Link and MYSQL query

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
nowhere903
Forum Newbie
Posts: 9
Joined: Mon May 01, 2006 9:46 am

Link and MYSQL query

Post by nowhere903 »

I am looking for a way to add an sql query to a link?
Let me explain. On my login form I set a trigger to add a value to my SQL db as "1" to set the value for the user to be online.

NOW, when they click the logout link I want it to set the value on the MYSQL database to "0" so it will not show the value.

I just need some help on how I would add such a query on to a <ahref> or that sort.

Thanks In Advance,
Jason
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Why not make it a trigger based on the person visiting the logout link and not have any SQL in the link at all? Having SQL or blindly depending on data from the user, URL or not, is extremely dangerous in many instances. They may look benign on the surface, but could open your server to far more insidious attacks than you may realize.
nowhere903
Forum Newbie
Posts: 9
Joined: Mon May 01, 2006 9:46 am

Thanks But

Post by nowhere903 »

Thanks for the information but here is the next question.
I am using software that already builds the custom trigger on a transaction.

Well how would I set up the logout feature as a transaction?

Or is there certain code you can put in there for the trigger?

I am so lost.
Thanks,
Jason
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

Use the logout link to direct to a script that does it without depending on the URL data.

Code: Select all

// simple logout
mysql_query("UPDATE `table` SET `loggedin` = 0 WHERE `foo` = '$bar'") or die(mysql_error());
This way you're not depending on $_GET data.

Also, speaking from experience, not many people click the logout link. =] If they click the X on the browser, they'll be stuck online according to the way you have your setup.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
nowhere903
Forum Newbie
Posts: 9
Joined: Mon May 01, 2006 9:46 am

Post by nowhere903 »

Ok, SO I just need to add this to the logout hyperlink?
Also, how would you recommend I logout users. A time out?
Thanks,
Jason
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

Using the example above, you would not put any of that into the hyperlink.

You would put that code in a page, perhaps logout.php.

Then the link would link to logout.php.

The recommended way of determining users online is to update a time field in a database on every page load. Like this:

Code: Select all

mysql_query("UPDATE `table` SET `time_last_active` = '".time()."' WHERE `foo` = '$bar'") or die(mysql_error());
Then, to retrieve the data of who's online you'd need to set a 'timeout' limit. Like query for those users who have been active within the past X minutes.

So something like the following.

Code: Select all

$timeoutminutes = 10;
$timeoutseconds = time()-$timeoutminutes*60;

$online_result = mysql_query("SELECT `somefield` FROM `sometable` WHERE `time_last_active` >= '$timeoutseconds'") or die(mysql_error());
You could then do what you want with the results.

Hope this helps.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
nowhere903
Forum Newbie
Posts: 9
Joined: Mon May 01, 2006 9:46 am

Post by nowhere903 »

Yes that does help. I will see what I can do with that.
I appreciate the precise reply. It is nice to know there is a place I can ask questions with such expertise.
Thanks again,
Jason
nowhere903
Forum Newbie
Posts: 9
Joined: Mon May 01, 2006 9:46 am

ARRRRRRRRRRRR

Post by nowhere903 »

mysql_query("UPDATE 'users' SET 'lastactivity' = '".time()."' WHERE id=".$_SESSION['login_id']) or die(mysql_error());

This is my query. I can't get it to work!!! I am banging my head. Anyone got an idea. I can't figure it out.
Thanks,
Jason.
Post Reply