Newbie - needs help 'ammending' code

[hoponhiggo]

Hi Guys

 

I have some code, written by somebody else, which i think updates a 'comments' table when a comment is written on my home page...

 

<?php
include("db.php");
if(isSet($_POST['comentario_valor'])){
	$id=time();// Demo Use
	$comment=$_POST['comentario_valor'];
	$id=$_POST['id'];

	$sql=mysql_query("insert into comments(comment,msg_id_fk)values('$comment','$id')");
	$result=mysql_query("select * from comments order by com_id desc");
	$row=mysql_fetch_array($result);
	$com_id=$row['com_id'];
	$comment=$row['comment'];	
}
?>

 

What i need to do now tho is try to ammend this script to also update the table with the 'userid' of the person who posted the comment. The userid should be the same as in my 'users' table.

 

Can anybody point me in the right direction? I am new to PHP and trying to decipher this peice is code is beyond me at the minute

 

Many thanks

[Nodral]

Hi

 

I'm assuming that the variable $id is the userid?

 

If so, it looks as though this is written with the comment

$sql=mysql_query("insert into comments(comment,msg_id_fk)values('$comment','$id')");

 

this basically says write into comments table the comment ($comment) and the id ($id).  If this is incorrect, we'd need the structure of your user table to create the SELECt statement to pull the user id and write with the comment.

 

Stu

[hoponhiggo]

Hi

 

In the code it shows

 

$id=time();// Demo Use

 

I have no idea where this variable is used!

 

my users table contains:  'id'(auto increment) 'username' 'password' 'fname' 'sname' 'email'

[Nodral]

I agree that this is shown in the code, however $id is then redefined as $_POST['id'].  This implies that it is being taken from an HTML form that the user completes.

 

$id=$_POST['id'];

[hoponhiggo]

Stu - Can i start again please - i feel i have made a rookie mistake!!

 

The code i posted originally is incorrect. Basically, i am operating a wall post system which allows users to leave a 'message' and then other users to leave a 'comment'. The code i posted was for the 'comment'

 

Here is the code for the message which i need to ammend first - AND then i can look at ammending the comment code if needed. Sorry if this is all very confusing

 

<?php
include("db.php");
// if content has been sent
if(isset($_POST["textarea_noticia"])){
	$msg = $_POST["textarea_noticia"];
	// Insert information
	$sql = mysql_query("INSERT INTO messages(message)values('$msg')");
	$result = mysql_query("SELECT * FROM messages order by msg_id desc");
	$row = mysql_fetch_assoc($result);
	$id = $row["msg_id"];
	$msg = $row["message"];
}
?>

[Nodral]

Hokey Pokey

 

Where does the userid come from?  How do you identify when a user is logged in etc?  You'd need to use this to get the userid from the user table, then writing it into the comments table is fairly straight forward.

 

Stu

[Muddy_Funster]

Yeah, could you post the code from your login page please?

[hoponhiggo]

Thanks Stu

 

The userid comes from the 'users' table. It is an auto increment when a new user registers

 

Users log in using their usernames and a session is started. Im using dreamweaver so the code created is standard i think

 

<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
  session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
  $_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['Username'])) {
  $loginUsername=$_POST['Username'];
  $password=$_POST['Password'];
  $MM_fldUserAuthorization = "";
  $MM_redirectLoginSuccess = "index.php";
  $MM_redirectLoginFailed = "Register.php";
  $MM_redirecttoReferrer = false;
  mysql_select_db($database_pwnedbook, $pwnedbook);
  
  $LoginRS__query=sprintf("SELECT username, password FROM users WHERE username=%s AND password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
   
  $LoginRS = mysql_query($LoginRS__query, $pwnedbook) or die(mysql_error());
  $loginFoundUser = mysql_num_rows($LoginRS);
  if ($loginFoundUser) {
     $loginStrGroup = "";
    
if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();}
    //declare two session variables and assign them
    $_SESSION['MM_Username'] = $loginUsername;
    $_SESSION['MM_UserGroup'] = $loginStrGroup;	      

    if (isset($_SESSION['PrevUrl']) && false) {
      $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];	
    }
    header("Location: " . $MM_redirectLoginSuccess );
  }
  else {
    header("Location: ". $MM_redirectLoginFailed );
  }
}
?>

 

[Nodral]

Ok

 

Once the user is logged in, you need to pull the userid from the user table.  I'd add this into the login script and declare it to a session variable so it can be used wherever you need.

<?php
$LoginRS__query=sprintf("SELECT username, password, userid FROM users WHERE username=%s AND password=%s",
    GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
$LoginRS = mysql_query($LoginRS__query, $pwnedbook) or die(mysql_error());
$userid=mysql_fetch_array($LoginRS);
$_SESSION['userid']=$userid['userid'];

 

I think this should work, you now have a session variable $_SESSION['userid'] which carries their userid and you can use this all over your scripting.

