-4

What is the proper way to indicate in your db when a user is logout of an application.

session::start();
$username = session::check()["username"];
$link->query("UPDATE admin SET isOnline = 0 WHERE username = '".$username."'");
session::destroy();
exit;

This is my current implementation.

  • WHere are you executing the query? – Alfabravo Jun 05 '17 at 16:13
  • What do you mean by "where"? –  Jun 05 '17 at 16:14
  • 1
    You have a comma before WHERE clause. I've never seen that so I think that could cause a syntax issue. – TurtleTread Jun 05 '17 at 16:17
  • @TurtleTread, tnk you. I would try that. –  Jun 05 '17 at 16:19
  • You're already using an API that supports **prepared statements**, you should utilize parameterized queries with placeholders (prepared statements) to protect your database against [SQL-injection](http://stackoverflow.com/q/60174/)! Get started with [`mysqli::prepare()`](http://php.net/mysqli.prepare). – Qirel Jun 05 '17 at 16:21
  • @Qirel, you could have pointed that out, instead of downvoting it, but tnks anyways. –  Jun 05 '17 at 16:24
  • It's not my downvote.. I voted to close, yes - but that's not a downvote ;-) And I did point out the error in your query. – Qirel Jun 05 '17 at 16:25

2 Answers2

1

edit: 

$link->query("UPDATE admin SET isOnline = 0 WHERE username ='".$username."'");
itay
  • 357
  • 4
  • 16
  • you are both right. I was thinking that he use prepared statement,I checked the question agian and saw that he have unessery comma, edit my answer. thank you – itay Jun 05 '17 at 16:22
0

This is what I used: 

$query = "UPDATE Logins SET logouttime='$logouttime' WHERE Email='$Email' AND 
            fromproxy='$pipaddress' AND fromip='$ipaddress'";
unset($_SESSION);
Pang
  • 9,564
  • 146
  • 81
  • 122
Jon Hogan
  • 1
  • 5