php - Retrieving data belonging to a session and user id

7

I am trying to obtain data from the current session and the field "bidder_id" from tbl_bidder where the field "accept" has the value Accepted, but I get data of all the users in that table which is not I want. This is my code

 <?php } else if (($_SESSION['Usertype']) == 'recruiter') { ?>
    <table class="table table-hover">
        <?php
            $u_id = $_SESSION['UserID'];
            $notifyR = " SELECT bidid, recbid_id, bidder_id, selected, accept FROM tbl_bides WHERE recbid_id  = '" . $u_id . "'";

            $ResultR = mysql_query($notifyR, $con);

            while ($rowR = mysql_fetch_array($ResultR)) {
                if ($rowR['accept'] == "Accepted") {
                    echo "<h3 style='color:#001F7A;'><b>You Have Updates </b><i class='fa fa-bell-o'></i></h3>";
                    echo $rowR['bidder_id'];
                }

                $recR = "SELECT users_id, first_name, last_name  FROM tbl_users WHERE users_id = '" . $rowR['bidder_id'] . "'";
                $recResultB = mysql_query($recR, $con)or die(mysql_error());

                while ($rowre = mysql_fetch_array($recResultB)) {
                    echo " <tr><td>" . $rowre['first_name'] . " " . $rowre['last_name'] . "</td></tr>";

                }
            }
        ?>

Please help!!!

523

Answer

Solution:

Change From

 $notifyR = " SELECT bidid, recbid_id, bidder_id, selected, accept FROM tbl_bides WHERE recbid_id  = '" . $u_id . "'";

To

$notifyR = " SELECT bidid, recbid_id, bidder_id, selected, accept FROM tbl_bides WHERE recbid_id  = '" . $u_id . "' and accept = 'Accepted' ";

add this on your query and accept = 'Accepted' in $notifyR

626

Answer

Solution:

I hope you might need to use the following query if you stored the user id in $_SESSION['UserID']. May be logical error: And also use mysqli_query instead of mysql_query which is deprecated in latest php versions. And instead of binding the variable directly in query, use bind param of prepared statement.

 $recR = "SELECT users_id, first_name, last_name  FROM tbl_users WHERE users_id = '" . $_SESSION['UserID'] . "' LIMIT 1";
469

Answer

Solution:

If you only want to execute the second query (selecting the user associated with the given bid) when the bid has been "accepted" then you need to move that code into your conditional:

if ($rowR['accept'] == "Accepted") {
    echo "<h3 style='color:#001F7A;'><b>You Have Updates </b><i class='fa fa-bell-o'></i></h3>";
    echo $rowR['bidder_id'];

    $recR = "SELECT users_id, first_name, last_name
             FROM tbl_users
             WHERE users_id = '" . $rowR['bidder_id'] . "'";
    $recResultB = mysql_query($recR, $con)or die(mysql_error());

    while ($rowre = mysql_fetch_array($recResultB)) {
        echo " <tr><td>" . $rowre['first_name'] . " " . $rowre['last_name'] . "</td></tr>";
        //  echo $rowre['users_id'];
    }
}

You may want to consider using a newer interface to MySQL, such as PDO, and protecting your code from SQL injection attacks by using techniques such as prepared statements or at least input cleansing.

People are also looking for solutions to the problem: php - add birthday events into jQuery full calendar each year

Source

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.