Jump to content

Sessions...


markvaughn2006

Recommended Posts

I'm struggling with how to allow a user access to their table and only their table for which they can view, update, edit, delete, etc.. data from their table.

 

Database name is Game

Fields in the table - ID, Username, Password, Strength, Dexterity, HP, Gold

 

I'm thinking that i have to set up a session and store their username in a variable like $username and then if we wanted to display the users gold, it would be something like...

$gold = mysql_query("SELECT Gold FROM Game Where Username=$username")

echo $gold

 

Am I anywhere close?? Any help with the sessions part of this? thanks!!

 

Link to comment
Share on other sites

Presumably you've got an HTML form in which they put their user name like this :

 

<INPUT TYPE = "TEXT" NAME = "username">  blah blah blah

 

When you "POST" the form it will be captured by whatever php file you've arranged for the form to be posted to, you can grab the variable and store it in a session like this :

 

$_SESSION['username'] = $_POST['username'];

 

 

and then to grab something out of the database, your query will look something like :

 

$gold = mysql_query("SELECT Gold FROM Game Where Username = '$_SESSION[username]'");

 

Two common things to look out for :

 

1. Pay attention to where you put the single apostophes and double apostrophes in your mysql statement, it is not $_SESSION['username'] as you might expect

 

2. Remember to start each bit of php with session_start();

 

Good luck !

Link to comment
Share on other sites

I'm confused by your original explanation.  You say that you have a Database named Game -- do you really mean a "Table".  The SQL indicates this.  Then you say that each user has their own table, but really all the rows are in the same table -- correct?

 

Sessions are the solution to the problem in web development of not having a session between requests.  All that sessions do is (in practical use) push the user a cookie with a session ID.  Data that is stored on the serverside in session variables gets serialized and can be used on subsequent requests. 

 

So it does seem that what you're really asking is, how to authenticate a user.  Once you've authenticated that user you can store other information in their session (id, gold, etc) and use it in displays.  I'd recommend you use the "id" (assuming it's the primary key) for any subsequent access (say for example you need to update the amount of gold in a query based on something the user does during the session).

 

 

Link to comment
Share on other sites

  • 2 weeks later...

thanks for the replies!

yes its more of a table based game, and each person has a row, instead of a table. so i would only want them to have access to the row with the username that they log in with

 

It appears to me that you are doing things correctly by including the user specific id to the where clause in subsequent queries, once you've logged the person in.  As far as having row level security, very few databases offer that, and it comes at a high cost both in terms of monetary cost and performance.  Your approach is both standard, and effective.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.