I have a mysql table which has data from all flight bookings on my booking system. When a user books a flight, the details of that booking are stored in that table along with their username.
Now, I'm making a page where all of the user's previous flights are shown in a HTML table, and everything works except the code which filters results to those only from that user.
This is the (part of) code I'm using;
$query_string = "SELECT name, seats, departure, destination, class, username, miles, timestamp FROM $tablename WHERE username IN ('$username')";
The username field is where the user who booked the flight's username is stored, and the $username variable contains the current logged in user's username. What I'm trying to do is only show the fields where $username matches username (hence only showing bookings for the current user).
When I use the above code without WHERE username IN ('$username'), it displays all the data, but when I add the above code, it displays nothing when there are matches.
If anyone could help fix my code I would greatly appreciate it.
Thanks!
You're using IN incorrectly. IN compares comma-separated lists of strings or values. This can be literal:
WHERE username IN ('user1', 'user2', 'user3')
OR it can come from a subquery:
WHERE username IN (SELECT username FROM users)
If you want an exact match, your WHERE clause should be
WHERE username = '$username'
If that still doesn't work, you MUST verify that you're sending your database the correct query.
echo $query_string;
Related
I've noticed that the site's user profile edit form allows logged in user to take other user's id and e-mail, which is not good.
To avoid such behavior I've made the query SELECT * FROM users WHERE (username='$username' OR email='$email'); which gets all usernames, all e-mails and then PHP successfully prevents the form execution if such username or e-mail already exists.
But I've noticed that this query also gets currently logged in user's credentials and prevents the user from changing its other data in case username or e-mail are unchanged.
I've decided to exclude the current user by its ID.
I've tried SELECT * FROM users WHERE (username='$username' OR email='$email' OR id!='$id'); to exclude the current user but it still exists and prevents changes in its own profile.
What could be wrong with my query? Any help is greatly appreciated!
I actually have two same tables for users, the second one is for users who still have not activated their profiles. But I suppose there is no reason to search for ID's in that second table as the current user definitely can not wait for activation of its account. Also ID's in those two tables don't match anyway so in case I should exclude a user from the second database I must find a different approach. But I hope I shouldn't.
I do not know you specific case:
SELECT * FROM users WHERE (username='$username' OR email='$email' ) AND id<>'$id'
This query find by email or username and not retrieve by this ID
I am working on a project where I need to maintain user specific content.
One user can view one content only one time in 24 hours.
After 24 hours it will be made available to the same user again.
So when a user successfully views a content I store the username of the user in the database in a comma separated value.
For example: when the user user1 successfully views a content his username will stored in user_statusas user1 along with other users likes user1,user2,user3,.......,etc.
Now what I want is to check the content if the username user1 exists in the database or not.
If it exists then content will not be made available to him for next 24 hours.
But for some reasons I cannot check a particular user from the group of comma separated usernames using if...else.
I can do it with if...else and explode but that does not satisfies my need. I want to know that can I check for one username in the WHERE clause of SELECT statement?
For ex. something like SELECT * FROM user_data WHERE user_status != '".$something."'.
Is it possible by using explode first then checking it in WHERE clause or just by some other method? If yes, then how? Please help me php experts.
Is it possible something like this?
$uname = $_SESSION['username'];//username of the logged in user
$ths = "SELECT * FROM user_data";
$its = mysql_query($ths) or die(mysql_error());
$uhs = mysql_fetch_array($its);
$user_status = explode(',', $uhs['user_status']);// first explode the comma separated usernames
$ths = "SELECT * FROM user_data WHERE user_status != '".$uname."'";// then check if the logged in username does not exists in the database
$its = mysql_query($ths) or die(mysql_error());
Can the exploded list of usernames be checked in the WHERE clause? Is it possible? Or is there any method to do this? If yes then how?
I think you are looking at it all wrong. That is a lot of maintenance for a very simple task.
You could just have another table, where you keep user id & data id pairs along side with a timestamp.
For example, for user data 1 and user 1 you will save:
uid | did | ts
--------------------
1 | 1 | TIMESTAMP
To check if a user watched an item, just select from that table using the user id and data id.
If no row is found, or the the current timestamp minus the row timestamp is more than 24 hours, allow the user to view the data, otherwise - don't allow it.
You may use LIKE to search some string for existence of another string:
SELECT * FROM `user_data` WHERE `user_status` LIKE '%user1%';
See: https://dev.mysql.com/doc/refman/5.7/en/pattern-matching.html
I have a question and I can't find a correct way to solve my problem.
I have a application where the username is the emailadres. A user can change his/her information on a page called edit.php
I have also a validation in place that is checking if the username exists when editing. This to prevent that user A can edit his username in a username of another existing user. I do this with the following function.
