Need advise dealing with comparing array with $ GET variable

Forum Moderators: coopster

Message Too Old, No Replies

Need advise dealing with comparing array with $ GET variable

xpiamchris

7:21 am on Jan 20, 2009 (gmt 0)

Scenario:
A user logs in and has a list of "albums" he can choose from. Once the user clicks on a link to the album, it sends a $_GET # to an editalbum.php page which pulls up the appropriate album page.

To ensure that the user does not go to a page that is not his own, I need to compare the $_GET variable with a query from mysql that shows which albumids belong to that user.

E.g.
User 1 has album ids, 1, 3, 5.
User 2 has album ids 2, 4.

So if User 1 tries to go to the page with $_GET variable equal to 3, he can access the page as it is compared to the values 1,3,5. However, if he tries to get in with $_GET variable equal to 4, he is redirected to a "cannot access" page.

How would you go about doing this?

Thank you in advance.

enigma1

1:00 pm on Jan 20, 2009 (gmt 0)

When the user logs in you must keep an identifier about him somewhere. That identifier must be also stored with the albums table. So you have everything theoretically and you shouldn't need to mix the pages with the identifiers.

The $_GET['page'] holds the page. So you access the count of records of ids from the dbase using the user who is logged in. Then you select the appropriate set of records from the dbase for that user

select album_id from albums where user_id=5 limit 0,30
where limit is how many records the system will retrieve from the database starting from offset 0. So for page 2 you would have limit 30, 60 etc. User id 5 is someone with id=5 in this example.

Normally you use a page splitter for this purpose.