perky416 Posted March 11, 2011 Share Posted March 11, 2011 Hi Guys Sorry for the lame title but I have absolutely no idea how to word this. I have the following code which pulls message from a database: $messages_query = mysql_query("SELECT * FROM messages WHERE id='$message_id' AND recipient='$username'"); $messages_row = mysql_fetch_assoc($messages_query); $sender = $messages_row['sender']; $date = $messages_row['date']; $time = $messages_row['time']; $subject = $messages_row['subject']; $message = $messages_row['message']; $recipient = $message_query['recipient']; echo $sender . "<br />"; echo $date . "<br />"; echo $time . "<br />"; echo $subject . "<br />"; echo $message . "<br />"; As you can see, it only pulls the data if id='$message_id' AND recipient='$username'. I wish to perform a die ("You are not authorised to view this message!"); if id='$message_id' or recipient='$username' is different. Example: The database reads id: 1 & username: user The data would be displayed if $message_id = 1 and $username = user. The die would be performed if $message_id = 5 and $username = user I hope that makes sense, iv had a problem trying to word it correctly let alone come up with a solution. Does anybody know what i could do? Thanks Quote Link to comment Share on other sites More sharing options...
mattal999 Posted March 11, 2011 Share Posted March 11, 2011 I think you mean that if the row doesn't exist in the table, then "die". In which case, you could just do: $messages_query = mysql_query("SELECT * FROM messages WHERE id='$message_id' AND recipient='$username'"); if(mysql_num_rows($messages_query) > 0) { list($sender, $date, $time, $subject, $message) = mysql_fetch_row($messages_query); // Shortened version of your long winded assign - may not work depending on your table structure. echo $sender . "<br />"; echo $date . "<br />"; echo $time . "<br />"; echo $subject . "<br />"; echo $message . "<br />"; } else { echo "You are not authorised to view this message!"; } Quote Link to comment Share on other sites More sharing options...
Maq Posted March 11, 2011 Share Posted March 11, 2011 Don't use die for the message, handle it properly: $messages_query = mysql_query("SELECT * FROM messages WHERE id='$message_id' AND recipient='$username'"); if(mysql_num_rows($messages_query) > 0) { echo "In the database, verified authorization."; } else { echo "No rows returned, denied."; //Redirect or whatever } Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted March 11, 2011 Share Posted March 11, 2011 I wish to perform a die ("You are not authorised to view this message!"); if id='$message_id' or recipient='$username' is different. Different from what? You haven't included enough information for anyone to really be able to help you. Quote Link to comment Share on other sites More sharing options...
Maq Posted March 11, 2011 Share Posted March 11, 2011 I wish to perform a die ("You are not authorised to view this message!"); if id='$message_id' or recipient='$username' is different. Different from what? You haven't included enough information for anyone to really be able to help you. I think he meant if there are no matches in the DB. Quote Link to comment Share on other sites More sharing options...
mattal999 Posted March 11, 2011 Share Posted March 11, 2011 I wish to perform a die ("You are not authorised to view this message!"); if id='$message_id' or recipient='$username' is different. Different from what? You haven't included enough information for anyone to really be able to help you. I think he meant if there are no matches in the DB. Yeah, that's what I managed to decipher too Quote Link to comment Share on other sites More sharing options...
perky416 Posted March 11, 2011 Author Share Posted March 11, 2011 lol sorry i knew people would have a problem, yeah if there are no rows in the database that have both $message_id and the correct $username. mattal999 and maq your solutions look good. Its because im passing the message id in the url when going from the inbox to the actual message, i wanted to stop users simply changing the id and viewing other people messages thats why i added the "AND recipient='$username'". If the user tried to be clever and change the id in the address bar , instead of displaying a blank page i wanted to give them the error message. Ill give your solutions a go and let you know how it went. Thanks Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted March 11, 2011 Share Posted March 11, 2011 That wasn't what I inferred from reading this line '"You are not authorised to view this message!"'. It sounds more like the OP wants to make sure the owner of the message is the one attempting to access it. I guess we'll have to wait for clarification . . . Quote Link to comment Share on other sites More sharing options...
perky416 Posted March 11, 2011 Author Share Posted March 11, 2011 Yeah sorry i had a difficult time trying to explain it. Basically if a user changes the message id in the address bar, and the id doesn't lead to a message they have received, return the error "You are not authorised to view this message!". It seems a lot simpler now i know how to word it lol. Doing the mysql_num_rows worked perfect thanks guys. mattal999 assigning the variables that way didnt work, however i am interested in that technique as I have some pages that have around 30 variables, your way looks much easier. I will have to have a play and try to get it to work. Quote Link to comment Share on other sites More sharing options...
Maq Posted March 11, 2011 Share Posted March 11, 2011 Excellent. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.