Jump to content

Help replacing hard coded values in SQL statements

johnnyutah1980

By johnnyutah1980
in PHP Coding Help

 Share

Recommended Posts

johnnyutah1980 Newbie

johnnyutah1980

Posted
Posted

Hi all,

 

I have created a successful registration and login page for what will eventually be a squash league website.

 

I am struggling with the following issue.

 

When a player logs in using their email address and password I want to populate some drop down boxes which are relevant to the person who has just logged in.

 

These drop downs should show all the leagues the logged in user belongs to and the other drop down should show all the players the currently logged in player has ever played against so that they could view a head to head.

 

So my code works but currently I have the id of the player who has logged in hard coded in my sql statements.

 

I'm wondering if anyone can help me so that I can pass in the id of the player who is logged in as obviously the whole site is not going to work with hard coded values.

 

The code is as follows:

 

<?php

include_once $_SERVER['DOCUMENT_ROOT'] . '/includes/magicquotes.inc.php';

require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/access.inc.php';

if (!userIsLoggedIn())
{
include 'login.html.php';
exit();
}

if (!userHasRole('Squash Administrator'))
{
$error = 'This page is only for Squash Administrators.';
include 'accessdenied.html.php';
exit();
}

if(isset($_REQUEST['email']))
{
include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';

$email = mysqli_real_escape_string($link, $_REQUEST['email']);
$sql = "SELECT id, firstname, lastname, email FROM player WHERE email = '$email'";
$result = mysqli_query($link, $sql);
if(!$result)
{
  $error = 'Unable to select players firstname from the database.' . mysqli_error($link);
  include 'error.html.php';
  exit();
}

while($row = mysqli_fetch_array($result))
{
  $players[] = array('id' => $row['id'], 'firstname' => $row['firstname'], 'lastname' => $row['lastname'], 'email' => $row['email']);
}

//
//POPULATE THE OPPONENTS DROP DOWN BOX TO SHOW ALL PREVIOUS OPPONENTS
//

$sqlid = "SELECT id FROM player WHERE email = '$email'";
$playerid = mysqli_query($link, $sqlid);
$sql = "SELECT DISTINCT player.firstname, game.player2_id AS opponent_id

			FROM player INNER JOIN game
                
                ON player.id = game.player2_id

			WHERE player1_id = '$row['id']'

			UNION

			SELECT DISTINCT player.firstname, game.player1_id AS opponent_id

			FROM player INNER JOIN game
                
                ON player.id = game.player1_id

			WHERE player2_id = '$row['id']'";

$result = mysqli_query($link, $sql);
if(!$result)
{
  $error = 'Unable to populate the players dropdown from the database.' . mysqli_error($link);
  include 'error.html.php';
  exit();
}

while($row = mysqli_fetch_array($result))
{
  $opponents[] = array('id' => $row['opponent_id'], 'firstname' => $row['firstname']);
}

include 'squash.html.php';

}

?>

 

Thanks for your help and time in advance.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.