Sessions...

[markvaughn2006]

I'm struggling with how to allow a user access to their table and only their table for which they can view, update, edit, delete, etc.. data from their table.

 

Database name is Game

Fields in the table - ID, Username, Password, Strength, Dexterity, HP, Gold

 

I'm thinking that i have to set up a session and store their username in a variable like $username and then if we wanted to display the users gold, it would be something like...

$gold = mysql_query("SELECT Gold FROM Game Where Username=$username")

echo $gold

 

Am I anywhere close?? Any help with the sessions part of this? thanks!!

 

[DEVILofDARKNESS]

Yeah you can use sessions,

you store the username in a session and recall it later on to use it in for example a query

http://www.tizag.com/phpT/phpsessions.php]more info

[grissom]

Presumably you've got an HTML form in which they put their user name like this :

 

<INPUT TYPE = "TEXT" NAME = "username">  blah blah blah

 

When you "POST" the form it will be captured by whatever php file you've arranged for the form to be posted to, you can grab the variable and store it in a session like this :

 

$_SESSION['username'] = $_POST['username'];

 

 

and then to grab something out of the database, your query will look something like :

 

$gold = mysql_query("SELECT Gold FROM Game Where Username = '$_SESSION[username]'");

 

Two common things to look out for :

 

1. Pay attention to where you put the single apostophes and double apostrophes in your mysql statement, it is not $_SESSION['username'] as you might expect

 

2. Remember to start each bit of php with session_start();

 

Good luck !

[gizmola]

I'm confused by your original explanation.  You say that you have a Database named Game -- do you really mean a "Table".  The SQL indicates this.  Then you say that each user has their own table, but really all the rows are in the same table -- correct?

 

Sessions are the solution to the problem in web development of not having a session between requests.  All that sessions do is (in practical use) push the user a cookie with a session ID.  Data that is stored on the serverside in session variables gets serialized and can be used on subsequent requests. 

 

So it does seem that what you're really asking is, how to authenticate a user.  Once you've authenticated that user you can store other information in their session (id, gold, etc) and use it in displays.  I'd recommend you use the "id" (assuming it's the primary key) for any subsequent access (say for example you need to update the amount of gold in a query based on something the user does during the session).

 

 

[markvaughn2006]

thanks for the replies!

yes its more of a table based game, and each person has a row, instead of a table. so i would only want them to have access to the row with the username that they log in with

[gizmola]

thanks for the replies!

yes its more of a table based game, and each person has a row, instead of a table. so i would only want them to have access to the row with the username that they log in with

 

It appears to me that you are doing things correctly by including the user specific id to the where clause in subsequent queries, once you've logged the person in.  As far as having row level security, very few databases offer that, and it comes at a high cost both in terms of monetary cost and performance.  Your approach is both standard, and effective.