Why is the foreach loop showing the data from other users?

Question

The resumes table contains 3 data and 3 files that are submitted to different employers. When I log in to Employer (2 (in resumes table fk_user_id = 2)) I get 3 download buttons of the other 2 employers as well.

What might be the reason?

I just require download button according to the resumes table and that too submitted to the specific employer. When I log in as Employer (2) I got 3 different download buttons.

resume_manage.php

    <?php
     include 'includes/header.php';
      include 'filesLogic.php';
     
      include 'includes/sidebar.php';
    ?>
    
            <div class="content-wrapper">
                <!-- START PAGE CONTENT-->
                <div class="page-heading">
                    <h1 class="page-title">Applied Jobs List</h1>
                    <ol class="breadcrumb">
                        <li><a href="../../../index.php"><i class="fa fa-dashboard"></i> Home</a></li>
                        <li class="active">Applied Jobs List</li>
                    </ol>
                </div>
                <div class="page-content fade-in-up">
                    <div class="ibox">
                        <div class="ibox-head">
                            <div class="ibox-title">Data Table</div>
                        </div>
                        <div class="table-responsive ibox-body">
                            <table class="table table-striped table-bordered table-hover" id="example-table" cellspacing="0" width="100%">
                                <thead>
                                    <tr>
                                        <th>User Id</th>
                                        <th>Resume</th>
                                        <th>Employer Id</th>
                                        <th>User Email</th>
                                        <th>Reply</th>
                                        <th>Status</th>
                                        <th>Actions</th>
                                    </tr>
                                </thead>
                                <tfoot>
                                    <tr>
                                        <th>User Id</th>
                                        <th>Resume</th>
                                        <th>Employer Id</th>
                                        <th>User Email</th>
                                        <th>Reply</th>
                                        <th>Status</th>
                                        <th>Actions</th>
                                    </tr>
                                </tfoot>
                                <tbody>
                                    <?php
                                    $detail="SELECT * FROM resumes where fk_user_id = '$user_id'";
                                    $detailqry = mysqli_query($conn, $detail);
                                    while($row = mysqli_fetch_array($detailqry)){
                                        $id = $row['resume_id'];
                                    ?>
                                    <tr>
                                        <td><?php echo $row['user_id'];?></td>
                                        <td><?php echo $row['name'];?></td>
                                        <td><?php echo $row['job_id'];?></td>
                                        <td><?php echo $row['user_email'];?></td>
                                        <td>
                                        <?php
                                        foreach ($files as $file){?>
                                            <a href="resume_manage.php?file_id=<?php echo $file['resume_id'] ?>">Download</a>
                                        <?php } ?>
                                        </td>         
                                        <td>                            
                                            <a class="btn btn-danger" href="write_resume_reply.php?sid=<?php echo $row['resume_id']; ?>"><b>Write Reply</b>
                                            </a>                            
                                        </td>   
                                        <?php
                                        if($row['active']==1){
                                            
                                            echo '<td>';
                                            echo "<font color='#8ed100'><b>Already Sent</b></font>";
                                            $buttonText = "SENT";
                                        }else{
                                            echo '<td>';
                                            echo "<font color='#750000'><b>Not Sent</b></font>";
                                            $buttonText = "SEND";
                                        }
                                        echo "</td>";
                                        ?>  
                                        <td class="text-center">                            
                                            <a class="btn btn-danger" href="action_resume.php?sid=<?php echo $row['resume_id']; ?>"><b><?php echo $buttonText; ?></b>
                                            </a>                            
                                        </td>
                                    </tr>
                                    <?php }?>
                                </tbody>
                            </table>
                        </div>
                    </div>            
                </div>
                <!-- END PAGE CONTENT-->    
                <footer class="page-footer">
                    <div class="font-13">2021 © <b>Job4Students</b> - All rights reserved.</div>
                    <div class="to-top"><i class="fa fa-angle-double-up"></i></div>
                </footer>
            </div>
        </div>    
           
        <!-- BEGIN PAGA BACKDROPS-->
        <div class="sidenav-backdrop backdrop"></div>
        <div class="preloader-backdrop">
            <div class="page-preloader">Loading</div>
        </div>
        <!-- END PAGA BACKDROPS-->
        <!-- CORE PLUGINS-->
        <script src="./assets/vendors/jquery/dist/jquery.min.js" type="text/javascript"></script>
        <script src="./assets/vendors/popper.js/dist/umd/popper.min.js" type="text/javascript"></script>
        <script src="./assets/vendors/bootstrap/dist/js/bootstrap.min.js" type="text/javascript"></script>
        <script src="./assets/vendors/metisMenu/dist/metisMenu.min.js" type="text/javascript"></script>
        <script src="./assets/vendors/jquery-slimscroll/jquery.slimscroll.min.js" type="text/javascript"></script>
        <!-- PAGE LEVEL PLUGINS-->
        <script src="./assets/vendors/DataTables/datatables.min.js" type="text/javascript"></script>
        <!-- CORE SCRIPTS-->
        <script src="assets/js/app.min.js" type="text/javascript"></script>
        <!-- PAGE LEVEL SCRIPTS-->
        <script type="text/javascript">
            $(function() {
                $('#example-table').DataTable({
                    pageLength: 10,
                    //"ajax": './assets/demo/data/table_data.json',
                    /*"columns": [
                        { "data": "name" },
                        { "data": "office" },
                        { "data": "extn" },
                        { "data": "start_date" },
                        { "data": "salary" }
                    ]*/
                });
            })
        </script>
        
