1

I've two tables users and userdata and I've created them using :

CREATE TABLE users
(
  id INT(6) AUTO_INCREMENT NOT NULL PRIMARY KEY,
  name VARCHAR(255),
  password VARCHAR(255)
);

and userdata through this:

CREATE TABLE userdata
 (
  adder INT(6) NOT NULL,
  added INT(6) NOT NULL,
  CONSTRAINT adder_user FOREIGN KEY (adder) REFERENCES users(id),
  CONSTRAINT added_user FOREIGN KEY (added) REFERENCES users(id),
  PRIMARY KEY (adder, added)
 );

I've kind of login system see this index.php page:(Here user is added by entering his id an password and session is being set for each user)

<?php 
  session_start();
?>

    <!DOCTYPE html>
    <html>
    <head>
        <title>
            login
        </title>
        <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css">
    </head>
    <body>
        <form action="review.php" method="post">
            <input type="text" name="id" placeholder="id">
            <input type="password" name="password" placeholder="password">
        <input type="submit" name="submit" class="btn btn-success">
    </form>
    </body>
    </html>

I've review.php where I've checked for the user authenticity(on a basic level)

  <?php 

   session_start();
   $connect = mysqli_connect('localhost','root','root','stackoverflow');
if(isset($_POST['submit']))
 {
    $id = $_POST['id'];
    $password = $_POST['password'];


    $query = "SELECT `name`,`id`,`password` from `users` where `id` = '$id' and `password` = '$password' ";
    $run = mysqli_query($connect,$query);
    $row = mysqli_fetch_assoc($run);

    if( ($id == $row['id']) && ($password == $row['password']) )
    {
        // start session with the id of the one who is logged in
        // this is the id of the user who is logged in
        $_SESSION['id']= $row['id'];
        header('location:save.php?id=$id'); 
    }


}


?>

This is save.php, here is the main issue, Let say Alice is logged into my system, and she visits the save.php page to add Bob to my system. There is save button on this page when some logged in user in my system(Alice) try to add another user(Bob) into my system (userdata table), at that point I want to check this-> has Bob has already added Alice (when Bob was logged In)? if so, when Alice clicks on save, the name Bob should be inserted into userdata table and Alice and Bob's name should be written in red, displayed to the user(using select query), because they both are added by each other. If Alice wants to add Bob but Bob has not added Alice before, then after clicking save by Alice the name Bob should be inserted into the userdata table, and should be displayed without any color because Bob has not yet added her.

How can I solve this problem of When a user adds a name, you must check if they are added to the reverse and in that case to indicate it. For example, if Alice adds Bob and Bob has Added Alice you must indicate it (with some symbol)?

 <?php 
    session_start();

$connect = mysqli_connect('localhost','root','root','stackoverflow');   
if(isset($_POST['save']))
{
    $name = $_POST['name'];
    $id   = $_SESSION['id'];
    $insert = "INSERT INTO `userdata` ('adder','added') values ('$id','$name')";  

    $query = "SELECT aer.name AS Adder, 'added', aed.name AS added
              FROM users aer
              INNER JOIN userdata ud ON aer.id = ud.adder
              INNER JOIN users aed ON aed.id = ud.added
              WHERE
            (
             SELECT COUNT(*)
                    FROM userdata uda
                    WHERE uda.adder = ud.added
                    AND uda.added = ud.adder
             ) >= 1";

    $run = mysqli_query($connect, $query);
    while($row = mysqli_fetch_assoc($run))
   {
echo "<div class = 'text text-center' id = 'special'>".$row['Adder']."  Added  ".$row['added']."</div><br>";


  }

 }

 ?>
 <!DOCTYPE html>
 <html>
  <head>
   <title>save</title>
   <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/css/bootstrap.min.css">
   <link rel="stylesheet" href="style.css">
</head><body>

  <div class="container">
        <div class="row">
            <div class="col-md-6">
                <form action="save.php" method="POST">

                        <input type="text" name="name">
                        <input type="submit" name="save" value="Save" class="btn btn-success">



                </form>
            </div>
        </div>

 </div>

  </body>
 </html>

users table

users

here is userdata table containing adder and added columns

adder    added
1         2
1         3

first row Alice added Bob second row Alice added John userdata table

Khan
  • 23
  • 1
  • 9
  • **Warning:** You are wide open to [SQL Injections](http://php.net/manual/en/security.database.sql-injection.php) and should really use parameterized [Prepared Statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead of manually building your queries like that. Specially since you're not escaping the user inputs at all! – M. Eriksson Nov 11 '18 at 16:48
  • **Warning:** Never store passwords in clear text! Only store password hashes. Use PHP's [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) . If you're running a PHP version lower than 5.5 (which I _really_ hope you aren't), you can use the [password_compat library](https://github.com/ircmaxell/password_compat) to get the same functionallity. – M. Eriksson Nov 11 '18 at 16:48
  • thank you so much, I'll definitely used it, but now I'm just using this for testing purposes , BTW how can I solve the problem I've mentioned, please have a look @MagnusEriksson – Khan Nov 11 '18 at 16:51
  • You should also look into: [When to use single quotes, double quotes, and back ticks in MySQL](https://stackoverflow.com/questions/11321491/when-to-use-single-quotes-double-quotes-and-back-ticks-in-mysql). Two of your three queries should currently fail because of this. – M. Eriksson Nov 11 '18 at 16:52
  • I would also recommend using best practices even if it is for testing purposes. When you refactor your code, you would need to change your code and your queries a bit, which might result in adding new issues or even fix current ones. There's never a good reason for knowingly writing insecure code and to debug code that needs to be rewritten after... – M. Eriksson Nov 11 '18 at 16:55
  • Your question is a bit unclear as well. What do you mean by the users "adding" each other? Do you mean that users can connect to each other, like a friend list? Or do you mean that they actually add new users into the system? – M. Eriksson Nov 11 '18 at 16:58
  • true !!! I agree, @MagnusEriksson – Khan Nov 11 '18 at 17:00
  • I've added some images of tables that would be clear image of what I want to say, please have a look at the post @MagnusEriksson – Khan Nov 11 '18 at 17:11
  • Adding by each other means, when the `userdata` table contains the rows something like this. (first row) `1 2` and (second row) `2 1` which means that Alice added Bob and Bob added Alice, i.e both are added by each other if that make sense ? @MagnusEriksson – Khan Nov 11 '18 at 17:20
  • Please try to solve the problem , I'm facing it from last two days and nothing is happening good. @MagnusEriksson – Khan Nov 11 '18 at 17:28
  • This is not clear. Is the problem the simultaneous access--"transaction processing", "atomicity', "serializability" & "concurrency control"--or just restrictions on what the tables can be--constraints? Please clarify via post edits, not comments. PS Answering "is it this or is it that" by "true" is not clear. PS Please [use text, not images/links, for text (including code, tables & ERDs)](https://meta.stackoverflow.com/q/285551/3404097). Use a link/image only for convenience to supplement text and/or for what cannot be given in text. – philipxy Nov 11 '18 at 19:06

1 Answers1

0

To begin with, you must have a unique user identifier in order to understand whether he was added or not (for example, email)

then (just for example not to use in real projects)

save.php: 

"SELECT `id` from `users` where `email` = '$email'";

if user exists do this (Since a user can be created by an existing user, you already have his id (In $_SESSION['id'] for example)):

"SELECT * from `userdata` where `edder` = '$id' AND `edded` = '$_SESSION['id']'";

if the record exists, it means that they are added to the reverse.

Yaroslaw
  • 98
  • 4