I am having endless troubles with duplicate entries, so I need to check the database, and if a user has already entered that day, their entry will not be submitted and they will be redirected to a landing page that tells them they have already entered that day, and that they may only enter again tomorrow.
The field I would like to check is the id_number field in the database, since each user has a unique id number, so basically, if a user with the same id number submitted on the same date they should be redirected to a landing page, how would I go about doing this? I am still new to a lot of this, so please be forgiving.
Thanx in advance.
before you submit your sql query to add a new record you can read the DB first to make sure the ID is not already in there. Get the users id into a variable and do this query.
$query = "select * from mytable where `id` = '$id'";
$result = mysql_query($query);
then you can count the number of records returned and do different things depending on the result, checking that its zero before adding them. If its not zero then redirect.
if(mysql_num_rows($result) > 0)
{
//add them
}
else
{
//redirect them
}
Hope this helps you out
Related
I'm collecting the birthdates of users in my system, doing so by linking the the user's unique ID to their birthday entry in another table.
To prevent users from accidentally/purposefully entering two birthdate entries for their accounts, I'd like to remove to the entry form for birthdays IF the user has already entered a birthday prior.
For instance:
$value = mysqli_query("SELECT bd_user_id FROM user_birthdate WHERE
bd_user_id="$user_id";");
From that data, how will I be able to return some form value to determine if whether the user's ID has already been index in user_birthdate or not? (Where $user_id = The current user's ID)
Or perhaps I'm taking the wrong approach here? The logic behind it is what's been getting me.
How can I check if whether a value is NOT indexed in a database table?
You normally query the database as you did
$value = mysqli_query("SELECT bd_user_id FROM user_birthdate WHERE bd_user_id="$user_id";");
Than you use mysqli_num_rows(), and check if it returns 0.
$num_rows = mysqli_num_rows($value);
if($num_rows > 0){
//exists
}else{
//doesn't exist
}
**Sorry, as Devon said in your case it's mysqli_num_rows not mysql_num_rows.
I'm really not sure where to start for this one. I have researched code for days and can't really seem to find anything that plugs into the code I already have.
I feel like what I'm wanting to do is very basic; Allow a user to update a profile field by deleting it's contents and saving it as a blank value. Therefore, when it's blank, I have another code that chooses not to display that particular information if it's blank.
At this point, the field starts blank and stays blank if they leave it blank at registration but if at any point they save some information, information is always there. If you delete it and update the profile, the same information that you deleted still shows up.
I have a few files that are working together so I am having a hard time narrowing down the portion of code I need to edit to allow nulls to save. I have found what looks like a universal function to update fields - it is NOT specific to any one field (fname, lname, email, etc.).
function updateUserField($username, $field, $value){
$q = "UPDATE ".TBL_USERS." SET ".$field." = '$value' WHERE username = '$username'";
return mysql_query($q, $this->connection); }
I would assume this is the portion of code I would need to edit to allow fields to be saved even if they are blank but I am not sure what format of:
if (empty
to place and how it gets placed in this particular snippet of code.
you can make it easy by using "" (blank string) instead of using NULL to display an empty cell in the db. By this, you are overwriting the browser forms cache and no other actions are required when displaying the content (fe a check if it's a NULL or not... ).
When handling the form data, the $_POST["field"] will return a "" if this field didn't got filled with data.
Also, you can reduce the data traffic by grouping your queries in one. Here below is an example, if you have three fields.
$q = "UPDATE ".TBL_USERS." SET ".$field_1." = '$value1', ".$field_2." = '$value2', ".$field_3." = '$value3' WHERE username = '$username'";
Or use an array and pass it to the function with the above query.
I have been googling for some time now with out success primarily because the way i am asking is most probably the wrong way.
What i want to know
I have made some PHP scripts that allow users to add data to a table (In a MYSQL datanase) and its displayed on a website, now i am working on the ability to edit and delete the entry however the script i have allow anyone to do this to anyone's entry's.
Now i don't know if there are PHP or Mysql functions that help with this, like i said my goggling has been in vain. So if i could be pointed to a webpage that has this information or better yet an example syntax chunk that will only allow the user that created the entry to modify the entry.
I am assuming there is some type of while or if statement to achieve this.
Example scenario
A user comes along adds an entry the entry is given an id can the user be linked to that id so only he can edit it ?.
Note
I am adding PHP to a word press site so as for the users login information a word press widget is controlling that however i can see the entries are still put in a database field when I'm strolling threw the databases.
What i am asking
Do you know of a webpage/example syntax or tutorial that will show me what i need to know or if ya got enough time explain it to me :).
Thanks
Ben
Update the new entry with the current user's id, where $entry_id is the ID of the new entry
$current_user_id = get_current_user_id(); // current user logged into WordPress
mysql_query("UPDATE `table` SET `user_id`='$current_user_id' WHERE `id`='$entry_id'") or die(mysql_error());
UPDATE: You could also insert the entry with the user_id at the same time with the rest of the data.
mysql_query("INSERT INTO `table` ([other column names], `user_id`) VALUES ([other values], '$current_user_id')") or die(mysql_error());
Check if the current user ID is equivalent to the allowed edit user ID in your database.
$query = mysql_query("SELECT * FROM `table` WHERE `id`='$entry_id' LIMIT 1") or die(mysql_error());
$data = mysql_fetch_array($query);
$allowed_user_edit_id = $data['user_id']; // user id who is allowed to edit
$current_user_id = get_current_user_id(); // current user logged into WordPress
if ($current_user_id == $allowed_user_edit_id) {
// Your code for editing the entry
}
I have a social network that allows users to post blogs, ask questions, and message. We have had a slight issue with spamming. For example, we had users sign up, and write about 6 blogs a minute trying to sell stuff.
