Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP

Victor Bielski
Victor Bielski
2,325 Points

User can only see documents uploaded by themselves. Php & MySQL

Hi,

I'm currently finishing a project, but I'm kinda stucked. At the moment, I got a login system where the data gets stored in a users table containing following:

idUsers int(11) PRIMARY KEY username TINYTEXT email TINYTEXT pwdUsers LONGTEXT

Then I got a files tables aswell, where the user are able to upload documents such as .docx and .pdf. The user got a option to use a search field to find those documents based on name, author, title and so on. The problem is that, the user should only be able to see documents being uploaded by themselve and I can't quite solve that problem.

Files table containing following: id int(11) PRIMARY KEY usersId int(11) FOREIGN KEY name varchar(255) title varchar(255) forfatter varchar(255) (author) size int(11) downloads int(11)

usersId in files table are the foreign key for the idUsers in my users table. So when the user uploads, it gets the specific/primary id from the user as usersId in the files table.

The documents that are found by the search function are being generated in a table with php.

Search.php

<?php $output = '';

if (isset($_GET['search']) && $_GET['search'] !== ' ') {
    $searchingq = $_GET['search'];

    $q = mysqli_query($conn, "SELECT * FROM files WHERE id AND name LIKE '%$searchingq%' OR title LIKE '%$searchingq%' OR forfatter LIKE '%$searchingq%'") or die(mysqli_error($conn));
    mysqli_stmt_bind_param($id, $name, $title, $forfatter, $download);
    $c = mysqli_num_rows($q);
    if($c == 0) {
        $output = '<p>No search results for: "' .$searchingq. '"</p>';
    } else {
        while($row = mysqli_fetch_array($q)) {
            $name = $row['name'];
            $title = $row['title'];
            $forfatter = $row['forfatter'];
            $download = $row['downloads'];

            if (isset($_SESSION['userId'])) {

            $output .= 
                        '
                        <tbody class="tableBody">
                        <tr>
                            <td>' .$name. '</td>
                            <td>' .$title. '</td>
                            <td>' .$forfatter. '</td>
                            <td class="text-center"><a href="../uploads/'.$name.'" download="'.$name.'"><i class="fas fa-file-export"></i></a></td>
                            <td class="text-center"><a href="delete.inc.php?id='.$row['id'].'"><i class="fas fa-trash-alt"</a></td> 
                        </tr>
                    </tbody>';

            /*$output .= '<h2>' .$name. '</h2>
                        <h3>' .$title. '</h3>
                        <p>' .$forfatter. '</p>';*/
            }
        }
    }
} else {
    header("location: ./");
} 

print("$output");
mysqli_close($conn);

?>