I want to change the following piece of code to only show the actual user who is logged in, and not let them see other peoples information.
What can i do. Im totally baffled.
Could the answer please include line numbers.
thank y ou so much for you help
What can i do. Im totally baffled.
Could the answer please include line numbers.
thank y ou so much for you help
Code:
<?php
//connect to database
$mysqli = mysqli_connect("localhost", "geothermal", "password", "geothermal");
if (!$_POST) {
//haven't seen the selection form, so show it
$display_block = "<h1>Select an Entry</h1>";
//get parts of records
$get_list_sql = "SELECT master_id,
CONCAT_WS(', ', l_name, f_name) AS display_name
FROM tbl_master_name ORDER BY l_name, f_name";
$get_list_res = mysqli_query($mysqli, $get_list_sql) or die(mysqli_error($mysqli));
if (mysqli_num_rows($get_list_res) < 1) {
//no records
$display_block .= "<p><em>Sorry, no records to select!</em></p>";
} else {
//has records, so get results and print in a form
$display_block .= "
<form method=\"post\" action=\"".$_SERVER["PHP_SELF"]."\">
<p><strong>Select a Record to View:</strong><br/>
<select name=\"sel_id\">
<option value=\"\">-- Select One --</option>";
while ($recs = mysqli_fetch_array($get_list_res)) {
$id = $recs['master_id'];
$display_name = stripslashes($recs['display_name']);
$display_block .= "<option value=\"".$id."\">".$display_name."</option>";
}
$display_block .= "
</select>
<p><input type=\"submit\" name=\"submit\" value=\"View Selected Entry\"></p>
</form>";
}
//free result
mysqli_free_result($get_list_res);
} else if ($_POST) {
//check for required fields
if ($_POST["sel_id"] == "") {
header("Location: selentry.php");
exit;
}
//get master_info
$get_master_sql = "SELECT concat_ws(' ', f_name, l_name) as display_name
FROM tbl_master_name WHERE master_id = '".$_POST["sel_id"]."'";
$get_master_res = mysqli_query($mysqli, $get_master_sql) or die(mysqli_error($mysqli));
while ($name_info = mysqli_fetch_array($get_master_res)) {
$display_name = stripslashes($name_info['display_name']);
}
$display_block = "<h1>Showing Record for ".$display_name."</h1>";
//free result
mysqli_free_result($get_master_res);
//get all addresses
$get_addresses_sql = "SELECT address1, address2, town, county, postcode, type
FROM tbl_address WHERE master_id = '".$_POST["sel_id"]."'";
$get_addresses_res = mysqli_query($mysqli, $get_addresses_sql) or die(mysqli_error($mysqli));
if (mysqli_num_rows($get_addresses_res) > 0) {
$display_block .= "<p><strong>Addresses:</strong><br/>
<ul>";
while ($add_info = mysqli_fetch_array($get_addresses_res)) {
$address1 = stripslashes($add_info['address1']);
$address2 = stripslashes($add_info['address2']);
$town = stripslashes($add_info['town']);
$county = stripslashes($add_info['county']);
$postcode = stripslashes($add_info['postcode']);
$address_type = $add_info['type'];
$display_block .= "<li>$address1 $address2 $town $county $postcode ($address_type)</li>";
}
$display_block .= "</ul>";
}
//free result
mysqli_free_result($get_addresses_res);
//get all tel
$get_tel_sql = "SELECT tel_number, type FROM tbl_telephone
WHERE master_id = '".$_POST["sel_id"]."'";
$get_tel_res = mysqli_query($mysqli, $get_tel_sql) or die(mysqli_error($mysqli));
if (mysqli_num_rows($get_tel_res) > 0) {
$display_block .= "<p><strong>Telephone:</strong><br/>
<ul>";
while ($tel_info = mysqli_fetch_array($get_tel_res)) {
$tel_number = stripslashes($tel_info['tel_number']);
$tel_type = $tel_info['type'];
$display_block .= "<li>$tel_number ($tel_type)</li>";
}
$display_block .= "</ul>";
}
//free result
mysqli_free_result($get_tel_res);
//get all fax
$get_fax_sql = "SELECT fax_number, type FROM tbl_fax
WHERE master_id = '".$_POST["sel_id"]."'";
$get_fax_res = mysqli_query($mysqli, $get_fax_sql) or die(mysqli_error($mysqli));
if (mysqli_num_rows($get_fax_res) > 0) {
$display_block .= "<p><strong>Fax:</strong><br/>
<ul>";
while ($fax_info = mysqli_fetch_array($get_fax_res)) {
$fax_number = stripslashes($fax_info['fax_number']);
$fax_type = $fax_info['type'];
$display_block .= "<li>$fax_number ($fax_type)</li>";
}
$display_block .= "</ul>";
}
//free result
mysqli_free_result($get_fax_res);
//get all email
$get_email_sql = "SELECT email, type FROM tbl_email
WHERE master_id = '".$_POST["sel_id"]."'";
$get_email_res = mysqli_query($mysqli, $get_email_sql) or die(mysqli_error($mysqli));
if (mysqli_num_rows($get_email_res) > 0) {
$display_block .= "<p><strong>Email:</strong><br/>
<ul>";
while ($email_info = mysqli_fetch_array($get_email_res)) {
$email = stripslashes($email_info['email']);
$email_type = $email_info['type'];
$display_block .= "<li>$email ($email_type)</li>";
}
$display_block .= "</ul>";
}
//free result
mysqli_free_result($get_email_res);
//get personal note
$get_notes_sql = "SELECT note FROM tbl_personal_notes
WHERE master_id = '".$_POST["sel_id"]."'";
$get_notes_res = mysqli_query($mysqli, $get_notes_sql) or die(mysqli_error($mysqli));
if (mysqli_num_rows($get_notes_res) == 1) {
while ($note_info = mysqli_fetch_array($get_notes_res)) {
$note = nl2br(stripslashes($note_info['note']));
}
$display_block .= "<p><strong>Personal Notes:</strong><br/>$note</p>";
}
//free result
mysqli_free_result($get_notes_res);
$display_block .= "<br/>
<p align=\"center\"><a href=\"".$_SERVER["PHP_SELF"]."\">select another</a></p>";
}
//close connection to MySQL
mysqli_close($mysqli);
?>
<html>
<head>
<title>My Records</title>
</head>
<body>
<?php echo $display_block; ?>
</body>
</html>
Comment