A
A
Ainur1002018-10-04 14:38:00
PHP
Ainur100, 2018-10-04 14:38:00

How to implement PHP?

How to implement so that the user with the nickname 123 can only change his own records (there is a parameter kan_admin=123 in the records), otherwise I get it like this, in the link myprojekt.php?id=7, when changing the id, you can change any record

$id=$_GET["id"];
            $where="WHERE `id`=".$id;
$connect = mysqli_connect('localhost', 'root','123', 'krypton');
# В случаи неудачи подключении выводим ошибку на экран
if (mysqli_connect_errno($connect))
{
    mysqli_error();
}
# Составляем запрос
$sql = "SELECT * FROM `kanal` $where";
# Выполняем запрос
$query = mysqli_query($connect, $sql);
# В случаи неудачи с запросом выводим ошибку на экран
if (!$query)
{
    mysqli_error($connect);
}
else # Если же всё в порядке, переходим к циклу 
{
    while($kanal = mysqli_fetch_assoc($query))
    {
    echo"
    <p><input type=\"hidden\"  name=\"id\" value=\"".$kanal["id"]."\"/></p>
    
        <p><input type=\"text\" name=\"kan_name\" placeholder=\"Название канала\" maxlength=\"20\" value=\"".$kanal["kan_name"]."\"/></p>
        
        <p><input type=\"text\" name=\"kan_soname\" placeholder=\"Краткое описание канала \" maxlength=\"85\" value=\"".$kanal["kan_soname"]."\"/></p>
     
   
                ";
    }
}

Answer the question

In order to leave comments, you need to log in

3 answer(s)
N
Niriter Inc., 2018-10-04
@niriter

before saving, there should be an author-id check, and if the admin edits his post, he should save it, otherwise - a warning that you are not the author ...
I'm too lazy to sketch the code now, maybe I'll write it later

P
Pavel Novikov, 2018-10-04
@paulfcdd

before writing to the database, you need to compare the id of the logged in user with the id of the URL from which the request came. In general, if a user with id 1 switched to a user with id 2, then it would not hurt to remove the save buttons in html in this case, etc.

M
Maxim Lagoysky, 2018-10-05
@lagoy

If I understand correctly, then do the check not before saving, but before displaying the page, otherwise it turns out that you can go to any id and see all the information, but this is if you only need to see your data.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question