Need help to get username from user_id

Discussion in 'Scripts' started by metaloholic, Feb 2, 2012.

to remove all ads.
  1. metaloholic

    metaloholic New Member

    Messages:
    7
    Hi!

    I am making a website where I want to wright news about my band. I write the news inside of the "admin"page. I log in to my admin-page and make a post. but I don't know how to show which user who wrote the post in the public area. this is my code.

    What the public see:
    index.php

    <div id="news">
    <?php
    while($query->fetch()):
    $lastspace = strrpos($body, ' ');
    ?>
    <article>
    <h2><?php echo $title?></h2>
    <p><?php echo substr($body, 0, $lastspace)." <a href='post.php?id=$post_id'>...read more</a>"?></p>
    <p><?php echo $category?></p>
    <p><?php echo $posted?></p>
    <p><?php echo $user_id?></p>

    <hr />
    </article>
    <?php endwhile;?>

    <?php
    if($prev > 0) {
    echo "<a href='index.php?p=$prev'>Prev</a>";
    }
    if($page < $pages){
    echo "<a href='index.php?p=$next'>Next</a>";
    }
    ?>
    </div>

    new_post.php

    <?php
    session_start();
    include('../includes/db_connect.php');
    if(!isset($_SESSION['user_id'])){
    header('Location: login.php');
    exit();
    }
    if(isset($_POST['submit'])){
    //get the blog data
    $title = $_POST['title'];
    $body = $_POST['body'];
    $category = $_POST['category'];
    $title = $db->real_escape_string($title);
    $body = $db->real_escape_string($body);
    $user_id = $_SESSION['user_id'];
    $date = date('Y-m-d G:i;s');
    $body = htmlentities($body);
    if($title && $body && $category) {
    $query = $db->query("INSERT INTO posts (user_id, title, body, category_id, posted) VALUES('$user_id', '$title', '$body', '$category', '$date')");
    if($query){
    echo "post added";
    }else{
    echo "error";
    }
    }else{
    echo "Missing data";
    }
    }
    ?>

    <div id="content">
    <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
    <label>Title:</label><input type="text" name="title" />
    <label for="body">Body:</label>
    <textarea name="body" cols="50" rows="10"></textarea>
    <label>Category:</label>
    <select name="category">
    <?php
    $query = $db->query("SELECT * FROM categories");
    while($row = $query->fetch_object()){
    echo "<option value='".$row->category_id."'>".$row->category."</option>";
    }
    ?>
    </select>
    <br />
    <input type="submit" name="submit" value="Submit" />
    </form>
    </div>

    php & MySQL is kinda new to me as you can see. But since I can display the user_id (which is "1" at the moment) I should be able to display the username too.

    In my database I have a table called posts. Inside of posts there is post_id, user_id, title, body, date, category and so on. Do I have to make a column called "author" or something too?

    I have a table called users. Inside of it there is user_id, username and password.

    Any ideas how I can display the name of the user who wrote the post?:)
     
  2. MarkR

    MarkR New Member

    Messages:
    105
    Run the query:

    select * from `users` where userid = $userid limit 1

    that will give you an array back with the variables you need.

    Also you need to escape the title, post etc in the insert statement as they are vulnerable to sql injection attack, and you need to escape $_SERVER['PHP_SELF'] with something like html entities as it's vulnerable to a Cross Site Scripting (XSS) attack.
     
  3. metaloholic

    metaloholic New Member

    Messages:
    7
    Hi! I don't really understand what you mean. I'm such a noob, sorry :(
    Can you add those things in my script and post the script here? I don't know where i should wright all those things and how :/ I am really trying to learn this stuff bit it is really hard haha :(
     
    Last edited: Feb 2, 2012

Share This Page