Hey guys sorry if this is an amateur question but I'm having a little trouble with this.
How do I display comments towards a specific page? (page.php?id=48)
Because right now, every time i post a comment, it displays on all pages instead of the one i wanted it to post on
Heres the code:
$userfinal=$_SESSION['username'];
$rs = mysql_query("SELECT id FROM searchengine") or die(mysql_error());
$rec = mysql_fetch_assoc($rs);
$id = $rec['id'];
// get the messages from the table.
$get_messages = mysql_query("SELECT messages_id FROM messages WHERE to_user='$id' ORDER BY messages_id DESC") or die(mysql_error());
$get_messages2 = mysql_query("SELECT * FROM messages WHERE to_user='$id' ORDER BY messages_id DESC") or die(mysql_error());
$num_messages = mysql_num_rows($get_messages);
// display each message title, with a link to their content
echo '<ul>';
for($count = 1; $count <= $num_messages; $count++){
$row = mysql_fetch_array($get_messages2);
// if the message is not read, show "(new)"
// after the title, else, just show the title.
if($row['message_read'] == 0)
Any help would be appreciated, thanks
take a look at my sample code.
Consider a table comments with the basic structure.
CREATE TABLE `comments` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`comment` text NOT NULL,
`article_id` int(11) NOT NULL,
PRIMARY KEY (`id`)
);
comment column will hold the text of your comment
article_id holds the foreign key of the article it belongs to.
now lets say you want to retrieve the comment from a particular articleid article.php?id=48
here is how you should be doing it.
$articleId = mysql_real_escape_string($_GET['id']);
$query = 'SELECT id,comment FROM comments WHERE article_id ='.$articleId;
$result = mysql_query($query);
while($row = mysql_fetch_array($result)) {
echo nl2br($row['comments']);
}
although my codes does not relate to your question at all, but it should give you the basic idea on how to implement the logic.
EDIT :
you should not use the code for production, the code is only meant to explain you to implement the logic, remember this code is vulnerable to SQL injections, if you want a temporary fix you could use mysql_real_escape_string() function to avoid it. check my updated code.
TIP : you should try and use PDO for all your database queries here is the tutorial to get you started http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/
Related
Good afternoon all,
I'm in the finishing stages of making a website where users can register and login. After that they can upload documents such as .pdf and .docx and search for those documents. The users data gets stored in my users table which contains following:
idUsers int(11) PRIMARY KEY NOT NULL,
uidUsers TINYTEXT NOT NULL,
emailUsers TINYTEXT NOT NULL,
pwdUsers LONGTEXT NOT NULL,
Then I have a table called "files" where the files that are being uploaded by the user i stored. The table contains following:
id int(11) PRIMARY KEY NOT NULL,
usersId int(11) NOT NULL, - (Foreign key for idUsers in users table)
name varchar(255) NOT NULL,
title varchar(255) NOT NULL,
forfatter varchar(255) NOT NULL, (forfatter = author)
size int(11),
download int(11) (for later use)
So when a specific user are logged in and uploads document, the users "id" (primary key in users table) gets passed to "usersId" in my files table.
All of this is working perfectly fine so far.
Then the user are able to use a search function, where the user can search for name, title and author of the document, which also works fine.
I only need to make sure the user only can see the documents, that are being uploaded by themselves. But I can't figure it out. I've tried many different solutions so far.
I've tried a suggestion i saw, where i tried to make my mysqli_query look like this:
"
SELECT *
FROM files
WHERE id
AND usersId name LIKE '%$searchingq%'
OR title LIKE '%$searchingq%'
OR forfatter LIKE '%$searchingq%'
AND usersId='.$usersId.'"
That wasn't working out well. It felt like the sessions wasn't finding the id of the current $_SESSION.
