Home/ Questions/Q 7846233
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-02T17:30:40+00:00

I have this script below where it scans users that are allowed to see

  • 0

I have this script below where it scans users that are allowed to see a post. How do i update it so that it will match the person viewing’s ID to the one stored in the field. If it matches it works else it doesn’t. The stored entries will be something like 99394david, 324234smith, 34343jane. So this script i have is not matching it. 

    $kit = mysql_real_escape_string($_GET['id']);

$sql="SELECT `Who_can_see` from `posts` where `post_id` = '$kit'";  
    $result=mysql_query($sql);

    $query = mysql_query($sql) or die ("Error: ".mysql_error());

    if ($result == "")
    {
    echo "";
    }
    echo "";


    $rows = mysql_num_rows($result);

    if($rows == 0)
    {
    print("");

    }
    elseif($rows > 0)
    {
    while($row = mysql_fetch_array($query))
    {
    $userallowed = htmlspecialchars($row['who_can_see']);
    }
    }

    //$personid is drawn from the database.  its the id of the
     person viewing the link.

    if ( $userallowed == $personid ) {
echo("allowed");
    } else {
echo("not allowed");
    die();
    }

    ?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I would simply add the $personid to the query (although I have doubts about how you are filling your posts table exactly…):

    $sql="SELECT `Who_can_see` from `posts`
      where `post_id` = '$kit'
        AND `Who_can_see` = '$personid'";

    If your result contains a row, the user is allowed to view the post.

    By the way, I would also recommend using prepared statements to avoid any potential sql injection problems.

    Edit: Based on the fact that Who_can_see can contain a comma separated list of entries, you can use your original script, and just change how you match, using for example stripos.

    if ( stripos($userallowed, $personid) !== false ) {
    // $personid is found in $userallowed
    echo("allowed");
} else {
    echo("not allowed");
    die();
}
    • 0