$sql=mysql_query("SELECT username FROM users WHERE username='".mysql_real_escape_string($_POST['username'])."'");
if(mysql_num_rows($sql)>=1) { echo "Exists"; } else { /* update database */ }
This works, only now I have a problem. Because the user can edit in the editform not only the USERNAME, but also PHONE, ZIP, CITY. If a user edits his ZIP, CITY or PHONE I will get logically 'exists', because the username is also posted in my editform.
My question: How can I set it up so that the username only is checked when it is different from the current username of the user. For example, if test#test.com (username) edits his information and it remains test#test.com it won't be checked and when the username test#test.com is edited in test123#test.com it will be checked?
I think I need to set up a double check like if mysql_num_rows($sql)>=1 OR ==
Am I right? any help would be great.
For the new username to be valid, your check should be: there is no row with this username, or the row is actually the current user.
So you need to select the ID in your query (instead of the username, which you don't need) and change your if statement to test "no result, or one result with ID = current user ID".
Of course I'm assuming you have an ID as a primary key of your table, and that this ID is stored in the session for the current user.
Also, consider using PDO instead of mysql_query...
This can be resolved by doing a verify user with ajax before processing the form, using the SQL query you are currently using:
SELECT username FROM users WHERE username='$user'
If ajax query return "true" or "not empty data", user exist and not is usable, else, user is available for use.
A few months ago I did something similar in a Signup form. On "username" field, if the user is available turns green, if not available, it turns red. The verification is done by changing field.
Signup Example with verification
Recommend to use PDO instead of php mysql_query (is deprecated in new PHP versions).
Hi everyone i think this is good question for everone.
I am try to make a login page. But i have one problem. I have 2 users table in my database . First users table is for normal user and second users table is for vip user.
Under the code using for normal user. i want to make if email and password is for vip user then open vip_user_profile.php if not email and password is vip user then check the normal users table if there is a email and password then open normal_user_profile.php how can i do this. Is anyone can help me ?
What i can add a code in my login php code ?
My code is this.
<?php
include("includes/connect.php");
if(isset($_POST['login'])){
$email = $_POST['email'];
$password = $_POST['pass'];
$check_user = "SELECT * FROM users WHERE password='$password' AND email='$email'";
$run = mysql_query($check_user);
if(mysql_num_rows($run)>0) {
echo"<script>window.open('normal_user_profile.php','_self')</script>";
}
else {
echo"<script>alert('email or password is incorrect!')";
}
}
?>
If you insist on storing information in two tables, you can still get the data using one query. There are many ways to do that, but here's one that you might find interesting:
select
sum(usertype) as usercheck
from
( select nu.username, nu.password, 1 as usertype
from NormalUser nu
union all
select vu.username, vu.password, 2
from VipUser vu
) u
where
u.username = '$username' and
u.password = '$password'
This query will return a single integer field, which can have either of these values:
null: No combination exists for username/password
1: User is a normal user
2: User is a VIP user
3: Both tables contain a user with the same password.
Note that in cases of 1 and 2, it is still possible that the same username exists, but with a different password.
Now, to solve that, you can put all users in one table and give them a user type. You can make a lot of extra columns that you can leave empty. If you really want to store that information in a separate table (and there are good arguments for that), you can still create one table with basic user information, such as uername and password. Then, in the VipUsers table, you don't store username and password, but only store the id of the user and the additional information. This user id should be the primary key of both the Users table as the VipUsers table. Also, it should be a foreign key in VipUsers, referencing Users, so that you can not have an orphan VipUser record, without basic user information.
However, I would opt for a single table with a type and nullable fields. And I've got the feeling that that matches better with your current skill level as well.
Hi i think this tinking help you. I've read all your questions. You have two types of users. However, users have a different situation in. It truth businessname. You need to concentrate on it. *If the user uses this name when logging in to your website then his profil automatically open vip_user_profile.php Of course you'll have to do it on your code.*
this is easy to use for you. For your vip user header("vip_user_profile.php"); or header("normal_user_profile.php");
So i'm selecting some data by username from my url, but my problem is that my usernames isn't unique so if there is same usernames it creates me errors, nu my url looks like this:
http://adress.com/user/messages/bob
So in this case i would select data where username is bob, but if there is two bob users i would get errors, so i what i would like to do is select data by user id, but then i would have to replace username with id, like this:
http://adress.com/user/messages/321
So my question is how can i keep username insted of numbers but select data by id?
Btw, i'm using php and mysql
It sounds like you're doing this for vanity URL's, so keep the username, but also use the ID field... i.e.
http://adress.com/user/messages/321/bob