How to check the reverse relationships in the following system
up vote
1
down vote
favorite
I've two tables users
and userdata
and I've created them using :
CREATE TABLE users
(
id INT(6) AUTO_INCREMENT NOT NULL PRIMARY KEY,
name VARCHAR(255),
password VARCHAR(255)
);
and userdata
through this:
CREATE TABLE userdata
(
adder INT(6) NOT NULL,
added INT(6) NOT NULL,
CONSTRAINT adder_user FOREIGN KEY (adder) REFERENCES users(id),
CONSTRAINT added_user FOREIGN KEY (added) REFERENCES users(id),
PRIMARY KEY (adder, added)
);
I've kind of login system see this index.php
page:(Here user is added by entering his id an password and session is being set for each user)
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>
login
</title>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css">
</head>
<body>
<form action="review.php" method="post">
<input type="text" name="id" placeholder="id">
<input type="password" name="password" placeholder="password">
<input type="submit" name="submit" class="btn btn-success">
</form>
</body>
</html>
I've review.php
where I've checked for the user authenticity(on a basic level)
<?php
session_start();
$connect = mysqli_connect('localhost','root','root','stackoverflow');
if(isset($_POST['submit']))
{
$id = $_POST['id'];
$password = $_POST['password'];
$query = "SELECT `name`,`id`,`password` from `users` where `id` = '$id' and `password` = '$password' ";
$run = mysqli_query($connect,$query);
$row = mysqli_fetch_assoc($run);
if( ($id == $row['id']) && ($password == $row['password']) )
{
// start session with the id of the one who is logged in
// this is the id of the user who is logged in
$_SESSION['id']= $row['id'];
header('location:save.php?id=$id');
}
}
?>
This is save.php
, here is the main issue, Let say Alice is logged into my system, and she visits the save.php
page to add Bob
to my system.
There is save button on this page when some logged in user in my system(Alice
) try to add another user(Bob
) into my system (userdata
table), at that point I want to check this->
has Bob
has already added Alice
(when Bob was logged In)? if so, when Alice clicks on save, the name Bob
should be inserted into userdata
table and Alice
and Bob's
name should be written in red, displayed to the user(using select query), because they both are added by each other.
If Alice
wants to add Bob
but Bob
has not added Alice
before, then after clicking save by Alice
the name Bob
should be inserted into the userdata
table, and should be displayed without any color because Bob
has not yet added her.
How can I solve this problem of When a user adds a name, you must check if they are added to the reverse and in that case to indicate it. For example, if Alice adds Bob and Bob has Added Alice you must indicate it (with some symbol)?
<?php
session_start();
$connect = mysqli_connect('localhost','root','root','stackoverflow');
if(isset($_POST['save']))
{
$name = $_POST['name'];
$id = $_SESSION['id'];
$insert = "INSERT INTO `userdata` ('adder','added') values ('$id','$name')";
$query = "SELECT aer.name AS Adder, 'added', aed.name AS added
FROM users aer
INNER JOIN userdata ud ON aer.id = ud.adder
INNER JOIN users aed ON aed.id = ud.added
WHERE
(
SELECT COUNT(*)
FROM userdata uda
WHERE uda.adder = ud.added
AND uda.added = ud.adder
) >= 1";
$run = mysqli_query($connect, $query);
while($row = mysqli_fetch_assoc($run))
{
echo "<div class = 'text text-center' id = 'special'>".$row['Adder']." Added ".$row['added']."</div><br>";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>save</title>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css">
<link rel="stylesheet" href="style.css">
</head><body>
<div class="container">
<div class="row">
<div class="col-md-6">
<form action="save.php" method="POST">
<input type="text" name="name">
<input type="submit" name="save" value="Save" class="btn btn-success">
</form>
</div>
</div>
</div>
</body>
</html>
users
table
here is userdata
table containing adder and added columns
adder added
1 2
1 3
first row Alice
added Bob
second row Alice
added John
php mysql join login artificial-intelligence
|
show 6 more comments
up vote
1
down vote
favorite
I've two tables users
and userdata
and I've created them using :
CREATE TABLE users
(
id INT(6) AUTO_INCREMENT NOT NULL PRIMARY KEY,
name VARCHAR(255),
password VARCHAR(255)
);
and userdata
