Welcome to WebmasterWorld [webmasterworld.com], sphiro.

The answer to your own question is already there. You see, you "would like to restrict every user to deleting and editing the rows of information that they themselves have posted." That means you need to store the unique user's id with the posted message so you can identify who posted it. Then, when you display it you can check the stored user id with the userid of the person that is logged in. If they match, you allow certain operations. If not, you don't even display the operations.

Would it be poor design if I create a new table for every user that registers? The users would have access to viewing contents in the database but they would only be able to modify their personal table.

Also, whether it is good or bad design, is this even possible?
Every time a new user is registered, create a new table with standard fields that all user table have and then name it accordingly by using the user id

CREATE TABLE personal + '$id'( id INT NOT NULL AUTO_INCREMENT,
PRIMARY KEY(id),
name VARCHAR(30),
email VARCHAR(20));

or something along those lines. If this can be done where would be a good place to place this command?

I'm no expert, but creating a new table for every user seem unecessarily cumbersome. I would suggest you follow Coopster's suggestion that you just tag each record with the userid that created it, and then only allow users to change entries that they created.

Would you be able to provide me with a link to a tutorial and some examples of how to go on with restricting users to deleting and editing only their own entries to the database?

Anybody?

I wouldn't know of any. We tend to "roll our own" code here in the PHP Forum. Why not take a stab at it yourself?

I have tried with sessions and cookies but no success, yet.

I am not sure of two things:
1. Where do I tag each entry with the user id.
2. What is the syntax?

If you could post a fragment of code or possibly clarify those two things above.. it would be very helpful.

Hi sphiro,
You 'tag' each entry by adding an id field to your database table for storing the user who entered the item (record).
Here is a fragment of code:
if ($contact_whoAdded == $_SESSION['username'] {
YOUR CODE
}
where $contact_whoAdded is the id of the person who entered the item and $_SESSION['username'] is the signed on user.

Gardenguy, thanks for the reply.

Would this be appropriate?

if ($userid == $_SESSION['username']) {

$result=mysql_query("INSERT INTO info (username, email) VALUES ('$username','$email)")or die("Insert Error: ".mysql_error());
print "Record added\n";

}

Am I 'tagging' the record at the right place?

sphiro,
Short answer = Nope.
Longer answer:
Let's abandon this 'tag' concept and start again.
First, you need not care when the record is added (INSERTED) if there is a match. But you do need to add a new field (column) in your info table which records the id of the person who did do the INSERT. So, one time only make a new field (let's call it whoAdded) in the table named info as follows:

ALTER TABLE `info` ADD `whoAdded` VARCHAR( 20 ) NOT NULL ;

The info.whoAdded field would receive the $_SESSION['username'] INSERTED during the add a record process.

During any further searchs of the database, you want only those records where the info.whoAdded entry is equal to the id of the current user ($_SESSION['username']) per my suggestion above.

Good luck.

Thanks! :)

I have a porblem with this piece of code. I think I am doing something wrong with the 'if statemnt' because it doesn't display anything and when it is removed it displays everything.

Anyone notice what the reason for this could be?

$result = mysql_query( "SELECT * FROM items" )
or die("SELECT Error: ".mysql_error());
$worked = mysql_fetch_array($result);
$iduser = $worked['iduser'];
if ($iduser == $_SESSION['valid_id']) {
$num_rows = mysql_num_rows($result);
print "<br><br>There are $num_rows records.<P>";
print "<table width=200 border=1>\n";
while ($get_info = mysql_fetch_row($result)){
print "<tr>\n";
foreach ($get_info as $field)
print "\t<td><font face=arial size=1/>$field</font></td>\n";
print "</tr>\n";
}
print "</table>\n";
}

Possibly I have the if statemnt in the wrong place? Or, the 'iduser' is never equal to $_SESSION['valid_id'] and I need to obtain the value of 'iduser' another way?

Any comments would be helpful.

sphiro,
You have me a bit confused.
Earlier we were discussing a table called info and now you are looking in one called items. Does items contain a new column (field) which has the user who added the item in it?
Not every table requires this depending on what you are doing. But if you have not used the match in info to get to items, then the item table will need it too (or instead of).

Gardenguy, this is the actual code that I would like to apply the restrictions to. In this database I only have 2 tables; one 'users' and one 'items'. Each item inserted into 'items' is succeffuly tagged with the the id of the user that adds it to the database. I know because when I display it the item shows the id of the user in the 'iduser' field of the table 'items'.

When I try to display the items I use the code that I posted previously. But, it doesn't display any items.. and when the 'if...' is removed all items are displayed.

So I have come to the conclusion that I am unable to grab the value for 'iduser' before i compare to see if it is the same as the value of $_SESSION['valid_id'].. unless you see something else that is not correct in the code I posted?

Actually, come to think of it I am pretty sure that, that is the problem.. I am not able to transfer the value from the field 'iduser' to the variable '$iduser'. Could you possibly suggest how I can get around this?

No ideas?