Php relating two IDs

Question

Im doing a schoolproject which is creating a simple guestbook. (Im beginner) I am stuck on how to relate two id's with each other. I have two different database tables one called guestbook for storing the post's, and one called members for storing the registered members.

Now what i need to do is to relate the PostID with the UserID so you can see who wrote which post. Right now when a member logs on it says that all posts was written by that user and if i log on with another user it says that that user has written all the posts.

This is my code for the home.php file which contains the guestbook i also have a guestbookuservalidation file which i can post if you need it?

    <?php
session_start();
$username = $_SESSION['username'];
if($_SESSION['login'] == 1)     //om sessionen är 1 så

{
echo "<h1>Välkommen till gästboken $username</h1>";




 // Connect to the database
 mysql_connect("localhost", "root", "");
 mysql_select_db("guestbookdatabase");

//******************************************************************//
//Form and add stuff

echo "<h2>Posta till Gästboken</h2>
<form action='home.php' method='post'>
<table>
<tr>
<td>Titel:</td>
<td><input type='text' name='titel' style='width: 300px;'</td>
</tr>
<tr>
<td>Inlägg:</td>
<td><textarea name='inlägg' style='width: 300px; height: 100px;'></textarea></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='postknapp' value='Posta'</td>
</tr>
</table>
</form>";





//******************************************************************//
//Display stuff
echo "<h2>Nuvarande Poster</h2>";

if ($_POST['postknapp']) {

$title = strip_tags($_POST['titel']);
$message = strip_tags($_POST['inlägg']);

if ($title && $message) {

    //Lägg till i databasen
    mysql_query("INSERT INTO guestbook (Title,Post) VALUES ('$title','$message')");

    echo "Ditt inlägg har lagts till i gästboken!"; 

}
else

echo "Du har inte fyllt i nödvändig information för att kunna göra ett inlägg.";

}

$query = mysql_query("SELECT * FROM guestbook ORDER BY PostID DESC");
$sql = mysql_query("SELECT * FROM members WHERE Username = $username");
$numrows = mysql_num_rows($query);
if ($numrows > 0){

while ( $row = mysql_fetch_assoc($query) ) {
    $id = $row['PostID'];
    $name = $sql;
    $title = $row['Title'];
    $message = $row['Post'];
    $date = $row['Timestamp'];

    $message = nl2br($message);

    echo "<div> 
    Av <b>$name</b> vid <b>$date</b><br /> 
    <h2>$title</h2> <p>
    $message
    </div> <hr />";

}

}
else
echo "Inga inlägg hittades.";




//*****************************************************************//

mysql_close();



?>

<a href="logga_ut.php">Logga ut</a>





<?php

}
else // om session inte är 1 så 
{
echo "Du har INTE tillåtelse till gästboken! Klicka på länken för att logga in!";
?>
<p>
<br/><a href="index.html">Till login >></a>
<?php   
}

?> 

Answer 1

In your database the Members table should have the following two columns:

1. id
2. name (you can break this down into 2 columns for first and last names if you like)

Then in the Messages table, you need to have:

1. id
2. memberId
3. message

When a member posts a message , you need to store this member's id in the Messages table along with the message.

Then, you can easily filter messages by memberId(s). Your query would look somewhat as follows:

SELECT Members.name, Messages.message FROM Members JOIN Messages WHERE Messages.memberId = Member.id ORDER BY PostID DESC

Answer 2

A couple of points. If you are doing this for a school project, I would absolutely not use mysql_* functions. These are deprecated, and if I was grading you would fail you automatically for using them. I would suggest looking at mysqli_* functions which are similar in usage to the mysql_* counterparts.

Second, you are not doing anything to protect against SQL injection. Again if I were grading you, I would fail you, because you just compromised the database.

Finally, what you are looking to do is use a JOIN condition in your query. I don't know enough about your table structure, so you might need to adjust this example:

SELECT *
FROM guestbook
INNER JOIN members ON members.MemberID = guestbook.MemberID <-- use whatever your member id fileds are in the two tables here
WHERE members.Username = ?
ORDER BY guestbook.PostID DESC

Answer 3

be sure

• in your query where you generates the messages to add WHERE id = '$userid' so that the messages will be generated just for that user.

  • consider if you are new to MYSQL to change to PDO or MYSQLI ,