through this:
CREATE TABLE userdata
(
adder INT(6) NOT NULL,
added INT(6) NOT NULL,
CONSTRAINT adder_user FOREIGN KEY (adder) REFERENCES users(id),
CONSTRAINT added_user FOREIGN KEY (added) REFERENCES users(id),
PRIMARY KEY (adder, added)
);
I've kind of login system see this index.php
page:(Here user is added by entering his id an password and session is being set for each user)
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>
login
</title>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css">
</head>
<body>
<form action="review.php" method="post">
<input type="text" name="id" placeholder="id">
<input type="password" name="password" placeholder="password">
<input type="submit" name="submit" class="btn btn-success">
</form>
</body>
</html>
I've review.php
where I've checked for the user authenticity(on a basic level)
<?php
session_start();
$connect = mysqli_connect('localhost','root','root','stackoverflow');
if(isset($_POST['submit']))
{
$id = $_POST['id'];
$password = $_POST['password'];
$query = "SELECT `name`,`id`,`password` from `users` where `id` = '$id' and `password` = '$password' ";
$run = mysqli_query($connect,$query);
$row = mysqli_fetch_assoc($run);
if( ($id == $row['id']) && ($password == $row['password']) )
{
// start session with the id of the one who is logged in
// this is the id of the user who is logged in
$_SESSION['id']= $row['id'];
header('location:save.php?id=$id');
}
}
?>
This is save.php
, here is the main issue, Let say Alice is logged into my system, and she visits the save.php
page to add Bob
to my system.
There is save button on this page when some logged in user in my system(Alice
) try to add another user(Bob
) into my system (userdata
table), at that point I want to check this->
has Bob
has already added Alice
(when Bob was logged In)? if so, when Alice clicks on save, the name Bob
should be inserted into userdata
table and Alice
and Bob's
name should be written in red, displayed to the user(using select query), because they both are added by each other.
If Alice
wants to add Bob
but Bob
has not added Alice
before, then after clicking save by Alice
the name Bob
should be inserted into the userdata
table, and should be displayed without any color because Bob
has not yet added her.
How can I solve this problem of When a user adds a name, you must check if they are added to the reverse and in that case to indicate it. For example, if Alice adds Bob and Bob has Added Alice you must indicate it (with some symbol)?
<?php
session_start();
$connect = mysqli_connect('localhost','root','root','stackoverflow');
if(isset($_POST['save']))
{
$name = $_POST['name'];
$id = $_SESSION['id'];
$insert = "INSERT INTO `userdata` ('adder','added') values ('$id','$name')";
$query = "SELECT aer.name AS Adder, 'added', aed.name AS added
FROM users aer
INNER JOIN userdata ud ON aer.id = ud.adder
INNER JOIN users aed ON aed.id = ud.added
WHERE
(
SELECT COUNT(*)
FROM userdata uda
WHERE uda.adder = ud.added
AND uda.added = ud.adder
) >= 1";
$run = mysqli_query($connect, $query);
while($row = mysqli_fetch_assoc($run))
{
echo "<div class = 'text text-center' id = 'special'>".$row['Adder']." Added ".$row['added']."</div><br>";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>save</title>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css">
<link rel="stylesheet" href="style.css">
</head><body>
<div class="container">
<div class="row">
<div class="col-md-6">
<form action="save.php" method="POST">
<input type="text" name="name">
<input type="submit" name="save" value="Save" class="btn btn-success">
</form>
</div>
</div>
</div>
</body>
</html>
users
table
here is userdata
table containing adder and added columns
adder added
1 2
1 3
first row Alice
added Bob
second row Alice
added John
php mysql join login artificial-intelligence
Warning: You are wide open to SQL Injections and should really use parameterized Prepared Statements instead of manually building your queries like that. Specially since you're not escaping the user inputs at all!
– Magnus Eriksson
Nov 11 at 16:48
Warning: Never store passwords in clear text! Only store password hashes. Use PHP'spassword_hash()
andpassword_verify()
. If you're running a PHP version lower than 5.5 (which I really hope you aren't), you can use the password_compat library to get the same functionallity.
