Forums
This topic is locked
help with filtering
05 Mar 2007 15:55:19 Mat p posted:
i have problem i am stuck on how to only allow a person to login and access only information in the data base that they are allowed. I have set up a login with there username, password, email and a post code. i want the person with that unique post code to be the only one to access the results for that postcode. This is using to tables, 1 for the login details and the other with the form data the user inputs. i realize i have to use joins this is no drama its just getting the selected info.Any help would be great, i am a newbie at this. i did think of using sessions but unsure of them.
Replies
Replied 15 Mar 2007 12:12:54
15 Mar 2007 12:12:54 Mat p replied:
it uses
session_start();
session_start();
Replied 15 Mar 2007 12:18:57
15 Mar 2007 12:18:57 Roddy Dairion replied:
Try this instead.
$query_Recordset1 = " SELECT `user`.username, `user`.postcode, `form`.ID, `form`.userID, `form`.added_by, `form`.email, `form`.phone, `form`.mobile, `form`.address, `form`.suburb, `form`.postcode, `form`.`state` FROM `user` inner join `form` on `user`.postcode = `form`.postcode `user`.username = '".$HTTP_SESSION_VARS['usersession']."'";
$query_Recordset1 = " SELECT `user`.username, `user`.postcode, `form`.ID, `form`.userID, `form`.added_by, `form`.email, `form`.phone, `form`.mobile, `form`.address, `form`.suburb, `form`.postcode, `form`.`state` FROM `user` inner join `form` on `user`.postcode = `form`.postcode `user`.username = '".$HTTP_SESSION_VARS['usersession']."'";
Replied 15 Mar 2007 12:34:28
15 Mar 2007 12:34:28 Mat p replied:
The following errror again..
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'user`.username = 'test' LIMIT 0, 30' at line 1
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'user`.username = 'test' LIMIT 0, 30' at line 1
Replied 15 Mar 2007 12:42:55
15 Mar 2007 12:42:55 Roddy Dairion replied:
sorry my mistake
$query_Recordset1 = " SELECT `user`.username, `user`.postcode, `form`.ID, `form`.userID, `form`.added_by, `form`.email, `form`.phone, `form`.mobile, `form`.address, `form`.suburb, `form`.postcode, `form`.`state` FROM `user` inner join `form` on `user`.postcode = `form`.postcode where `user`.username = '".$HTTP_SESSION_VARS['usersession']."'";
$query_Recordset1 = " SELECT `user`.username, `user`.postcode, `form`.ID, `form`.userID, `form`.added_by, `form`.email, `form`.phone, `form`.mobile, `form`.address, `form`.suburb, `form`.postcode, `form`.`state` FROM `user` inner join `form` on `user`.postcode = `form`.postcode where `user`.username = '".$HTTP_SESSION_VARS['usersession']."'";
Replied 15 Mar 2007 12:49:11
15 Mar 2007 12:49:11 Mat p replied:
AWESOME finally works. Thanks heaps..
I think i need to do a lot of reading and learning.
I think i need to do a lot of reading and learning.
Replied 15 Mar 2007 13:12:37
15 Mar 2007 13:12:37 Mat p replied:
last question, will this work if i put two postcodes in like
0800, 0801
and show those results for those two postcodes
0800, 0801
and show those results for those two postcodes
Replied 15 Mar 2007 13:24:17
15 Mar 2007 13:24:17 Roddy Dairion replied:
Try it and let me know what result you get.
Replied 15 Mar 2007 13:32:18
15 Mar 2007 13:32:18 Mat p replied:
i tried it with
0800, 0801 and 0800; 0801 both removed all results
0800, 0801 and 0800; 0801 both removed all results
Replied 15 Mar 2007 13:37:43
15 Mar 2007 13:37:43 Roddy Dairion replied:
Do you have a live e.g.? In which table are you integrating this and how are you retrieving the value 0800, 0801?
Replied 15 Mar 2007 13:43:21
15 Mar 2007 13:43:21 Mat p replied:
i am just pulling the submitted data from form and displaying via a master detail page, showing reults eg: <?php echo $row_Recordset1['userID']; ?> and so on.
Replied 15 Mar 2007 13:55:19
15 Mar 2007 13:55:19 Roddy Dairion replied:
Ok so
Step1:
Retrieve User Id from user table
Step2:
Retrieve Postcode from user table using the User Id
Step3:
Retrieve Postcode that matchs with the postcode extracted in Step2
Step4:
Display Data.
Iis the above correct?
Edited by - roders22 on 15 Mar 2007 14:04:51
Step1:
Retrieve User Id from user table
Step2:
Retrieve Postcode from user table using the User Id
Step3:
Retrieve Postcode that matchs with the postcode extracted in Step2
Step4:
Display Data.
Iis the above correct?
Edited by - roders22 on 15 Mar 2007 14:04:51
Replied 15 Mar 2007 14:22:05
15 Mar 2007 14:22:05 Mat p replied:
it displays no results.
Replied 15 Mar 2007 14:32:56
15 Mar 2007 14:32:56 Roddy Dairion replied:
Show me how you're working all the steps. Data won't be displayed if you don't tell it to display. For it to display you need to give him the right info. So far i think we are turning in circle because you're not feeding the system with the right info.