Jump to content

Recommended Posts

Hello, I want this to Block NULLS and When its not there own. Please help.

 

<?php if($_GET['usercp'] == 'vinbox' && $_GET['id']) {  ?>
<?php
$id="{$_GET['id']}";
if($_GET['id'] == null or $_GET['id'] == 0){
  die("You have reached a Null Page. <a href=\"index.php\">Go back home</a>");
}
$view_a = mysql_query("SELECT * FROM notifications WHERE id='$id'");
    while($view_b = mysql_fetch_array($view_a)){
        $msgid = $view_b['id'];
        $msgname = $view_b['title'];
        $msgdate = $view_b['sent'];
        $msgsender = $view_b['senderid'];
        $msgreciever = $view_b['msgreciever'];
        $msgtext = $view_b['text'];
        $msgread = $view_b['read'];
    }
    $msgdatee = date('D, M d, Y h:i A', strtotime($msgdate));
$recieverfind = mysql_query("SELECT * FROM users WHERE id='$msgsender'");
While($recieverfound = mysql_fetch_assoc($recieverfind)) {
$username = $recieverfound['username'];
$userid = $recieverfound['id'];
}
if($userid == $msgreciever) {
    if($msgread <= 0){
    mysql_query("UPDATE notifications SET `read`='1' WHERE `id`='".$id."'");
    }
?>
<div class="usercp_body"><!--  UserCP Notification Sent Start -->
<div id="dash_chart" class="notifications" style="width:100%;margin: 0 auto;">
<div class="notifications-header">
<h4><center>Viewing Message: <?php echo ucfirst($msgname); ?></center></h4>
</div>
<div class="notifications-content" style="padding:10px 10px 10px 10px;">
<i><b>Sent From: </b></i><?php echo $username; ?><br>
<i><b>Date Sent: </b></i><?php echo $msgdatee ;?><br>
<i><b>Message: </b></i><br><hr><?php echo ucfirst($msgtext); ?>
<br><hr><br>
<i><b>Reply: </b></i><textarea> </textarea>
</div></div></div><!--  UserCP Notification Sent End -->
<?php 
    } else { 
    echo "This Message does not Belong to you"; 
    } 
    }

 

 

Sorry for short explanation. I'm very tired

Link to comment
https://forums.phpfreaks.com/topic/228265-notification-problems/
Share on other sites

Lol =P, This is my Notification script for viewing a notification.

 

Okay The lines of code should block Nulls Unfortunately it doesn't. I don't know what's wrong with it.

 

if($_GET['id'] == null or $_GET['id'] == 0){
  die("You have reached a Null Page. <a href=\"index.php\">Go back home</a>");
}

 

Now, When its not their own I have, The following lines, It does not work efficiently. It should block them from seeing the users Notification if the $userid doesn't  equal to $msgreciever. However that doesn't work either.

 

if($userid == $msgreciever) {
//The code in side it
    } else { 
    echo "This Message does not Belong to you"; 
    } 

There is a better way to check if your data is null, what you're doing is checking if the $_GET variable 'id' is put in, so unless somebody types in id=0 or id= they will not see that message.

 

We first need to check and see if if that specific id being searched for is in the database.

 

Also, before I start producing code, I noticed you did this

$id="{$_GET['id']}";

This converts your id into a string, when it should be an integer, so take out the {} and quotes.

 

I've changed your code a little bit and explained what i've done.

 

Sorry I didn't break down the code and detail it but i've been having problems with the page parser.

 

Anyhow, this code below should get the job done.

<?php
    //             getting the id and storing it in a shorter varible 
    $id         = (int)$_GET['id'];
    //  running the query where the notification must match the id in the link
    $view_a     = mysql_query("SELECT * FROM notifications WHERE id='$id'");
    //  count how many rows we have
    $rows         = mysql_num_rows($view_a);
    // if we 0 rows, return an error
    if ( $rows < 1 )
    {
        die('we counted less than one row, meaning that we did not find your result.');
    }
    while($view_b = mysql_fetch_array($view_a))
    {
        $msgid = $view_b['id'];
        $msgname = $view_b['title'];
        $msgdate = $view_b['sent'];
        $msgsender = $view_b['senderid'];
        $msgreciever = $view_b['msgreciever'];
        $msgtext = $view_b['text'];
        $msgread = $view_b['read'];
    }    
?>

 

Any questions let me know.

 

 

Also, before I start producing code, I noticed you did this

$id="{$_GET['id']}";

This converts your id into a string, when it should be an integer, so take out the {} and quotes.

 

$_GET['id'] is already a string value, as is all form data by default. Braces and quotes won't change that. What needs to be done is first validate that all characters in the value are numeric, and if so cast it as an integer.

 

if( !empty($_GET['id']) && ctype_digit($_GET['id']) ) {
     $id = (int) $_GET['id'];
} else {
     // Value is empty or does not validate; show error message, halt script, take whatever action you need to take . . .
}

Checking a $_GET var for a null value is pretty pointless. If the url contains id=, it isn't null, it's an empty string. If id= isn't even present in the url, it will be null, but it will also be unset. Using if( !empty($_GET['id']) ) { will cover both of those scenarios, whereas ctype_digit($_GET['id']) makes sure that the value is numeric before you cast it as an integer, to protect against SQL injection.

 

Does that help clear it up, or did I just make it worse?

Give this a try. You'll obviously need to edit the query string where it says, "AND `field_that_indicates_user_id_of_message_owner` =" . . .

 

<?php
// This assumes you've already checked that the user is logged in, and your DB connection is established.
if( !empty($_GET['id']) && ctype_digit($_GTE['id']) ) {
$id = (int)$_GET['id'];
$query = "SELECT * FROM notifications WHERE id=$id AND `field_that_indicates_user_id_of_message_owner` = {$_SESSION['id']}";
if( !$result = mysql_query($query) ) {
	echo "<br>Query string: $query<br>Caused error: " . mysql_error() . '<br>';
}
$rows = mysql_num_rows($view_a);
if ( $rows < 1 ) {
	echo 'No notifications seem to exist for you.';
} else {
	// notifications exist, and are associated with the logged in user.
	while( $view_b = mysql_fetch_assoc($view_a) ) {
		// ***** you still need to echo the variables in the proper format below. *****
		$msgid = $view_b['id'];
		$msgname = $view_b['title'];
		$msgdate = $view_b['sent'];
		$msgsender = $view_b['senderid'];
		$msgreciever = $view_b['msgreciever'];
		$msgtext = $view_b['text'];
		$msgread = $view_b['read'];
	}
}
} else {
// This is the error if the id variable is empty or malformed.
echo 'Invalid id value supplied.';
}
?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.