0

Within the user profile I am trying to only allow the user to see what they have posted to the database but with the coding this way it shows everything from the database in every users account. How can I get it to only echo what the user has created. 

<?php 

include("headers.php");

if($_POST['delete']) {
$title=$_POST['title'];
echo $title;
$result = mysql_query("DELETE FROM test2 where fname='$title'");

if($result)
echo "<div style='color:red;'>The ".$row['fname']." datas are deleted successfully.<br>   <br></div>";
}


if($_POST['submit']) { 

$title=$_POST['title'];
$result = mysql_query("SELECT * FROM test2 where fname='$title'");

$row = mysql_fetch_assoc($result);
 @$image=$row ['photo'];
  echo "<div style='width: 600px;border: 1px solid black;padding: 30px;float:     center;text-align: center;margin: auto;margin-top: 140px;'>  <span style=' font-size: 20px;      font-weight: bold;'>Recent Post</span><br><br>
  <table style='width:100%;border-bottom:1px solid gray;'><tr><td><table style='width:90%;'><tr><td>Name:</td><td>".$row['fname']."</td></tr>
  <tr><td>Start Date:</td><td>".$row['stdate']."</td></tr>
  <tr><td>End Date:</td><td>".$row['endate']."</td></tr>
  <tr><td>Address:</td><td>".$row['addr1']."</td></tr>
  <tr><td></td><td>".$row['addr2']."</td></tr>
  <tr><td></td><td>".$row['city']."</td></tr>
  <tr><td></td><td>".$row['state']."-".$row['zip']."</td></tr>
  <tr><td>Description:</td><td>".$row['description']."</td></tr>

  <tr><td>Link:</td><td><a href=".$row['link'].">".$row['link']."</a></td></tr>
  </table></td><td><img src='image/".$image."' alt='image'  style='width:100px;height:100px;'></td></tr></table><br/><br/><a href='index.php'>Go Back To Home </a></div>";

 // echo "<div style='width:90%;float:center;border-bottom:1px solid blue;'></div>";
  }  else {
$result = mysql_query("SELECT * FROM test2");
echo "<div style='width: 600px;border: 1px solid black;padding: 30px;float: center;text-align: center;margin: auto;margin-top: 140px;'>  <span style=' font-size: 20px;    font-weight: bold;'>Recent Post</span><br><br>";
while($row = mysql_fetch_array($result))
{
 @$image=$row ['photo'];
  echo "<table  style='width:100%;border-bottom:1px solid gray;'><tr><td><table style='width:90%;'><tr><td>Name:</td><td>".$row['fname']."</td></tr>
 <tr><td>Start Date:</td><td>".$row['stdate']."</td></tr>
 <tr><td>End Date:</td><td>".$row['endate']."</td></tr>
 <tr><td>Address:</td><td>".$row['addr1']."</td></tr>
 <tr><td></td><td>".$row['addr2']."</td></tr>
 <tr><td></td><td>".$row['city']."</td></tr>
 <tr><td></td><td>".$row['state']."-".$row['zip']."</td></tr>
 <tr><td>Description:</td><td>".$row['description']."</td></tr>

 <tr><td>Link:</td><td><a href=".$row['link'].">".$row['link']."</a></td></tr>
 </table></td><td><img src='image/".$image."' alt='image' style='width:100px;height:100px;'></td></tr></table>";
}
  echo "<br/><a href='index.php'>Go Back To Home </a></div>";

  }

 ?>
user2449615
  • 3
  • 1

2 Answers2

0

It is uncertain but if you keep identity of user in session or in users profile you already know the identity of user so we can assume to get the identity of user through $_SESSION['userid'], $_GET['userid'] or $_POST['userid'].

$userId = $_SESSION['userid'];

OR 

$userId = $_GET['userid'];

whatever, you have to have user information to query from database. It can be user name or any info of an user instead of userid

$result = mysql_query("SELECT * FROM test2 where fname='$title' AND userid ='$userId'");

Also, you should have a look at preventing SQL Injection

Community
  • 1
  • 1
Gökhan Girgin
  • 1,164
  • 8
  • 12
0

Your question lacks a lot of information (such as your database schema). But you will probably just need a WHERE clause in your SQL which you specify the user. For example,

SELECT * FROM test2 WHERE fname='$title' and user=$userid

Or something of the like, depending on the schema.

Matthew FitzGerald-Chamberlain
  • 564
  • 4
  • 11