 

Stu

[hoponhiggo]

OK - so i have added the above code to my login page (although i changed some 'userid' to 'id' as that is what its called in my table and i can log in fine.

 

$LoginRS__query=sprintf("SELECT username, password, id FROM users WHERE username=%s AND password=%s",    
     GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); 
     $LoginRS = mysql_query($LoginRS__query, $pwnedbook) or die(mysql_error());
     $userid=mysql_fetch_array($LoginRS);
     $_SESSION['id']=$userid['id'];

 

So now im guessing we have created the variable $_SESSION['userid'] which can be used anywhere in my script?

 

And i understand that i can now use this variable to write the userid to the messages table along with the message?

 

Thank you for your help - you have been very understanding!

 

 

[hoponhiggo]

Stu - Im still struggling with this!

 

I have changed the insert info code to include the $_SESSION['id']

 

<?php
include("db.php");
// if sent content
if(isset($_POST["textarea_noticia"])){
	$msg = $_POST["textarea_noticia"];

	// Insert information
	$sql = mysql_query("INSERT INTO messages(message)values('$msg')");
	$sql = mysql_query("INSERT INTO messages(userid)values('$_SESSION['id']')");
	$result = mysql_query("SELECT * FROM messages order by msg_id desc");
	$row = mysql_fetch_assoc($result);
	$id = $row["msg_id"];
	$msg = $row["message"];
}
?>

 

but this isnt working!

 

Im guessing i am doing this incredibly wrong?

[Nodral]

Have you created a column in your DB table (messages) for userid?

 

To test whether the $_SESSION variable is working, try a vardump.  This way it will identify where the error lies.  Either in the code to put it into the table or the code to get it out of the user table.

[cyberRobot]

One issue with the code is that you're using single quotes inside single quotes.

 

<?php
...

$sql = mysql_query("INSERT INTO messages(userid)values('$_SESSION['id']')");

...
?>

 

 

You could do something like:

 

<?php
...

$sql = mysql_query("INSERT INTO messages(userid)values('" . $_SESSION['id'] . "')");

...
?>

[hoponhiggo]

Hi Stu

 

I have created the column - it is identical to the original id column in the users table

 

Also - as you can probably guess - i have no idea what a vardump is!

[Muddy_Funster]

Hi Stu

 

I have created the column - it is identical to the original id column in the users table

 

Also - as you can probably guess - i have no idea what a vardump is!

What do you mean "identical"? did you make it an AUTO_INC field? cause that won't work.

 

change your code to this:

		//insert information
	$id = $_SESSION['id'];
                $sql = mysql_query("INSERT INTO messages(message, userid)values('$msg', $id)") or die ('ERROR! During Insert :<br> '.mysql_error());
	$result = mysql_query("SELECT msg_id, message FROM messages order by msg_id desc")or die ('ERROR! During Read :<br> '.mysql_error());
WHILE ($row = mysql_fetch_assoc($result))
{
$id = $row["msg_id"];
$msg = $row["message"];
}
}

[hoponhiggo]

Hi - no its not set to auto - increment.

 

I have used the code you have kindly supplied, and while this is allowing users to create a new message, and updating the messages table with the message, the userid column is being updated as '0' and not equal to the userid in the users table

 

any suggestions?

[Muddy_Funster]

echo out the value of $_SESSION['id'] and make sure it is what it should be.  Also, make sure that every page sarts with the following lines of code at the very start

<?php
SESSION_START();

[Nodral]

Hi

 

As a few of you may guess, I'm fairly new to php myself, can someone chaeck my earlier reply to this post and ensure I gave the correct instructions as to set the $_SESSION['userid'] variable.

 

This may be where the error lies.

[hoponhiggo]

Hi Guys

 

Ive been working on this for a few nights now and have finaly managed to make it so that when a users creates a message, the username of the person is stored in the same table as the message.

 

Instead of creating a variable to store the userid, i just used the already created session username variable.

 

What i now need to do tho is ammend some more code which will alow me to display the profile picture of the user who created the message.

 

I have the below code which displays the picture of the person who is logged in.

 

<?php
//to display image from source
$dir = "profpics";

$sql = "SELECT prof_pic FROM users WHERE username = '{$_SESSION['MM_Username']}'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res) == 0) die("Username not found in database.");

$row = mysql_fetch_array($res);
echo "<img src='$dir/{$row['prof_pic']}' width='88' height='88'><br>";
?>

 

Can anybody tell me how i can ammed this to say something like - select prof_pic from users where username in users table is the same as the username in the messages table?