Page 1 of 1
Link and MYSQL query
Posted: Wed May 03, 2006 10:38 pm
by nowhere903
I am looking for a way to add an sql query to a link?
Let me explain. On my login form I set a trigger to add a value to my SQL db as "1" to set the value for the user to be online.
NOW, when they click the logout link I want it to set the value on the MYSQL database to "0" so it will not show the value.
I just need some help on how I would add such a query on to a <ahref> or that sort.
Thanks In Advance,
Jason
Posted: Wed May 03, 2006 10:52 pm
by feyd
Why not make it a trigger based on the person visiting the logout link and not have any SQL in the link at all? Having SQL or blindly depending on data from the user, URL or not, is extremely dangerous in many instances. They may look benign on the surface, but could open your server to far more insidious attacks than you may realize.
Thanks But
Posted: Thu May 04, 2006 10:27 am
by nowhere903
Thanks for the information but here is the next question.
I am using software that already builds the custom trigger on a transaction.
Well how would I set up the logout feature as a transaction?
Or is there certain code you can put in there for the trigger?
I am so lost.
Thanks,
Jason
Posted: Thu May 04, 2006 10:30 am
by s.dot
Use the logout link to direct to a script that does it without depending on the URL data.
Code: Select all
// simple logout
mysql_query("UPDATE `table` SET `loggedin` = 0 WHERE `foo` = '$bar'") or die(mysql_error());
This way you're not depending on $_GET data.
Also, speaking from experience, not many people click the logout link. =] If they click the X on the browser, they'll be stuck online according to the way you have your setup.
Posted: Thu May 04, 2006 10:37 am
by nowhere903
Ok, SO I just need to add this to the logout hyperlink?
Also, how would you recommend I logout users. A time out?
Thanks,
Jason
Posted: Thu May 04, 2006 10:47 am
by s.dot
Using the example above, you would not put any of that into the hyperlink.
You would put that code in a page, perhaps logout.php.
Then the link would link to logout.php.
The recommended way of determining users online is to update a time field in a database on every page load. Like this:
Code: Select all
mysql_query("UPDATE `table` SET `time_last_active` = '".time()."' WHERE `foo` = '$bar'") or die(mysql_error());
Then, to retrieve the data of who's online you'd need to set a 'timeout' limit. Like query for those users who have been active within the past X minutes.
So something like the following.
Code: Select all
$timeoutminutes = 10;
$timeoutseconds = time()-$timeoutminutes*60;
$online_result = mysql_query("SELECT `somefield` FROM `sometable` WHERE `time_last_active` >= '$timeoutseconds'") or die(mysql_error());
You could then do what you want with the results.
Hope this helps.
Posted: Thu May 04, 2006 10:56 pm
by nowhere903
Yes that does help. I will see what I can do with that.
I appreciate the precise reply. It is nice to know there is a place I can ask questions with such expertise.
Thanks again,
Jason
ARRRRRRRRRRRR
Posted: Fri May 05, 2006 12:01 am
by nowhere903
mysql_query("UPDATE 'users' SET 'lastactivity' = '".time()."' WHERE id=".$_SESSION['login_id']) or die(mysql_error());
This is my query. I can't get it to work!!! I am banging my head. Anyone got an idea. I can't figure it out.
Thanks,
Jason.