-3

Here is the code for blocking comments from blocked users. Comments are getting blocked for only the first blocked user in the database table, but i want the comments to be hidden for all the blocked users in database table.

 <?php 
 include_once('adminpanel/dbconnect.php');
 $sql_query =mysql_query("SELECT * FROM blocked_accounts WHERE 
 blocker_id=".$id);
 $rr=mysql_fetch_array($sql_query);
 if($rr['blocked_id'] == $r['id'] && $rr['blocker_id'] == $id)
  {
echo "";    
  } 
 else
   {    ?>
josh
  • 13
  • 5
  • 2
    Once upon a time, there was `mysql_query`... – Angel Politis Dec 15 '18 at 07:11
  • @AngelPolitis please elaborate. i am new to php. what's wrong with the query. do i need to use while loop? help me out. please! – josh Dec 15 '18 at 07:13
  • He is trying to let you know that mysql_query is very much outdated and full of security holes, mysqli_query (has an i at the end of mysql) or prepared statements is where you should be focusing your attention when it comes to learning. To point you in the right direction it looks like you are pulling an array and not running through all the possibilities. – Second2None Dec 15 '18 at 07:19
  • Check out this link: https://stackoverflow.com/questions/32770373/how-to-use-mysqli-query-in-php – Second2None Dec 15 '18 at 07:21
  • Check out my [answer](https://stackoverflow.com/questions/53790349/hide-comments-for-all-blocked-friends/53790754#53790754) @josh. I have elaborated there. – Angel Politis Dec 15 '18 at 08:37
  • @AngelPolitis thanks bro. god bless. – josh Dec 15 '18 at 11:07

2 Answers2

0

You need to go through all the records and if any of them match, then this is blocked. This code first sets a flag to say it isn't blocked, then if any of the records match, sets this to true and breaks out of the loop (not worth carrying on)...

<?php
include_once('adminpanel/dbconnect.php');
$sql_query = $conn->prepare( "SELECT * FROM blocked_accounts WHERE
 blocker_id= ?");
$sql_query->bind_param("i", $id);
$sql_query->execute();
$blocked = false;
while ($rr=mysqli_fetch_assoc($sql_query))   {
    if($rr['blocked_id'] == $r['id'] && $rr['blocker_id'] == $id)
    {
        $blocked = true;
        break;
    }
}
if($blocked)  
{
    echo "";
}
else
{    ?>

As mentioned in the comments, this is update to mysqli_ and prepared statements, you will need to change your connect to use mysqli as well (PHP mysqli connect function may helpd if you are not sure).

Nigel Ren
  • 56,122
  • 11
  • 43
  • 55
  • This is the exactly what i want. god bless you. @Nigel Ren – josh Dec 15 '18 at 11:08
  • If this has helped, please consider marking it as answered - https://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work – Nigel Ren Dec 15 '18 at 13:37
0

Using mysql_* functions is very bad practice because they have been outdated for many years. Since you're in the phase of learning, it's best to focus on learning how to use prepared statements, whether in the form of mysqli or PDO and stick with that.

As to the problem at hand, the code you've given is vague and things that are needed to send the query, such as the connection, are missing. Therefore, my answer aims to guide you into using mysqli prepared statements correctly rather than give you a full-fledged solution.

Code:

<?php
    # Establish a connection to the database.
    $connection = new mysqli("your host", "your username", "your password", "your db");

    # Create a mysqli query.
    $query = "SELECT * FROM `blocked_accounts` WHERE `blocker_id` = ?";

    # Prepare the query and check whether the operation was successful.
    if ($stmt = $connection -> prepare($query)) {
        # Bind the parameters to the statement.
        $stmt -> bind_param("i", $id);   # 'i' means integer

        # Execute the statement and check whether the operation was successful.
        if ($stmt -> execute()) {
            # Get the result out of the statement and cache it.
            $result = $stmt -> get_result();

            # Close the statement.
            $stmt -> close();

            # Fetch the first row (use 'while' if you want more).
            if ($row = $result -> fetch_assoc()) {
               # Check whether the user is blocked...
            }
        }
    }

    # Shut down the database connection.
    $connection -> close();
?>

Notes:

  • When you're trying to query the database, remember to use the actual connection you established. In your mysql_query function call, there is not connection passed.
  • The part && $rr['blocker_id'] == $id in your if check is redundant because the value of $id is the value we used to filter the results returned by the database, so it will be always true.
Angel Politis
  • 10,955
  • 14
  • 48
  • 66