– Magnus Eriksson
Nov 11 at 16:48
thank you so much, I'll definitely used it, but now I'm just using this for testing purposes , BTW how can I solve the problem I've mentioned, please have a look @MagnusEriksson
– Khan
Nov 11 at 16:51
You should also look into: When to use single quotes, double quotes, and back ticks in MySQL. Two of your three queries should currently fail because of this.
– Magnus Eriksson
Nov 11 at 16:52
I would also recommend using best practices even if it is for testing purposes. When you refactor your code, you would need to change your code and your queries a bit, which might result in adding new issues or even fix current ones. There's never a good reason for knowingly writing insecure code and to debug code that needs to be rewritten after...
– Magnus Eriksson
Nov 11 at 16:55
|
show 6 more comments
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I've two tables users
and userdata
and I've created them using :
CREATE TABLE users
(
id INT(6) AUTO_INCREMENT NOT NULL PRIMARY KEY,
name VARCHAR(255),
password VARCHAR(255)
);
and userdata
through this:
CREATE TABLE userdata
(
adder INT(6) NOT NULL,
added INT(6) NOT NULL,
CONSTRAINT adder_user FOREIGN KEY (adder) REFERENCES users(id),
CONSTRAINT added_user FOREIGN KEY (added) REFERENCES users(id),
PRIMARY KEY (adder, added)
);
I've kind of login system see this index.php
page:(Here user is added by entering his id an password and session is being set for each user)
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>
login
</title>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css">
</head>
<body>
<form action="review.php" method="post">
<input type="text" name="id" placeholder="id">
<input type="password" name="password" placeholder="password">
<input type="submit" name="submit" class="btn btn-success">
</form>
</body>
</html>
I've review.php
where I've checked for the user authenticity(on a basic level)
<?php
session_start();
$connect = mysqli_connect('localhost','root','root','stackoverflow');
if(isset($_POST['submit']))
{
$id = $_POST['id'];
$password = $_POST['password'];
$query = "SELECT `name`,`id`,`password` from `users` where `id` = '$id' and `password` = '$password' ";
$run = mysqli_query($connect,$query);
$row = mysqli_fetch_assoc($run);
if( ($id == $row['id']) && ($password == $row['password']) )
{
// start session with the id of the one who is logged in
// this is the id of the user who is logged in
$_SESSION['id']= $row['id'];
header('location:save.php?id=$id');
}
}
?>
This is save.php
, here is the main issue, Let say Alice is logged into my system, and she visits the save.php
page to add Bob
to my system.
There is save button on this page when some logged in user in my system(Alice
) try to add another user(Bob
) into my system (userdata
table), at that point I want to check this->
has Bob
has already added Alice
(when Bob was logged In)? if so, when Alice clicks on save, the name Bob
should be inserted into userdata
table and Alice
and Bob's
name should be written in red, displayed to the user(using select query), because they both are added by each other.
If Alice
wants to add Bob
but Bob
has not added Alice
before, then after clicking save by Alice
the name Bob
should be inserted into the userdata
table, and should be displayed without any color because Bob
has not yet added her.
How can I solve this problem of When a user adds a name, you must check if they are added to the reverse and in that case to indicate it. For example, if Alice adds Bob and Bob has Added Alice you must indicate it (with some symbol)?