My search .php looks like this:
$usersId = $_SESSION['userId'];
$output = '';
if (isset($_GET['search']) && $_GET['search'] !== ' ') {
$searchingq = $_GET['search'];
$q = mysqli_query($conn, "SELECT * FROM files WHERE `usersId` = {$usersId} AND (`name` LIKE '%{$searchingq}%' OR `title` LIKE '%{$searchingq}%' OR `forfatter` LIKE '%{$searchingq}% )");
$c = mysqli_num_rows($q);
if($c == 0) {
$output = '<p>No search results for: "' .$searchingq. '"</p>';
} else {
while($row = mysqli_fetch_array($q)) {
$name = $row['name'];
$title = $row['title'];
$forfatter = $row['forfatter'];
$download = $row['downloads'];
$output .=
Help is very appreciated!
When doing code like this, I like to first run the query itself just to get it right.
This type of filtering should be easy because you already have each file associated to a user.
The base query would be like this:
Assuming you are looking for files for user 99.
This is the basic query and is intended only to show how to get the files for a user. This does not go into the code.
SELECT * FROM files
WHERE `usersId` = 99
This would give you only files that belong to that user. Again, this is only to explain the query, not to go in the code.
Now let's add to the above query to include the search criteria. Assume we are looking for 'foo'
SELECT * FROM files
WHERE `usersId` = 99
AND (`name` LIKE '%foo%'
OR `title` LIKE '%foo%'
OR `forfatter` LIKE '%foo%' )
We now have a query we can use in code. Try this out by running it directly against your database.
This query says to find all the files for that user when any of the columns match the search criteria. You can, therefore, write this in PHP something like this:
(Some code has been removed for the sake of brevity)
$usersId = $_SESSION['userId']; // the user id of the logged in user.
// code removed
$searchingq = $_GET['search']; // the search string
$q = mysqli_query($conn, "
SELECT * FROM files
WHERE `usersId` = {$usersId}
AND (`name` LIKE '%{$searchingq}%'
OR `title` LIKE '%{$searchingq}%'
OR `forfatter` LIKE '%{$searchingq}% )";
while($row = mysqli_fetch_array($q)) {
// Do output here
}
The following is how to do it with prepared statements.
You can learn more about Prepared Statements here: https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php
$stmt = $mysqli_prepare($conn, "
SELECT * FROM files
WHERE `usersId` = ?
AND (`name` LIKE '%?%'
OR `title` LIKE '%?%'
OR `forfatter` LIKE '%?% )");
// Replace the ?'s with the actual values.
mysqli_stmt_bind_param($stmt, "isss", $usersId, $searchingq, $searchingq, $searchingq);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
while ($row = mysqli_fetch_assoc($result)) {
// output goes here
}
Maybe you could try adding AND usersId=".$userId to the end of your query.
I'm trying to change my user's news feed to only show posts from friends, instead of from all users on the site. I managed to do so doing something like this:
function friend_posts(){
global $session_user_id;
if(friends_exist($session_user_id) === true){
$friends = mysql_query("SELECT * FROM `friendship` WHERE `user_id` = $session_user_id AND `pending` = 0");
while($friend = mysql_fetch_array($friends)){
$friendID = $friend['friend_id'];
$posts = mysql_query("SELECT * FROM `posts` WHERE `userid` = $friendID ORDER BY `timestamp` DESC");
while($post = mysql_fetch_array($posts)){
$friendData = user_data($post['userid'],'username','first_name','last_name');
echo $friendData['username'].": ".$post['status']."<br>";
}
}
} else {
echo "Nothing to display. Try adding some friends!";
}
}
However, this isn't that convenient. For example, if I want to paginate, I don't know how I'd even start to do that using something like this. Also if multiple users post, how would I sort them by 'timestamp' descending?
I'm guessing the only route I can take is accessing columns from multiple tables somehow, then sorting by the timestamp, which is stored in the posts table. The friendship table just has id, user_id, friend_id and pending.
How would I go about doing that? Is there an easier way to do what I'm trying to do?
I'm very new to SQL. I don't know too much other than inserting/deleting/updating.
