I am using a MySQL database. I am completely sure that the ID does actually exist in the database. Why is it going to the last else (where is says //incorrect id) ?
<?php
//Localise user id.
$userid = $_SESSION['userid'];
//Get content of the article.
$sql = "SELECT * FROM articles WHERE creatorid = '$userid'";
$result = mysql_query($sql) or die(mysql_error()); //Execute. If fails, show error.
$array = mysql_fetch_array($result);
if(in_array($articleid, $array)) //If the URL id exists in the database (array)
{
//The article does actually exist for that user. They requested it.
$sql = "SELECT * FROM articles WHERE id = '$articleid'";
$result = mysql_query($sql) or die(mysql_error()); //Execute. If fails, show error.
$array = mysql_fetch_array($result);
$content = $array['content'];
if($content != '') //If the article has actually been written.
{
include($_SERVER['DOCUMENT_ROOT'] . '/includes/renderimage.php');
} else
{
//Article actually hasn't been written.
}
} else
{
//Incorrect ID.
}
?>
You’re only looking in the first row that’s returned. You need to call
mysql_fetch_arrayin a loop to get each row. Also, you shouldn’t usein_array(), since the article ID might appear in some other column (what if you’re checking for article #3 and user #3?).But if you just want to see if the article was created by this user, you can use a different query:
This should return either 0 or 1 row depending on whether the user created the article. You can then use
mysql_num_rows()to test for this.