bradkenyon Posted July 10, 2008 Share Posted July 10, 2008 I have an update function w/ a query of this: $queryupd = "select * from calendar_items where id = $id"; I list the data into the update form, from the table calendar_items. I want to restrict it, so only the person who created the calendar item (event), will be able to update it. I have an author column w/i the calendar_items table. I was thinking something along the lines of: $queryupd = "select * from calendar_items where id = $id AND author = $HTTP_SESSION_VARS['valid_username']"; I wanted it to be almost an if statement, "if you're not the author of this event, then print out msg saying: You do not have the right to edit this event." Quote Link to comment Share on other sites More sharing options...
trq Posted July 10, 2008 Share Posted July 10, 2008 <?php // connect $sql = "SELECT * FROM calendar_items WHERE id = $id AND author = '{$_SESSION['valid_username']}'"; if ($result = mysql_query($sql)) { if (mysql_num_rows($result)) { // do the update } else { // display your unauthorised message } } ?> Quote Link to comment Share on other sites More sharing options...
bradkenyon Posted August 11, 2008 Author Share Posted August 11, 2008 can i throw a conditional into if(mysql_num_rows($result)), so I can set a certain user or certain user_level to access all, and not just ones that match the author? Quote Link to comment Share on other sites More sharing options...
trq Posted August 11, 2008 Share Posted August 11, 2008 You would do that in your query, not php. Quote Link to comment Share on other sites More sharing options...
bradkenyon Posted August 11, 2008 Author Share Posted August 11, 2008 currently it is: $sql = "SELECT * FROM calendar_items WHERE id = $id AND author = '{$_SESSION['valid_username']}'"; would it be? $sql = "SELECT * FROM calendar_items WHERE id = $id AND author = '{$_SESSION['valid_username']}' AND user_level = '1'"; user_level being a super user account. Quote Link to comment Share on other sites More sharing options...
DarkWater Posted August 11, 2008 Share Posted August 11, 2008 No, you'd need to make sure that the user trying to access it had the right user level. Read up on joins. SELECT * FROM calendar_items INNER JOIN users ON users.user_id = {$_SESSION['user_id']} WHERE users.user_level >= calendar_items.user_level; Possibly. Read up on it and tailor it to your needs. Quote Link to comment Share on other sites More sharing options...
bradkenyon Posted August 11, 2008 Author Share Posted August 11, 2008 @thorpe: Your sql query did the trick, and I made a modification to the update process, only allowing the original author to make an update to their original post. here is the other post (i think you might have a good idea what might be going wrong) i opened up for help, any help would be appreciated. http://www.phpfreaks.com/forums/index.php/topic,211395.0.html Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.