You could use a single statement like this:
SELECT * FROM posts WHERE userid in
(SELECT friend_id FROM friendship WHERE user_id = $session_user_id AND pending = 0)
ORDER BY `timestamp` DESC
This way you get only the posts of the friends of the current user. If you also need data from the friendship table then use a join.
I'm building a simple bug tracking tool.
When you create a new project, all the info you fill in in the form, gets stored in the database.
When you create the new project you get redirected to a unique project page.
On top of the page it shows the name of the project, but it's not the name of the project I just created, it always shows the name of the first project in the MySQL table.
How can I show the name of the project I just created?
With this query I retrieve the data from the database.
$query = "SELECT CONCAT(name)
AS name FROM projects";
$result = #mysql_query ($query)
With this I show the project name, but it always shows the name of the first record in the table.
<?php
if ($row = mysql_fetch_array ($result))
echo '<h5>' . $row['name'] . '</h5>';
?>
It isn't yet SQL Injection prove and is far from complete... But I'm really struggling with this problem.
You need an AUTO_INCREMENT field on your table for a unique identifier (at least, you really should). Then you can do something like this:
<?php
$sql = new MySQLi('localhost', 'root', '', 'database');
$sql->query('INSERT INTO `projects` (`name`) VALUES ("Test Project");');
$projectID = $sql->insert_id; // Returns the auto_increment field value of the last insert query performed
// So this assumes you have a field in your table called "id" in this example
$res = $sql->query('SELECT CONCAT(`name`) AS `name` FROM `projects` WHERE `id` = '.$projectID.';');
if ($row = $res->fetch_assoc()) {
echo '<h5>'.$row['name'].'</h5>';
}
?>
Since you were calling for a redirect to the unique project page, you should have something like this: header("Location: project.php?id=$projectID");
Then, on project.php, you can attempt to fetch the project with the query above, only your query's WHERE clause should be something like:
'`id` = '.intval($_GET['id']).';'
Technically, you could pass all the project info along to the next page as a request or a session cookie and save yourself a query altogether. Just make sure you keep the id handy so it's easy to update the record.
Try using ORDER BY.
$query = "SELECT CONCAT(name)
AS name FROM projects ORDER BY id DESC";
This would show the most recent project (assuming you have an ID column).
However, a much better way is to have an ID variable on the page.
$query = "SELECT CONCAT(name)
AS name FROM projects WHERE id=?";
my php script save list of userid in a SESSION ARRAY variable for the purpose of creating html link on that page.
when we click that html link another PHP script should display all user information for that userid in a html table.
I need yo know best practice to create SELECT query for this
1) SELECT * from `users` WHERE
`user_id` = '$array_valuer1' OR
`user_id` = '$array_valuer2' OR
`user_id` = '$array_valuer3' OR
`user_id` = '$array_valuer4' OR
`user_id` = '$array_valuer5' OR
`user_id` = '$array_valuer6' OR
----
----
`user_id` = '$array_valuern';
2) select all user --> SELECT * from `users`
then using php script display only the userid in the SESSION array and skip other userid
which is best practice? the SESSION array is temporary and i do not to want to save in a database.
thanks
If you are storing few user ids in a session its okay. But if the number is huge dont store them in SESSION. Its better to fetch them using a query.
About the query you can use following form.
$q = "SELECT * from `users` WHERE `user_id` IN ('".implode("','", $array)."')";
shiplu.mokadd.im answer is good, but using PDO is better:
$db = new PDO("...");
$statement = $db->prepare("SELECT * from `users` WHERE `user_id` IN (':list')");
$statement->execute(array(':list' => implode("','", $array)));
$row = $statement->fetch();
I have a MySQL database called "bookfeather." It contains 56 tables. Each table has the following structure:
id site votes_up votes_down
The value for "site" is a book title. The value for "votes_up" is an integer. Sometimes a unique value for "site" appears in more than one table.
For each unique value "site" in the entire database, I would like to sum "votes_up" from all 56 tables. Then I would like to print the top 25 values for "site" ranked by total "votes_up".
How can I do this in PHP?