<?php
session_start();
$connect = mysqli_connect('localhost','root','root','stackoverflow');
if(isset($_POST['save']))
{
$name = $_POST['name'];
$id = $_SESSION['id'];
$insert = "INSERT INTO `userdata` ('adder','added') values ('$id','$name')";
$query = "SELECT aer.name AS Adder, 'added', aed.name AS added
FROM users aer
INNER JOIN userdata ud ON aer.id = ud.adder
INNER JOIN users aed ON aed.id = ud.added
WHERE
(
SELECT COUNT(*)
FROM userdata uda
WHERE uda.adder = ud.added
AND uda.added = ud.adder
) >= 1";
$run = mysqli_query($connect, $query);
while($row = mysqli_fetch_assoc($run))
{
echo "<div class = 'text text-center' id = 'special'>".$row['Adder']." Added ".$row['added']."</div><br>";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>save</title>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css">
<link rel="stylesheet" href="style.css">
</head><body>
<div class="container">
<div class="row">
<div class="col-md-6">
<form action="save.php" method="POST">
<input type="text" name="name">
<input type="submit" name="save" value="Save" class="btn btn-success">
</form>
</div>
</div>
</div>
</body>
</html>
users
table
here is userdata
table containing adder and added columns
adder added
1 2
1 3
first row Alice
added Bob
second row Alice
added John
php mysql join login artificial-intelligence
I've two tables users
and userdata
and I've created them using :
CREATE TABLE users
(
id INT(6) AUTO_INCREMENT NOT NULL PRIMARY KEY,
name VARCHAR(255),
password VARCHAR(255)
);
and userdata
through this:
CREATE TABLE userdata
(
adder INT(6) NOT NULL,
added INT(6) NOT NULL,
CONSTRAINT adder_user FOREIGN KEY (adder) REFERENCES users(id),
CONSTRAINT added_user FOREIGN KEY (added) REFERENCES users(id),
PRIMARY KEY (adder, added)
);
I've kind of login system see this index.php
page:(Here user is added by entering his id an password and session is being set for each user)
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<title>
login
</title>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css">
</head>
<body>
<form action="review.php" method="post">
<input type="text" name="id" placeholder="id">
<input type="password" name="password" placeholder="password">
<input type="submit" name="submit" class="btn btn-success">
</form>
</body>
</html>
I've review.php
where I've checked for the user authenticity(on a basic level)
<?php
session_start();
$connect = mysqli_connect('localhost','root','root','stackoverflow');
if(isset($_POST['submit']))
{
$id = $_POST['id'];
$password = $_POST['password'];
$query = "SELECT `name`,`id`,`password` from `users` where `id` = '$id' and `password` = '$password' ";
$run = mysqli_query($connect,$query);
$row = mysqli_fetch_assoc($run);
if( ($id == $row['id']) && ($password == $row['password']) )
{
// start session with the id of the one who is logged in
// this is the id of the user who is logged in
$_SESSION['id']= $row['id'];
header('location:save.php?id=$id');
}
}
?>
This is save.php
, here is the main issue, Let say Alice is logged into my system, and she visits the save.php
page to add Bob
to my system.
There is save button on this page when some logged in user in my system(Alice
) try to add another user(Bob
) into my system (userdata
table), at that point I want to check this->
has Bob
has already added Alice
(when Bob was logged In)? if so, when Alice clicks on save, the name Bob
should be inserted into userdata
table and Alice
and Bob's
name should be written in red, displayed to the user(using select query), because they both are added by each other.
If Alice
wants to add Bob
but Bob
has not added Alice
before, then after clicking save by Alice
the name Bob
should be inserted into the userdata
table, and should be displayed without any color because Bob
has not yet added her.
How can I solve this problem of When a user adds a name, you must check if they are added to the reverse and in that case to indicate it. For example, if Alice adds Bob and Bob has Added Alice you must indicate it (with some symbol)?
<?php
session_start();
$connect = mysqli_connect('localhost','root','root','stackoverflow');
if(isset($_POST['save']))
{
$name = $_POST['name'];
$id = $_SESSION['id'];
$insert = "INSERT INTO `userdata` ('adder','added') values ('$id','$name')";
$query = "SELECT aer.name AS Adder, 'added', aed.name AS added
FROM users aer
INNER JOIN userdata ud ON aer.id = ud.adder
INNER JOIN users aed ON aed.id = ud.added
WHERE
(
SELECT COUNT(*)
FROM userdata uda
WHERE uda.adder = ud.added
AND uda.added = ud.adder
) >= 1";
$run = mysqli_query($connect, $query);
while($row = mysqli_fetch_assoc($run))
{
echo "<div class = 'text text-center' id = 'special'>".$row['Adder']." Added ".$row['added']."</div><br>";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>save</title>
<link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css">
<link rel="stylesheet" href="style.css">
</head><body>
<div class="container">
<div class="row">
<div class="col-md-6">
<form action="save.php" method="POST">
<input type="text" name="name">
<input type="submit" name="save" value="Save" class="btn btn-success">
</form>
</div>
</div>
</div>
</body>
</html>
users
table
here is userdata
table containing adder and added columns
adder added
1 2
1 3
first row Alice
added Bob
second row Alice
added John
php mysql join login artificial-intelligence
php mysql join login artificial-intelligence
edited Nov 11 at 17:09
asked Nov 11 at 16:34
Khan
136
136
Warning: You are wide open to SQL Injections and should really use parameterized Prepared Statements instead of manually building your queries like that. Specially since you're not escaping the user inputs at all!
