markvaughn2006 Posted September 12, 2009 Share Posted September 12, 2009 I'm struggling with how to allow a user access to their table and only their table for which they can view, update, edit, delete, etc.. data from their table. Database name is Game Fields in the table - ID, Username, Password, Strength, Dexterity, HP, Gold I'm thinking that i have to set up a session and store their username in a variable like $username and then if we wanted to display the users gold, it would be something like... $gold = mysql_query("SELECT Gold FROM Game Where Username=$username") echo $gold Am I anywhere close?? Any help with the sessions part of this? thanks!! Quote Link to comment https://forums.phpfreaks.com/topic/173994-sessions/ Share on other sites More sharing options...
DEVILofDARKNESS Posted September 12, 2009 Share Posted September 12, 2009 Yeah you can use sessions, you store the username in a session and recall it later on to use it in for example a query http://www.tizag.com/phpT/phpsessions.php]more info Quote Link to comment https://forums.phpfreaks.com/topic/173994-sessions/#findComment-917193 Share on other sites More sharing options...
grissom Posted September 12, 2009 Share Posted September 12, 2009 Presumably you've got an HTML form in which they put their user name like this : <INPUT TYPE = "TEXT" NAME = "username"> blah blah blah When you "POST" the form it will be captured by whatever php file you've arranged for the form to be posted to, you can grab the variable and store it in a session like this : $_SESSION['username'] = $_POST['username']; and then to grab something out of the database, your query will look something like : $gold = mysql_query("SELECT Gold FROM Game Where Username = '$_SESSION[username]'"); Two common things to look out for : 1. Pay attention to where you put the single apostophes and double apostrophes in your mysql statement, it is not $_SESSION['username'] as you might expect 2. Remember to start each bit of php with session_start(); Good luck ! Quote Link to comment https://forums.phpfreaks.com/topic/173994-sessions/#findComment-917256 Share on other sites More sharing options...
gizmola Posted September 12, 2009 Share Posted September 12, 2009 I'm confused by your original explanation. You say that you have a Database named Game -- do you really mean a "Table". The SQL indicates this. Then you say that each user has their own table, but really all the rows are in the same table -- correct? Sessions are the solution to the problem in web development of not having a session between requests. All that sessions do is (in practical use) push the user a cookie with a session ID. Data that is stored on the serverside in session variables gets serialized and can be used on subsequent requests. So it does seem that what you're really asking is, how to authenticate a user. Once you've authenticated that user you can store other information in their session (id, gold, etc) and use it in displays. I'd recommend you use the "id" (assuming it's the primary key) for any subsequent access (say for example you need to update the amount of gold in a query based on something the user does during the session). Quote Link to comment https://forums.phpfreaks.com/topic/173994-sessions/#findComment-917275 Share on other sites More sharing options...
markvaughn2006 Posted September 12, 2009 Author Share Posted September 12, 2009 thanks for the replies! yes its more of a table based game, and each person has a row, instead of a table. so i would only want them to have access to the row with the username that they log in with Quote Link to comment https://forums.phpfreaks.com/topic/173994-sessions/#findComment-917311 Share on other sites More sharing options...
gizmola Posted September 25, 2009 Share Posted September 25, 2009 thanks for the replies! yes its more of a table based game, and each person has a row, instead of a table. so i would only want them to have access to the row with the username that they log in with It appears to me that you are doing things correctly by including the user specific id to the where clause in subsequent queries, once you've logged the person in. As far as having row level security, very few databases offer that, and it comes at a high cost both in terms of monetary cost and performance. Your approach is both standard, and effective. Quote Link to comment https://forums.phpfreaks.com/topic/173994-sessions/#findComment-924990 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.