Private message system

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
User avatar
Rob
Forum Commoner
Posts: 33
Joined: Fri Oct 03, 2003 3:18 pm

Private message system

Post by Rob »

I've been workin on my PM system, I need some advice on how to go about viewing the PM's. First, all PMs are listed in a table, then you click the subject to view the pm..but how can I do this right...my first idea was to link it to ./viewpm.php?subject=whatever then view it that way, but if theres duplicate subjects that would mess it up should I use ID? Another thing that worrys me about this is all the users PMs are stored in a single table, is that ok?
qads
DevNet Resident
Posts: 1199
Joined: Tue Apr 23, 2002 10:02 am
Location: Brisbane

Post by qads »

yes u should use IDs to view PMs..

do you have a login system? if so, make use of user id, e.g.

Code: Select all

<?php
$query = mysql_query("select `message` from `pm_table` where `user_id` = '".$_SESSION['user_id']."' order by ID DESC");
$check = mysql_num_rows($query);
if($check != 0)
{
//list pms
}
else
{
echo "You have 0 messages....";
}
?>
got the idea? :D
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

Preferably userid & messageid.
Userid to apply safety, messageid to skip the hazzle of duplicate subjects etc.

Code: Select all

// http://www.example.com/viewmsg.php?id=14
"select message from pm_table where user_id = '$_SESSION&#1111;userid]' and message_id = '$_GET&#1111;id]'"
User avatar
Rob
Forum Commoner
Posts: 33
Joined: Fri Oct 03, 2003 3:18 pm

Post by Rob »

thanks, ill try it out. I never even thought of adding a message ID
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

User avatar
Rob
Forum Commoner
Posts: 33
Joined: Fri Oct 03, 2003 3:18 pm

Post by Rob »

For sending a message im trying to make sure the user exists before its sent. This is my verification code.

$sql_username_check = mysql_query("SELECT user FROM usersys WHERE user='$_GET[user]'");
$username_check = mysql_num_rows($sql_username_check);
if($username_check < 0){
echo "<strong>Username not active.<br />";
unset($username);
exit();

It doesent work though, any ideas?
Nay
Forum Regular
Posts: 951
Joined: Fri Jun 20, 2003 11:03 am
Location: Brisbane, Australia

Post by Nay »

Code: Select all

$sql_username_check = mysql_query("SELECT user FROM usersys WHERE user='{$_GET['user']}'");
$username_check = mysql_num_rows($sql_username_check);
if($username_check < 0) {
echo "<strong>Username not active.</strong><br />";
unset($username);
exit();
} else {
// do the script
}
Two things. One:

Code: Select all

$_GET[user]; // BAD

$_GET['user']; // GOOD

"SELECT * FROM thetable WHERE user = '$_GET['user']'"; // BAD

"SELECT * FROM thetable WHERE use = '{$_GET['user']}'"; // GOOD
And two, you forgot the } after exit() to end the if operator.

-Nay
qads
DevNet Resident
Posts: 1199
Joined: Tue Apr 23, 2002 10:02 am
Location: Brisbane

Post by qads »

is the user name like "qads" without the speech marks? if so then use

Code: Select all

<?php
$username = addslashes($_GET['user']);
?>
if it is a number (ID) then use:

Code: Select all

<?php
$username = (int)$_GET['user'];

?>
its more safe :D
User avatar
Rob
Forum Commoner
Posts: 33
Joined: Fri Oct 03, 2003 3:18 pm

Post by Rob »

<?php
session_start();

if(!isset($_SESSION['loggedin']))
{
//hack attempt?
include ("login.php");
exit;
} else {
//o ok
}
$conn = mysql_connect("localhost","****","******");
$db = mysql_select_db("********");

$sql_username_check = mysql_query("SELECT user FROM usersys WHERE user='$_GET[user]'");
$username_check = mysql_num_rows($sql_username_check);
if($username_check < 0) {
echo "<strong>Username not active.</strong><br />";
unset($username);
exit();
} else {
// do the script
}

?>

Thats my full code, except SQL login info...No errors but it also doesent stop users that dont exist.
qads
DevNet Resident
Posts: 1199
Joined: Tue Apr 23, 2002 10:02 am
Location: Brisbane

Post by qads »

if($username_check < 0) {


should be
if($username_check == 0) {
User avatar
Rob
Forum Commoner
Posts: 33
Joined: Fri Oct 03, 2003 3:18 pm

Post by Rob »

Thanks, ill try it out
User avatar
Rob
Forum Commoner
Posts: 33
Joined: Fri Oct 03, 2003 3:18 pm

Post by Rob »

Thanks for all your help, it works great
Post Reply