0

I am using a MySQL database. I am completely sure that the ID does actually exist in the database. Why is it going to the last else (where is says //incorrect id) ?

<?php
            //Localise user id.
            $userid = $_SESSION['userid'];

            //Get content of the article.
            $sql = "SELECT * FROM articles WHERE creatorid = '$userid'";
            $result = mysql_query($sql) or die(mysql_error()); //Execute. If fails, show error.
            $array = mysql_fetch_array($result);

            if(in_array($articleid, $array)) //If the URL id exists in the database (array)
            {
                //The article does actually exist for that user. They requested it.
                $sql = "SELECT * FROM articles WHERE id = '$articleid'";                
                $result = mysql_query($sql) or die(mysql_error()); //Execute. If fails, show error. 
                $array = mysql_fetch_array($result);

                        $content = $array['content'];

                        if($content != '') //If the article has actually been written.
                        {
                            include($_SERVER['DOCUMENT_ROOT'] . '/includes/renderimage.php');
                        }   else
                            {
                                //Article actually hasn't been written.
                            }
            }   else
                {
                    //Incorrect ID.
                }
                ?>
Improve this question
6
  • 2
    where is $articleid? is it initialised? if not then else part will execute. Commented Oct 13, 2012 at 6:32
  • 1
    If I'm not wrong, you can't use in_array in that context. I have a gut feeling it doesn't iterate multiple dimensions. Commented Oct 13, 2012 at 6:32
  • 3
    Please don't use mysql_* functions in new code. They were removed from PHP 7.0.0 in 2015. Instead, use prepared statements via PDO or MySQLi. See Why shouldn't I use mysql_* functions in PHP? for more information. Commented Oct 13, 2012 at 6:35
  • $articleid is initialised in the script. $articleid = $_GET['ref']; Commented Oct 13, 2012 at 6:41
  • add var_dump($array); and see what is in $array Commented Oct 13, 2012 at 6:42

2 Answers 2

Reset to default
1

You're only looking in the first row that's returned. You need to call mysql_fetch_array in a loop to get each row. Also, you shouldn't use in_array(), since the article ID might appear in some other column (what if you're checking for article #3 and user #3?).

But if you just want to see if the article was created by this user, you can use a different query:

SELECT * FROM articles WHERE creatorid = '$userid' AND articleid = '$articleid';

This should return either 0 or 1 row depending on whether the user created the article. You can then use mysql_num_rows() to test for this.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

It appears you are accessing the array incorrectly. On top of that you are returning multiple articles if the creator posted more than one so your in_array() is totally invalid. Change the limit on your query to one record (LIMIT 0,1) and access the creator id by calling: 

$result[0]->creatorid or $result['creatorid']

depending on how your resource is queried

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.