error($con));
while($row3 = mysqli_fetch_array($results2)) { //if level more than 1
echo $row3['Name']."<br/>";
}
?>
</td></tr>
</table>
</div>
</div>
</div>
I think because last seen = now is only equal to NOW when the query runs no? meaning that its set to now for only the split second? i could be wrong but throwing ideas out there. to be honest I think there is an easier way to do this aswell!
When you log a user in also run a query to update a field.. so on log in
//Code to log in
if password and email comp is found in database then log user in
//Code to set user active
UPDATE user WHERE username& password match, SET active = TRUE or 1 or something of the sort.
Then on logout set active = to false or 0, I hope you see the logic im trying to explain here, I would write the code but been too deep in laravel and not touched vanilla db management for a while now.
I think this task shouldn't be done with MySQL at all. Because you're going to face a huge overload and database deadlocks when there will be thousands of visitors opening a new page every second.
You would be better off by using a RAM-based database, like Redis (http://redis.io).
In Redis, you can set automatically expiring entries (let's say, for 5 minutes) for currently active visitors. If that entry is not updated for 5 minutes, it would be automatically deleted. I would suggest to use Redis command SETEX for that.
You wouldn't need to worry about people who are not logging out and you would achieve exactly what you want in an efficient way.
So as spotted earlier you will want to change the following on both lines of code.
mysqli_query($con, $loggedInUsers2) or die("Error " . mysqli_error($con));
while($row2 = mysqli_fetch_array($loggedInUsers2)) { //if level less than 1
echo $row2['Name']."<br/>";
}
TO
$query_1 = mysqli_query($con, $loggedInUsers2) or die("Error " . mysqli_error($con));
while($row2 = mysqli_fetch_array($query_1)) { //if level less than 1
echo $row2['Name']."<br/>";
}
The problem is that the parameters passed into the mysqli_fetch_array is not the query object, Meaning the loop was just going through a MySQL statement not the object.
So i'm trying to implement a Private messaging system and so i use this code to extract the info from an SQL table:
$query = mysql_query("SELECT * FROM `pm` WHERE `to` = '{$_SESSION['user_id']}'");
$pm = mysql_fetch_array($query);
and essentially all this code does is pulls values from columns
(INT) from, (INT) to, (VARCHAR) subject and (VARCHAR) message
and it all worked until i sent more then 1 message to the same user.
thise code only shows the first message, and i have no idea how to make it show all the messages, so any help would be appriciated.
EDIT
Forgot to mention that the table itself is named 'pm'
EDIT2
this is how i echo the output:
<h3>From: </h3><?php echo $pm['from']; ?>
<h3>Subject: </h3> <?php echo $pm['subject']; ?>
<h3>Message: </h3> <?php echo $pm['message']; ?>
You didn't really tell us how you were echoing out the PM's. But here's how you would print every one.
while ($row = mysql_fetch_array($query)) {
echo $row['message'];
}
Not sure if this is the most efficient but you can add a time_created column and a was_sent column. Have your query grab the oldest unsent message and then mark it as sent. Repeat.
I'm new to PHP and pardon me for asking this very basic question. What I want to do is to display or view a page based on a specific record. For example, I have a home.php page which lists records of lessons. And when I click on a specific record, it will go a page named lesson.php . I have to view the relevant information/data from my dB of that specific lesson. I tried to use GET but I think it's not going to meet the requirement of my system.
This is what I've tried so far:
$qry1stQuarter = $conn->prepare("SELECT l.lesson_title FROM tbllessons as l
JOIN tblstudents as s
ON l.grade_level = s.grade_level
WHERE quarter_code = '1st'
AND s.grade_level=:grade_level");
$qry1stQuarter->execute(array(':grade_level' => $grade_level));
<div id="tabs-2">
<div id="accordion">
<h3><strong>Yunit 1</strong></h3>
<div>
<?php
for($i=0; $row = $qry1stQuarter->fetch(); $i++){
$lesson_title = $row['lesson_title'];
?>
<div id = "lessons">
<?php
echo "<a href = 'lesson_view.php'>$lesson_title </a>";?>
</div>
<?php
} // end of for loop
?>
</div> <!-- end of Yunit 1 -->
What is the best way to do this? Your help is pretty much appreciated. Thanks.
In your database, I assume you have an ID column. A typical way to do what you are asking is to use that ID as a GET parameter on a link, and then include that in your WHERE clause in your SQL statement.
Eg:
echo "<a href='lesson_view.php?id=$lesson_id'>$lesson_title</a>";?>
And then on your lesson_view.php page, your SQL has something like this:
SELECT * FROM tbllessons WHERE id = mysql_real_escape_string($_GET['id'])
I've asked a similar question before however i've done alot of changes to my script and my question is now different to my last question. So now i've done these changes this should all work fine however it isn't.
I've basically got user reviews where a user can delete or approve reviews. I am focusing purely on the delete function at the moment.
We pull the reviews through in reviews.php and a the user can click delete which points to delete_review.php which then runs the sql function stored in functions.php.
I've listed the exact code layed how it works below but besides me spending ages trying to work out why it won't work i can't figure it out. When we click delete it links to delete_review.php but it won't find the review id which is the id of the review in which to delete.
Can someone please show me how i can fix this. thank you.
review.php
<?php
$reviews_set = get_new_reviews();
while ($reviews = mysql_fetch_array($reviews_set)) {
?>
<div class="prof-content-pend-reviews" id="reviews">
<div class="pend-review-content">
<?php echo "{$reviews['content']}"; ?>
</div>
<div class="message_pic">
<?php echo "<img width=\"50px\" height=\"50px\" src=\"data/photos/{$reviews['from_user_id']}/_default.jpg\" />";?>
</div>
<div class="forum-text">
<?php echo "Posted by {$reviews['display_name']}"; ?> <?php echo "".$age." days ago"; ?>
</div>
<div class="delete"></div>
</div>
<? } ?>
function.php
function delete_review($review, $user) {
global $connection;
global $_SESSION;
$query = "UPDATE ptb_reviews
SET deleted='1'
WHERE id=$review
AND to_user_id=$user";
mysql_query($query, $connection);
}
function get_new_reviews() {
global $connection;
global $_SESSION;
$query = "SELECT r.from_user_id, p.display_name, r.content, r.id reviews_id, r.date_added
FROM ptb_reviews r, ptb_profiles p
WHERE r.to_user_id =".$_SESSION['user_id']."
AND r.deleted = '0'
AND r.read_review = '0'
AND p.user_id = r.from_user_id
ORDER BY r.date_added DESC ";
$reviews_set = mysql_query($query, $connection);
confirm_query($reviews_set);
return $reviews_set;
}
delete_review.php
<?php
require_once("session.php");
require_once("functions.php");
require('_config/connection.php');
delete_review ($_GET['review'], $_SESSION['user_id']);
?>
1- check if you make session start session_start(); in the begining of your review.php file
2- look at this
$query = "SELECT r.from_user_id, p.display_name, r.content, r.id reviews_id, r.date_adde
^--------what this space ?
3- try to do global $_SESSION['user_id'] in your function.
4 be sure if its $reviews or $reviews_id here as ROY Finley mentioned
<a href="includes/delete_review.php?review=<?php echo $reviews['review']
^----------here
I think this:
$reviews['review']
maybe should be this:
$reviews['reviews_id']
not sure, your code needs some improvement. You should really look into mysqli or PDO. All of this could easily be done with a simple class.