[英]Check if user id exists in mysql
I have a user ID stored in variable $_SESSION['user_id']. 我有一个存储在变量$ _SESSION ['user_id']中的用户ID。 For editing a post, this ID should match the 'user' field in the mysql table. 为了编辑帖子,此ID应与mysql表中的“用户”字段匹配。
How can I set a statement to check that these variables matches? 如何设置一条语句来检查这些变量是否匹配?
$query = "SELECT * FROM tablename WHERE user = '". $ query =“ SELECT * FROM表名,其中用户='”。 $user."'"; $ user。“'”;
// EDIT THE POST
$user = $_SESSION['user_id'];
// if the 'id' variable is set in the URL, we know that we need to edit a record
if (isset($_GET['id']))
{
// if the form's submit button is clicked, we need to process the form
if (isset($_POST['submit']))
{
// make sure the 'id' in the URL is valid
if (is_numeric($_POST['id']))
{
// get variables from the URL/form
$id = $_POST['id'];
$elv = htmlentities($_POST['elv'], ENT_QUOTES);
$vald = htmlentities($_POST['vald'], ENT_QUOTES);
$art = htmlentities($_POST['art'], ENT_QUOTES);
$dato = htmlentities($_POST['dato'], ENT_QUOTES);
$vekt = (int)$_POST['vekt'];
$lengde = (int)$_POST['lengde'];
$flue = htmlentities($_POST['flue'], ENT_QUOTES);
$gjenutsatt = (int)$_POST['gjenutsatt'];
$kjonn = (int)$_POST['kjonn'];
$bilde = htmlentities($_POST['bilde'], ENT_QUOTES);
$user = $_SESSION['user_id'];
// check that required fields are not empty
if ($elv == '' || $vald == '' || $art == '' || $dato == '' || $vekt == '' || $kjonn == '')
{
// if they are empty, show an error message and display the form
$error = 'Du må fylle ut de påkrevde feltene!';
renderForm($elv, $vald, $art, $dato, $vekt, $lengde, $flue, $gjenutsatt, $kjonn, $bilde, $user, $error, $id);
}
else
{
// if everything is fine, update the record in the database
if ($stmt = $mysqli->prepare("UPDATE fisk SET elv = ?, vald = ?, art = ?, dato = ?, vekt = ?, lengde = ?, flue = ?, gjenutsatt = ?, kjonn= ?, bilde = ?, user = ?
WHERE id=? AND user=?"))
{
$stmt->bind_param("ssssiisiisii", $elv, $vald, $art, $dato, $vekt, $lengde, $flue, $gjenutsatt, $kjonn, $bilde, $user, $id);
$stmt->execute();
$stmt->close();
}
// show an error message if the query has an error
else
{
echo "ERROR: could not prepare SQL statement.";
}
// redirect the user once the form is updated
header("Location: /");
}
}
// if the 'id' variable is not valid, show an error message
else
{
echo "Error!";
}
}
$query = "SELECT * FROM table_name WHERE id = $id AND user = $_SESSION['user_id'];
This will get post that is having id $id and posted by the User having User ID stored in $_SESSION['user_id']; 这将获得ID为$ id且由用户ID存储在$ _SESSION ['user_id']中的用户发布的帖子;
Since you want to show an error message if the user is trying to edit a post other than his own post, you should fetch the post details by the $id and then do a check for the "User" field so it matches with User_id in the current session. 由于如果用户尝试编辑除其自己的帖子以外的帖子,则要显示错误消息,因此应通过$ id获取帖子的详细信息,然后检查“ User”字段,使其与User_id相匹配当前会话。
$query = "SELECT * FROM table_name WHERE id = $id";
$rs = mysql_query($query);
if(mysql_num_rows($rs)>0){
// post exists
while($row = mysql_fetch_assoc($rs)){
if($row['user']===$_SESSION['user_id']){
// allow the edit.
}else{
// show error user is not authorized to do the edits
}
}else{
// show the error this is not a valid id; no posts exists with the given id
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.