I am looking for a quick way to limit these activities by the id of the user, let's say only allowing them to post 3 blogs a day.
I have the users stored in a $auth variable and through OOP bring them up by $auth->id for example to be more specific.
Looking for a fast,simple way to do this via php.
thanks in advance /**EDIT*****/
this is what I have so far, and I know for sure $too many is counting as it should, but for some reason my if(statement is not stopping the 4th blog from posting. HERE is the code
Something like CAPTCHA would be appropriate. However, if they're being entered manually, it will do little to stop them. Regardless, no reason you can't implement both methods.
I'm assuming you have a created field in your blogs table. Simply query the table for the number of blogs with today's date before allowing another to be posted. Not sure what database/API you're using. In MySQL, you could do:
SELECT COUNT(*)
FROM blogs
WHERE user_id = USERID
AND DATE(created) = '2011-11-30'
When the user writes and submits a post, save the date they posted on the post's table. Select and count the amount of times they posted today. If they are under their limit, allow the post or else give them the error/warning message.
When a post is made, do something like:
// Get last post time and number of posts today from database
$query = "SELECT
last_post,
posts_today
FROM
users
WHERE
id = '$auth->id'";
$result = mysql_fetch_assoc(mysql_query($query));
// See if this is the first post today
$isNewDay = date('Y-m-d') != date('Y-m-d',strtotime($result['last_post']));
$postsToday = ($isNewDay) ? 0 : (int) $result['posts_today'];
// Only add post if user is allowed
if ($isNewDay || $postsToday < 3) {
/*
Add the post to the database here
*/
// Update the number of posts today in the database
$query = "UPDATE
users
SET
last_post = '".date('Y-m-d H:i:s')."',
posts_today = '".($postsToday + 1)."'
WHERE
id = '$auth->id'";
mysql_query($query);
} else {
echo "You have already made 3 posts today!";
}
...or you could just use a CAPTCHA (as mentioned by others). That's what they're for. Really, you should have one in the signup process...
I'll admit I know next to nothing on PHP programming, but another option (or addition to the CAPTCHA) would be to use a service such as StopForumSpam
There's an example of how to use it here (no idea how good it is, as I don't code PHP (yet)) :)
Can someone advise me if I am performing the below steps correctly:
When a user wants to register on the website, register.php handles his/her request. Below is some of the code from register.php:
$sql="INSERT INTO Members (fldFullName, fldEmail, Password, Gender, DOB)
VALUES
('$fname','$email','$pass', '$gender', '$date')";
Particularly when I wrote the above code, I was somewhat new to PHP/MySQL and still am. Therefore, I made all of the fields above manually in the table via phpmyadmin. Furthermore, I also added the ID field manually via phpmyadmin, as the first field with auto increment and primary key of course. Why I did it manually, I can't remember the reason of. But I'm pretty sure that this may be the reason why I'm having problems.
What I'm trying to do is, when a user registers on the website, I want a profile URL to be created for him/her. For example, the field in the table could be named ProfileURL, whereas the actual value could be http://www.domain.com/profile.php?id=1, where the id is inherited from the actual ID in the table. How can I do this with my above code? Did I do something wrong when I decided to save all the fields manually via phpmyadmin? Note: I've also been creating tables, databases, fields manually via phpmyadmin. However, its values are INSERTed automatically of course. Am I even on the right track?
Thank you.
As stated above, you don't need to save a profile URL to the database. I'm guessing all profile URLs are going to follow some standard form (i.e. www.example.com/profile.php?id=1)?
Well, if you saved all of those in your database and then you decided you were going to change the format to something like www.example.com/profile/1 you're going to have a lot of out-of-date data in your database. You're going to have to go through each record and update it, and that could be dangerous on a database table with say, millions of rows.
Therefore, the solution is to have a script that takes a parameter. Say profile.php. As above, you would check for the profile using the data in the $_GET array:
<?php
if (isset($_GET['id'])) {
$id = mysql_real_escape_string($_GET['id']);
$sql = "SELECT * FROM members WHERE id = '$id' LIMIT 1";
$res = mysql_query($sql);
if (mysql_num_rows() > 0) {
$member = mysql_fetch_object($res);
// handle displaying of member's profile here
}
else {
// member does not exist with ID
}
}
?>
That way, if you decide to change the script name or use search engine-friendly URLs, you don't need to change your database structure.
In profile.php, check for $_GET['id'], then if it exists, use a SELECT query for the same ID in the database. It would look something like this.
<?php
if (isset($_GET['id']))
{
$id = (int) $_GET['id'];
$sql = 'SELECT * FROM Members WHERE ID = ' . $id;
// Then the rest of the code to check the results goes here
}
?>
A user with an ID of 1 would be profile.php?id=1
You are doing right. Now write SQL like this:
$sql = sprintf("SELECT * FROM Members WHERE ID=%d", mysql_real_escape_string($_GET['id']));
And you'll be able to get userdata by $_GET['id']. Remember to use mysql_real_escape_string to protect your queries against SQL injection. sprintf is also a good thing to substitute right data types like numbers or strings.
You don't heed to save profile url.
You have to build it dynamically.
Because most of the url remains the samy, only id is changing.
So, get id from the database and add it to the url.