Jump to content

How do i perform a die function for this scenario?....

perky416

By perky416
in PHP Coding Help

 Share

Recommended Posts

perky416 Regular Member

perky416

Posted
Posted

Hi Guys

 

Sorry for the lame title but I have absolutely no idea how to word this.

 

I have the following code which pulls message from a database:

 

$messages_query = mysql_query("SELECT * FROM messages WHERE id='$message_id' AND recipient='$username'");
$messages_row = mysql_fetch_assoc($messages_query);

$sender = $messages_row['sender'];
$date = $messages_row['date'];
$time = $messages_row['time'];
$subject = $messages_row['subject'];
$message = $messages_row['message'];
$recipient = $message_query['recipient'];

echo $sender . "<br />";
echo $date . "<br />";
echo $time . "<br />";
echo $subject . "<br />";
echo $message . "<br />";

 

As you can see, it only pulls the data if id='$message_id' AND recipient='$username'.

 

I wish to perform a die ("You are not authorised to view this message!"); if id='$message_id' or recipient='$username' is different.

 

Example:

The database reads id: 1 & username: user

 

The data would be displayed if $message_id = 1 and $username = user.

The die would be performed if $message_id = 5 and $username = user

 

I hope that makes sense, iv had a problem trying to word it correctly let alone come up with a solution.

 

Does anybody know what i could do?

 

Thanks

 

mattal999 Regular Member

mattal999

Posted
Posted

I think you mean that if the row doesn't exist in the table, then "die". In which case, you could just do:

 

$messages_query = mysql_query("SELECT * FROM messages WHERE id='$message_id' AND recipient='$username'");

if(mysql_num_rows($messages_query) > 0) {
    list($sender, $date, $time, $subject, $message) = mysql_fetch_row($messages_query); // Shortened version of your long winded assign - may not work depending on your table structure.
    echo $sender . "<br />";
    echo $date . "<br />";
    echo $time . "<br />";
    echo $subject . "<br />";
    echo $message . "<br />";
} else {
    echo "You are not authorised to view this message!";
}

Maq Prolific Member

Maq

Posted
Posted

Don't use die for the message, handle it properly:

$messages_query = mysql_query("SELECT * FROM messages WHERE id='$message_id' AND recipient='$username'");
if(mysql_num_rows($messages_query) > 0)
{
   echo "In the database, verified authorization.";
}
else
{
   echo "No rows returned, denied.";
   //Redirect or whatever
}

Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted
I wish to perform a die ("You are not authorised to view this message!"); if id='$message_id' or recipient='$username' is different.

 

Different from what? You haven't included enough information for anyone to really be able to help you.

Maq Prolific Member

Maq

Posted
Posted

I wish to perform a die ("You are not authorised to view this message!"); if id='$message_id' or recipient='$username' is different.

 

Different from what? You haven't included enough information for anyone to really be able to help you.

I think he meant if there are no matches in the DB.

mattal999 Regular Member

mattal999

Posted
Posted

I wish to perform a die ("You are not authorised to view this message!"); if id='$message_id' or recipient='$username' is different.

 

Different from what? You haven't included enough information for anyone to really be able to help you.

I think he meant if there are no matches in the DB.

 

Yeah, that's what I managed to decipher too :P

perky416 Regular Member

perky416

Posted
  • Author
Posted

lol sorry i knew people would have a problem, yeah if there are no rows in the database that have both $message_id and the correct $username.

 

mattal999 and maq your solutions look good.

 

Its because im passing the message id in the url when going from the inbox to the actual message, i wanted to stop users simply changing the id and viewing other people messages thats why i added the "AND recipient='$username'".

 

If the user tried to be clever and change the id in the address bar , instead of displaying a blank page i wanted to give them the error message.

 

Ill give your solutions a go and let you know how it went.

 

Thanks

 

 

Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

That wasn't what I inferred from reading this line '"You are not authorised to view this message!"'. It sounds more like the OP wants to make sure the owner of the message is the one attempting to access it. I guess we'll have to wait for clarification . . .

perky416 Regular Member

perky416

Posted
  • Author
Posted

Yeah sorry i had a difficult time trying to explain it.

 

Basically if a user changes the message id in the address bar, and the id doesn't lead to a message they have received, return the error "You are not authorised to view this message!".

 

It seems a lot simpler now i know how to word it lol.

 

Doing the mysql_num_rows worked perfect thanks guys.

 

mattal999 assigning the variables that way didnt work, however i am interested in that technique as I have some pages that have around 30 variables, your way looks much easier. I will have to have a play and try to get it to work.

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.