How to show users posts

[theman7]

Hello I am creating a social network in PHP , HTML CSS and little bit of JavaScript . One of the features that are on the social network is , the ability to post a status . I am currently having problems with this .

 

On the users profile page the have the option to write a status on their profile page and click post to timeline . When the click that the status goes in the database . When the user goes to the home.php page they will see all of their statuses . My problem is that , when I go to the home.php page I see all of the posts that are in the database . How do I only get the posts of the user that logged in and not all of the posts ?

include("connect.php");
include("auth_login.php");

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

//Write the query
$sql = "SELECT body FROM posts WHERE post_id = '" . $username . "' ";
$result = $conn->query($sql);

if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
    echo "<p>".$row['body']. "</p>";

}
} else {
echo "No posts";
}

[ginerjm]

Where is $username being set and is it a valid value?  Is $username the same as an "id"?

[theman7]

No that is in the auth_login.php :

if(!isset($_SESSION['username'])){
	header('Location: index.php'); 
    die();
}

[theman7]

That's where the username is .

[ginerjm]

I don't see it....

[theman7]

I tried this too 

 

$username = mysqli_real_escape_string($conn, $_POST["username"]);

 

But nothing changed . I get this message 

 

Notice: Undefined variable: username

[ginerjm]

Could you show how this code fits into the big picture?  YOu show me a line from somewhere.... and then you show an incomplete error message.  How do these fit with the line(s) where the query is written and run?

 

You're not making this easy to decipher.

[theman7]

The error message is the only I am getting along with my else statement (No posts) . The username comes from auth_login.php . 

[ginerjm]

error messages usually have a line number and the name of the script in them.  

 

I asked for your help in SHOWING more code but you apparently don't understand what that means.

 

Maybe someone else will show an interest in helping you.  I tried.

[theman7]

This is my poststatus.php 

ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

include("connect.php");
include("auth_login.php"); 

// just define at the top of the script index.php
$username = ''; 
$username = $_SESSION['username'];

//Initializing variable
$body = ""; //Initialization value; Examples
             //"" When you want to append stuff later
             //0  When you want to add numbers later
//isset()
$body = isset($_POST['body']) ? $_POST['body'] : '';
//empty()
$body = !empty($_POST['body']) ? $_POST['body'] : '';

     if(isset($_POST['bts'])) {

        if (empty($_POST["body"])) {
             echo"You didn't enter anything . <a href= profile.php>Try again</a>";
            } else {
            $body = $_POST["body"];
              
			  $sql = "INSERT INTO posts (username, body ) VALUES ('" . $username . "', '" . $body . "')";

                if(mysqli_query($conn, $sql)){                                  

                echo"<a href= home.php>Post added to your timeline.</a>"; 
                } else{
                 echo "<br>error posting . <br> <a href= profile.php>Try again</a> " . 
                 mysqli_error($conn);
} 
} 
}

profile.php :

<form action="poststatus.php" method="post">
<textarea rows="5" cols="40" name="body" id="status">
</textarea>
<button id="bt4" type="submit" name="bts">Post status to timeline</button>
</form>

[mac_gyver]

stop, or at least slow down.

 

you should not store the username in with posts. the only place usernames should be stored is in the users table (whatever you have named it.) the users table should, via an auto-increment column, assign user ids. you would store the user id in the session variable and in any database tables holding information related to users. you would use the user id from the session variable to query for any data related to the current user.

 

your posts table will then have an id/post_id auto-increment column, a user_id (integer) column and a body column (you probably should have a date or datetime column, so that you will know when the row was created.) the WHERE clause in the query would match the user_id column with the user_id from the session variable.

 

next, do not put data directly into sql query statements. use prepared queries (you can research on the web or in the php.net documentation to find out what that means) and use the php PDO extension. the php PDO extension is much simpler and more constant over the mysqli extension you are currently using.

[theman7]

The username is being stored in a different table called users . I have username in my posts to tell which user posted the status .

[mac_gyver]

you would use a JOIN query between the posts and users table to get the username.

 

by storing the username in with the posts -

 

1) it takes more storage. for both the data and any index on the column

 

2) the query will be slower

 

3) if a username is ever edited, you will have to insure that it gets changed every place it is stored.

 

storing the user_id in with the posts, uses the least amount of storage, results in the fastest queries, and allows the username to be  easily edited, since it will only be stored in the users table.