Thanks in advance,
John
You can do something like this (warning: Extremely poor SQL ahead)
select site, sum(votes_up) votes_up
from (
select site, votes_up from table_1
UNION
select site, votes_up from table_2
UNION
...
UNION
select site, votes_up from table_56
) group by site order by sum(votes_up) desc limit 25
But, as Dav asked, does your data have to be like this? There are much more efficient ways of storing this kind of data.
Edit: You just mentioned in a comment that you expect there to be more than 56 tables in the future -- I would look into MySQL limits on how many tables you can UNION before going forward with this kind of SQL.
Here's a PHP code snip that should get it done.
I have not tested it so it might have some typos and stuff, make sure you replace DB_NAME
$result = mysql_query("SHOW TABLES");
$tables = array();
while ($row = mysql_fetch_assoc($result)) {
$tables[] = '`'.$row["Tables_in_DB_NAME"].'`';
}
$subQuery = "SELECT site, votes_up FROM ".implode(" UNION ALL SELECT site, votes_up FROM ",$tables);
// Create one query that gets the data you need
$sqlStr = "SELECT site, sum(votes_up) sumVotesUp
FROM (
".$subQuery." ) subQuery
GROUP BY site ORDER BY sum(votes_up) DESC LIMIT 25";
$result = mysql_query($sqlStr);
$arr = array();
while ($row = mysql_fetch_assoc($result)) {
$arr[] = $row["site"]." - ".$row["sumVotesUp"];
}
print_r($arr)
The UNION part of Ian Clelland answer can be generated using a statement like the following. The table INFORMATION_SCHEMA.COLUMNS has a column TABLE_NAME to get all tables.
select * from information_schema.columns
where table_schema not like 'informat%'
and column_name like 'VOTES_UP'
Join all inner SELECT with UNION ALL instead of UNION. UNION is doing an implicit DISTINCT (on oracle).
The basic idea would be to iterate over all your tables (using a SQL SHOW TABLES statement or similar) in PHP, then for every table, iterate over the rows (SELECT site,votes_up FROM $table). Then, for every row, check the site against an array that you're building with sites as keys and votes up as values. If the site is already in the array, increment its votes appropriately; otherwise, add it.
Vaguely PHP-like pseudocode:
// Build an empty array for use later
$votes_array = empty_array();
// Get all the tables and iterate over them
$tables = query("SHOW TABLES");
for($table in $tables) {
$rows = query("SELECT site,votes_up FROM $table");
// Iterate over the rows in each table
for($row in $rows) {
$site = $row['site'];
$votes = $row['votes_up'];
// If the site is already in the array, increment votes; otherwise, add it
if(exists_in_array($site, $votes_array)) {
$votes_array[$site] += $votes;
} else {
insert_into_array($site => $votes);
}
}
}
// Get the sites and votes as lists, and print out the top 25
$sorted_sites = array_keys($votes_array);
$sorted_votes = array_values($votes_array);
for($i = 0; $i < 25; $i++) {
print "Site " . $sorted_sites[$i] . " has " . $sorted_votes[$i] . " votes";
}
"I allow users to add tables to the database." - I hope all your users are benevolent and trustworthy and capable. Do you worry about people dropping or truncating tables, creating incorrect new tables that break your code, or other things like that? What kind of security do you have when users can log right into your database and change the schema?
Here's a tutorial on relational database normalization. Maybe it'll help.
Just in case someone else that comes after you wants to find what this could have looked like, here's a single table that could do what you want:
create database bookfeather;
create user bookfeather identified by 'bookfeather';
grant all on bookfeather.* to 'bookfeather'#'%';
use bookfeather;
create table if not exists book
(
id int not null auto_increment,
title varchar(255) not null default '',
upvotes integer not null default 0,
downvotes integer not null default 0,
primary key(id),
unique(title)
);
You'd vote a title up or down with an UPDATE:
update book set upvotes = upvotes + 1 where id = ?
Adding a new book is as easy as adding another row:
insert into book(title) values('grails in action')
I'd strongly urge that you reconsider.