php-windows Digest 14 Sep 2010 21:13:51 -0000 Issue 3861

Tue, 14 Sep 2010 14:14:48 -0700 

php-windows Digest 14 Sep 2010 21:13:51 -0000 Issue 3861

Topics (messages 30324 through 30327):

Re: Select the specific user data from the database
        30324 by: Paul Vatta
        30325 by: Paul Vatta

Re: [PHP-DB] Is this syntax is correct?
        30326 by: Amit Tandon

Simple implementation of alternating session variable to hide contents of a 
javascript file being implemented in a page
        30327 by: Jacob Kruger

Administrivia:

To subscribe to the digest, e-mail:
        php-windows-digest-subscr...@lists.php.net

To unsubscribe from the digest, e-mail:
        php-windows-digest-unsubscr...@lists.php.net

To post to the list, e-mail:
        php-wind...@lists.php.net


----------------------------------------------------------------------
--- Begin Message --- 
You could also try the following approach:
- on the table, have an INSERT trigger add the username to a column
named CREATE_WHO (this can be extended to UPDATE operations too, but
this probably isn't necessary in your example)
- create a view based on "select * from table where CREATE_WHO =
SUBSTRING_INDEX(USER(),'@',1);".
- DML statements are now applied against the view, and not against the
underlying table.
This depends on the user who is logged in to the DB though.

Hope this helps,
Paul

On 6 September 2010 19:38, Richard Quadling <rquadl...@gmail.com> wrote:
>
> On 5 September 2010 12:21, nagendra prasad <nagendra802...@gmail.com> wrote:
> > Hi Experts,
> >
> > I have a mysql database. What I want is that when a user login he can able
> > to see his entries only, so that he can delete, add or edit his entries
> > only. I have 2 different tables one for user details and another for actual
> > entries. Please help me.
> >
> > Best,
> > Guru.
> >
>
> If userA's and userB' data are both in the same table, do or will you
> have issues with key fields?
>
> I don't know what the data is, but you would need to include some
> element of the user in every unique constraint.
>
> Depending upon the data, another option is to have a separate table or
> database per user. This allows for user permissions to be assigned to
> the table or database.
>
> I've used this mechanism when users data needs to be sync across
> multiple devices and the device initiating the sync was always the
> most uptodate. Cloning a table was far easier.
>
> Richard.
>
>
> --
> Richard Quadling
> Twitter : EE : Zend
> @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

--- End Message ---
--- Begin Message --- 
You could also try the following approach:
- on the table, have an INSERT trigger add the username to a column
named CREATE_WHO (this can be extended to UPDATE operations too, but
this probably isn't necessary in your example)
- create a view based on "select * from table where CREATE_WHO =
SUBSTRING_INDEX(USER(),'@',1);".
- DML statements are now applied against the view, and not against the
underlying table.
This depends on the user who is logged in to the DB though.

Hope this helps,
Paul

On 6 September 2010 19:38, Richard Quadling <rquadl...@gmail.com> wrote:
>
> On 5 September 2010 12:21, nagendra prasad <nagendra802...@gmail.com> wrote:
> > Hi Experts,
> >
> > I have a mysql database. What I want is that when a user login he can able
> > to see his entries only, so that he can delete, add or edit his entries
> > only. I have 2 different tables one for user details and another for actual
> > entries. Please help me.
> >
> > Best,
> > Guru.
> >
>
> If userA's and userB' data are both in the same table, do or will you
> have issues with key fields?
>
> I don't know what the data is, but you would need to include some
> element of the user in every unique constraint.
>
> Depending upon the data, another option is to have a separate table or
> database per user. This allows for user permissions to be assigned to
> the table or database.
>
> I've used this mechanism when users data needs to be sync across
> multiple devices and the device initiating the sync was always the
> most uptodate. Cloning a table was far easier.
>
> Richard.
>
>
> --
> Richard Quadling
> Twitter : EE : Zend
> @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY
>
> --
> PHP Windows Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

--- End Message ---
--- Begin Message --- 
SELECT d.username,  r.password FROM data join  registration r on r.username
= d.username WHERE r.username  like '%s' AND
r.password like '%s'"

Presuming the password stored as clear text and username is common field

SELECT d.username,  r.password FROM data join  registration r on r.username
= d.username WHERE r.username  like '%s' AND
r.password like '%s'"

or

SELECT d.username FROM data as d, registration as r WHERE r.username  like
'%s' AND
and r.password like '%s'"
and r.username = d.username
============
regds
amit

"The difference between fiction and reality? Fiction has to make sense."


On Sun, Sep 5, 2010 at 6:48 PM, nagendra prasad <nagendra802...@gmail.com>wrote:

> Hi All,
>
> Is this syntax is correct??
>
> SELECT username FROM data, password FROM registration WHERE username=%s AND
> password=%s"
>
>
> Best,
> Guru.
>

--- End Message ---
--- Begin Message --- 
In the following simple, little test client-side version of a noughts and 
crosses/tic-tac-toe game have just put up:
http://www.blindza.co.za/noughtsAndCrosses/

While I am implementing two <script /> tags with external .js script files 
being linked to, the second one links to a file called oX.php, but it first 
sets a session variable, so that that page will in fact render the javascript 
relevant to the simple version of noughts and crosses/tic-tac-toe being 
implemented using an open source library called JQuery which gives me a nice 
DHTML handling interface.

Basically if you first just called oX.php it wouldn't find the necessary 
session variable had been set, so wouldn't render the script source, and since 
it toggles the value as well, unless you could literally, somehow call the two 
separate pages/URLs at the exact same time as far as the server was concerned, 
it shouldn't really be possible to go and see what's being rendered as such - 
seems to work that way anyway, and only other thing might have tried out would 
have to do something like try and determine if it was really the hosting page 
requesting it - not too sure how that would work since would guess it's quite 
possible that it would get passed the same request header as it's hosting page 
is...?

Also, since haven't really looked into request headers too much as such, this 
seemed simple/easy enough to use instead.

Lastly, not too relevant, but the rather nice open-source javascript library 
I'm making use of is here:
http://www.jquery.org/

It allows me to quite easily manipulate element attributes, including querying 
them, etc. etc. using javascript, etc.

Stay well

Jacob Kruger
Blind Biker
Skype: BlindZA
'...fate had broken his body, but not his spirit...'



__________ Information from ESET NOD32 Antivirus, version of virus signature 
database 5451 (20100914) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

--- End Message ---

Reply via email to