– Magnus Eriksson
Nov 11 at 16:48
Warning: Never store passwords in clear text! Only store password hashes. Use PHP'spassword_hash()
andpassword_verify()
. If you're running a PHP version lower than 5.5 (which I really hope you aren't), you can use the password_compat library to get the same functionallity.
– Magnus Eriksson
Nov 11 at 16:48
thank you so much, I'll definitely used it, but now I'm just using this for testing purposes , BTW how can I solve the problem I've mentioned, please have a look @MagnusEriksson
– Khan
Nov 11 at 16:51
You should also look into: When to use single quotes, double quotes, and back ticks in MySQL. Two of your three queries should currently fail because of this.
– Magnus Eriksson
Nov 11 at 16:52
I would also recommend using best practices even if it is for testing purposes. When you refactor your code, you would need to change your code and your queries a bit, which might result in adding new issues or even fix current ones. There's never a good reason for knowingly writing insecure code and to debug code that needs to be rewritten after...
– Magnus Eriksson
Nov 11 at 16:55
|
show 6 more comments
Warning: You are wide open to SQL Injections and should really use parameterized Prepared Statements instead of manually building your queries like that. Specially since you're not escaping the user inputs at all!
– Magnus Eriksson
Nov 11 at 16:48
Warning: Never store passwords in clear text! Only store password hashes. Use PHP'spassword_hash()
andpassword_verify()
. If you're running a PHP version lower than 5.5 (which I really hope you aren't), you can use the password_compat library to get the same functionallity.
– Magnus Eriksson
Nov 11 at 16:48
thank you so much, I'll definitely used it, but now I'm just using this for testing purposes , BTW how can I solve the problem I've mentioned, please have a look @MagnusEriksson
– Khan
Nov 11 at 16:51
You should also look into: When to use single quotes, double quotes, and back ticks in MySQL. Two of your three queries should currently fail because of this.
– Magnus Eriksson
Nov 11 at 16:52
I would also recommend using best practices even if it is for testing purposes. When you refactor your code, you would need to change your code and your queries a bit, which might result in adding new issues or even fix current ones. There's never a good reason for knowingly writing insecure code and to debug code that needs to be rewritten after...
– Magnus Eriksson
Nov 11 at 16:55
Warning: You are wide open to SQL Injections and should really use parameterized Prepared Statements instead of manually building your queries like that. Specially since you're not escaping the user inputs at all!
– Magnus Eriksson
Nov 11 at 16:48
Warning: You are wide open to SQL Injections and should really use parameterized Prepared Statements instead of manually building your queries like that. Specially since you're not escaping the user inputs at all!
– Magnus Eriksson
Nov 11 at 16:48
Warning: Never store passwords in clear text! Only store password hashes. Use PHP's
password_hash()
and password_verify()
. If you're running a PHP version lower than 5.5 (which I really hope you aren't), you can use the password_compat library to get the same functionallity.– Magnus Eriksson
Nov 11 at 16:48
Warning: Never store passwords in clear text! Only store password hashes. Use PHP's
password_hash()
and password_verify()
. If you're running a PHP version lower than 5.5 (which I really hope you aren't), you can use the password_compat library to get the same functionallity.– Magnus Eriksson
Nov 11 at 16:48
thank you so much, I'll definitely used it, but now I'm just using this for testing purposes , BTW how can I solve the problem I've mentioned, please have a look @MagnusEriksson
– Khan
Nov 11 at 16:51
thank you so much, I'll definitely used it, but now I'm just using this for testing purposes , BTW how can I solve the problem I've mentioned, please have a look @MagnusEriksson
– Khan
Nov 11 at 16:51
You should also look into: When to use single quotes, double quotes, and back ticks in MySQL. Two of your three queries should currently fail because of this.
– Magnus Eriksson
Nov 11 at 16:52
You should also look into: When to use single quotes, double quotes, and back ticks in MySQL. Two of your three queries should currently fail because of this.
– Magnus Eriksson
Nov 11 at 16:52
I would also recommend using best practices even if it is for testing purposes. When you refactor your code, you would need to change your code and your queries a bit, which might result in adding new issues or even fix current ones. There's never a good reason for knowingly writing insecure code and to debug code that needs to be rewritten after...
