开发者

SELECT query for selecting logged in users rows only - PHP/MySQL

问答 作者:

I have a members only website in which the logged in users fill in an entry form which goes to a MySQL table called 'ltd_sales_list' with the following columns:

ltd_item_id | ltd_user_id | ltd_invoice_no | ltd_entry_amount | ltd_entry_date

For each new entry they input, a new id/primary key is generated ('ltd_item_id') for each row, while their SESSION log in id is recorded in 'ltd_user_id' while the 'ltd_entry_date' is a timestamp. The entry form page works fine but viewing the entry data is where I am having the issue.

I have put together the code below called view-list.php but this calls up every user's entry list. What I am trying to do is show the logged in user's entry list only.

I think the answer lies within the queries somewhere and have tried some WHERE statements with ltd_user_id = $_SESSION['ltd_user_id'] and similar but for no success.

If anyone could help or could point me to some links that would be greatly appreciated!

<?php 

require_once ('./includes/config.inc.php');

$page_title = 'Page Title';
include ('./includes/header.html');

if (!isset($_SESSION['ltd_user_id'])) {

   $url = 'http://' . $_SERVER['HTTP_HOST']
    . dirname($_SERVER['PHP_SELF']);

   if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
        $url = substr ($url, 0, -1); 
   }

   $url .= '/login.php'; 
ob_end_clean(); 
header("Location: $url"); 
exit(); 
}
?>

<div id="">HTML Content HERE</div>

<?php

echo '<h1>My Entry Log</h1>';

require_once ('/server/database_connection.php'); // Connect to the db.

$display = 10;

if (isset($_GET['np'])) { 
    $num_pages = $_GET['np'];
} else { 

    $query = "SELECT COUNT(*) FROM ltd_sales_list ORDER BY ltd_entry_date DESC";   
    $result = @mysql_query ($query);
    $row = mysql_fetch_array ($result, MYSQL_NUM);
    $num_records = $row[0];

    if ($num_records > $display) { 
       $num_pages = ceil ($num_records/$display);
    } else {
       $num_pages = 1;
    }
} 

if (isset($_GET['s'])) {
    $start = $_GET['s'];
} else {
    $start = 0;
}

$link1 = "{$_SERVER['PHP_SELF']}?sort=lna";
$link2 = "{$_SERVER['PHP_SELF']}?sort=fna";
$link3 = "{$_SERVER['PHP_SELF']}?sort=dra";

if (isset($_GET['sort'])) {

    switch ($_GET['sort']) {
       case 'lna':
          $order_by = 'ltd_invoice_no ASC';
          $link1 = "{$_SERVER['PHP_SELF']}?sort=lnd";
          break;
       case 'lnd':
          $order_by = 'ltd_invoice_no DESC';
          $link1 = "{$_SERVER['PHP_SELF']}?sort=lna";
          break;
       case 'fna':
          $order_by = 'ltd_entry_amount ASC';
          $link2 = "{$_SERVER['PHP_SELF']}?sort=fnd";
          break;
       case 'fnd':
          $order_by = 'ltd_entry_amount DESC';
          $link2 = "{$_SERVER['PHP_SELF']}?sort=fna";
          break;
       case 'dra':
          $order_by = 'ltd_entry_date ASC';
          $link3 = "{$_SERVER['PHP_SELF']}?sort=drd";
          break;
       case 'drd':
          $order_by = 'ltd_entry_date DESC';
          $link3 = "{$_SERVER['PHP_SELF']}?sort=dra";
开发者_Python百科          break;   
       default:
          $order_by = 'ltd_entry_date DESC';
          break;
    }

    $sort = $_GET['sort'];

} else { 
    $order_by = 'ltd_entry_date DESC';
    $sort = 'dra';
}

$query = "SELECT ltd_invoice_no, ltd_entry_amount,  
    DATE_FORMAT(ltd_entry_date, '%M %d, %Y') AS dr, ltd_user_id FROM ltd_sales_list ORDER BY
    $order_by LIMIT $start, $display";
$result = @mysql_query ($query); 

echo '<table width="520" cellspacing="1" cellpadding="11">
<tr>
    <td align="left"><b><a href="' . $link1 . '">Invoice Number</a></b></td>
    <td align="left"><b><a href="' . $link2 . '">Invoice Amount</a></b></td>
 <td align="left"><b><a href="' . $link3 . '">Date Entered</a></b></td>
</tr>
';

$bg = '#eeeeee'; 
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
    $bg = ($bg=='#eaeced' ? '#ffffff' : '#eaeced');  
    echo '<tr bgcolor="' . $bg . '">
       <td align="left">' . $row['ltd_invoice_no'] . '</td>
       <td align="left">' . $row['ltd_entry_amount'] . '</td>
       <td align="left">' . $row['dr'] . '</td>
    </tr>
    ';
}
echo '</table>';
mysql_free_result ($result); 
mysql_close(); 

if ($num_pages > 1) {
    echo '<br /><p>';
    $current_page = ($start/$display) + 1;

    if ($current_page != 1) {
       echo '<a href="view-list.php?s=' . ($start - $display) . '&np=' .
         $num_pages . '&sort=' . $sort .'">Previous</a> ';   
    }
    for ($i = 1; $i <= $num_pages; $i++) {
       if ($i != $current_page) {
          echo '<a href="view-list.php?s=' . (($display * ($i - 1))) . 
            '&np=' . $num_pages . '&sort=' . $sort .'">' . $i . '</a> ';   
       } else {
          echo $i . ' ';
       }
    }
    if ($current_page != $num_pages) {
       echo '<a href="view-list.php?s=' . ($start + $display) . '&np=' . 
         $num_pages . '&sort=' . $sort .'">Next</a> ';   
    }

    echo '</p>';

} 

?>

<div id="">HTML Content HERE</div>

<?php
include ('./includes/footer.html');
?>

Cheers Adam

Could it be as simple as escaping everything, exiting from the quotes when doing variables? It looks to me like it should work. Can you vardump the $_SESSION['ltd_user_id'] somewhere to make sure it is behaving as expected?

$query = "SELECT `ltd_invoice_no`, `ltd_entry_amount`,  
DATE_FORMAT(`ltd_entry_date`, '%M %d, %Y') AS `dr`, `ltd_user_id` FROM `ltd_sales_list` WHERE `ltd_user_id` = '".$_SESSION['ltd_user_id']."' ORDER BY
".$order_by." LIMIT ".$start.", ".$display;

继续阅读:phpsql

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9