    
    </body>
    
    </html>

filesLogic.php

     <?php
        // connect to the database
        
        
          include '../includes/connection.php';
          
          $conn = mysqli_connect("localhost","root");
          
         // Select Database   
            if (!$conn) {
                error_log("Failed to connect to MySQL: " . mysqli_error($connection));
                die('Internal server error');
              }
             
              // 2. Select a database to use 
              $sql = mysqli_select_db($conn, 'Students_Jobsite');
              if (!$sql) {
                error_log("Database selection failed: " . mysqli_error($connection));
                die('Internal server error');
              }
              $detail = mysqli_select_db($conn, 'Students_Jobsite');
        
        
              $sql = "SELECT * FROM resumes";
              $result = mysqli_query($conn, $sql);
         
              $files = mysqli_fetch_all($result, MYSQLI_ASSOC);
        
        
        
        
        
        // Downloads files
        if (isset($_GET['file_id'])) {
            $id = $_GET['file_id'];
        
            // fetch file to download from database
            $sql = "SELECT * FROM resumes WHERE resume_id=$id";
            $result = mysqli_query($conn, $sql);
        
            $file = mysqli_fetch_assoc($result);
            $filepath = '../uploads/' . $file['name'];
        
            if (file_exists($filepath)) {
                header('Content-Description: File Transfer');
                header('Content-Type: application/octet-stream');
                header('Content-Disposition: attachment; filename=' . basename($filepath));
                header('Expires: 0');
                header('Cache-Control: must-revalidate');
                header('Pragma: public');
                header('Content-Length: ' . filesize('uploads/' . $file['name']));
                readfile('uploads/' . $file['name']);
        
                // Now update downloads count
                $newCount = $file['downloads'] + 1;
                $updateQuery = "UPDATE files SET downloads=$newCount WHERE resume_id=$id";
                mysqli_query($conn, $updateQuery);
                exit;
            }
        
        }

The output in backend(php):

I don't see any restrictions when calling the DB to fetch the files (`$sql = "SELECT * FROM resumes";`), nor when doing `foreach`. As you already have `fk_user_id` in `$files` object, you can filter the list of files within the `foreach`, no? — mitkosoft, Jun 22 '21 at 12:51
You are creating the download buttons by looping over `$files`, and that one you filled based on the query `SELECT * FROM resumes`, in which you applied no limitation to any specific user at all. — CBroe, Jun 22 '21 at 12:51
**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) — Dharman, Jun 22 '21 at 15:11

Jiří Baum · Answer 1 · 2021-06-23T00:22:08.923

0

The query you're actually using is "SELECT * FROM resumes" in filesLogic.php which returns all resumes, not just those of the current user.
Manually interpolating values into SQL statements (as in "SELECT * FROM resumes where fk_user_id = '$user_id'") is quite risky; it tends to lead to the security problem known as SQL Injection, currently ranked #6 on the list of most dangerous software weaknesses.

If at all possible, instead use one of the library functions that takes an SQL statement with placeholders and a separate list of parameters; with msqli, that's prepare followed by bind_param:
```
$stmt = $conn->prepare("SELECT * FROM resumes where fk_user_id = ?");
$stmt->bind_param("i", $user_id);
$stmt->execute();
```

edited Jun 23 '21 at 00:22

answered Jun 22 '21 at 12:59

Jiří Baum

6,697
2
17
17

Fatal error: Uncaught Error: Call to a member function prepare() on bool in C:\xampp\htdocs\Student_Job\employer\filesLogic.php on line 28 ( ! ) Error: Call to a member function prepare() on bool in C:\xampp\htdocs\Student_Job\employer\filesLogic.php on line 28 – Sandhya Jun 22 '21 at 13:14
Notice: Undefined variable: mysqli in C:\xampp\htdocs\Student_Job\employer\filesLogic.php on line 28 – Sandhya Jun 22 '21 at 13:17
@Sandhya Your mysqli instance is called `$conn` – Dharman Jun 22 '21 at 15:11
Oops, sorry; variable name updated in my answer – Jiří Baum Jun 23 '21 at 00:21
Warning: mysqli_fetch_all() expects parameter 1 to be mysqli_result, bool given in C:\xampp\htdocs\Student_Job\employer\filesLogic.php on line 33 – Sandhya Jun 23 '21 at 05:59
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, bool given in C:\xampp\htdocs\Student_Job\employer\resume_manage.php on line 57 – Sandhya Jun 23 '21 at 06:00
For general debugging, consider a guide such as [How to debug small programs](https://ericlippert.com/2014/03/05/how-to-debug-small-programs/); sounds like you're not keeping track of what's in which variable, which is something you should be able to debug – Jiří Baum Jun 23 '21 at 08:12

score 0 · Answer 2 · answered Jun 23 '21 at 13:10

I could simply solve the problem by the following method:

 <?php
                                $detail="SELECT * FROM resumes where fk_user_id = '$user_id'";
                                $detailqry = mysqli_query($conn, $detail);
                                while($row = mysqli_fetch_array($detailqry)){
                                    $id = $row['resume_id'];
                                    $sql = "SELECT * FROM resumes where fk_user_id = $user_id and resume_id = $id";
                                    $result = mysqli_query($conn, $sql);

                                    $files = mysqli_fetch_all($result, MYSQLI_ASSOC);
                                ?>

Why is the foreach loop showing the data from other users?

2 Answers2