– Magnus Eriksson
Nov 11 at 16:55
I would also recommend using best practices even if it is for testing purposes. When you refactor your code, you would need to change your code and your queries a bit, which might result in adding new issues or even fix current ones. There's never a good reason for knowingly writing insecure code and to debug code that needs to be rewritten after...
– Magnus Eriksson
Nov 11 at 16:55
|
show 6 more comments
1 Answer
1
active
oldest
votes
up vote
0
down vote
To begin with, you must have a unique user identifier in order to understand whether he was added or not (for example, email)
then (just for example not to use in real projects)
save.php:
"SELECT `id` from `users` where `email` = '$email'";
if user exists do this (Since a user can be created by an existing user, you already have his id (In $_SESSION['id']
for example)):
"SELECT * from `userdata` where `edder` = '$id' AND `edded` = '$_SESSION['id']'";
if the record exists, it means that they are added to the reverse.
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
To begin with, you must have a unique user identifier in order to understand whether he was added or not (for example, email)
then (just for example not to use in real projects)
save.php:
"SELECT `id` from `users` where `email` = '$email'";
if user exists do this (Since a user can be created by an existing user, you already have his id (In $_SESSION['id']
for example)):
"SELECT * from `userdata` where `edder` = '$id' AND `edded` = '$_SESSION['id']'";
if the record exists, it means that they are added to the reverse.
add a comment |
up vote
0
down vote
To begin with, you must have a unique user identifier in order to understand whether he was added or not (for example, email)
then (just for example not to use in real projects)
save.php:
"SELECT `id` from `users` where `email` = '$email'";
if user exists do this (Since a user can be created by an existing user, you already have his id (In $_SESSION['id']
for example)):
"SELECT * from `userdata` where `edder` = '$id' AND `edded` = '$_SESSION['id']'";
if the record exists, it means that they are added to the reverse.
add a comment |
up vote
0
down vote
up vote
0
down vote
To begin with, you must have a unique user identifier in order to understand whether he was added or not (for example, email)
then (just for example not to use in real projects)
save.php:
"SELECT `id` from `users` where `email` = '$email'";
if user exists do this (Since a user can be created by an existing user, you already have his id (In $_SESSION['id']
for example)):
"SELECT * from `userdata` where `edder` = '$id' AND `edded` = '$_SESSION['id']'";
if the record exists, it means that they are added to the reverse.
To begin with, you must have a unique user identifier in order to understand whether he was added or not (for example, email)
then (just for example not to use in real projects)
save.php:
"SELECT `id` from `users` where `email` = '$email'";
if user exists do this (Since a user can be created by an existing user, you already have his id (In $_SESSION['id']
for example)):
"SELECT * from `userdata` where `edder` = '$id' AND `edded` = '$_SESSION['id']'";
if the record exists, it means that they are added to the reverse.
answered Nov 11 at 18:49
Yaroslaw
684
684
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53250819%2fhow-to-check-the-reverse-relationships-in-the-following-system%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Warning: You are wide open to SQL Injections and should really use parameterized Prepared Statements instead of manually building your queries like that. Specially since you're not escaping the user inputs at all!
– Magnus Eriksson
Nov 11 at 16:48
Warning: Never store passwords in clear text! Only store password hashes. Use PHP's
password_hash()
andpassword_verify()
. If you're running a PHP version lower than 5.5 (which I really hope you aren't), you can use the password_compat library to get the same functionallity.– Magnus Eriksson
Nov 11 at 16:48
thank you so much, I'll definitely used it, but now I'm just using this for testing purposes , BTW how can I solve the problem I've mentioned, please have a look @MagnusEriksson
– Khan
Nov 11 at 16:51
You should also look into: When to use single quotes, double quotes, and back ticks in MySQL. Two of your three queries should currently fail because of this.
– Magnus Eriksson
Nov 11 at 16:52
I would also recommend using best practices even if it is for testing purposes. When you refactor your code, you would need to change your code and your queries a bit, which might result in adding new issues or even fix current ones. There's never a good reason for knowingly writing insecure code and to debug code that needs to be rewritten after...
– Magnus Eriksson
Nov 11 at 16:55