06-18-2008, 01:36 AM
|
#2 (permalink)
|
|
The Prestige
Join Date: Dec 2007
Location: On your Hard Drive, hiding like a Virus
Posts: 824
Thanks: 163
|
Quote:
Originally Posted by sarmenhb
hi, im creating a script that will allow multiple users upload multiple images and will view the images only that they uploaded.
this is the table structure i used
Code:
id
username
title
image
as you can see i added the username column which will be grabbed from the cookie. now my question is , is this the right way of doing this? if i had 100 people login to this script and each person uploaded 10 images to this table and their images were displayed neatly to them in a table. how else can this be done?
thanks
ps: this is what the table might have looked like after having 3 people upload 5 images each.
Code:
id: 1
username: bob
title: cartoon
image: someimage.png(encoded)
id: 2
username: bob
title: balloons
image: someimage.png(encoded)
id: 3
username: bob
title: ocean
image: someimage.png(encoded)
id: 4
username: bob
title: pc
image: someimage.png(encoded)
etc.....
then when i want to display each users images i would run a query like this
Code:
$username = $_COOKIE['username'];
$sql = mysql_query("select * from tbl_logos where username = '$username'");
while($row = mysql_fetch_assoc($sql)) {
echo data.....
}
|
Code:
$sql = mysql_query("select * from tbl_logos where username = '$username'");
Is a potential sql injection threat. Do this:
Code:
$sql = mysql_query("select * from tbl_logos where username = '".mysql_real_escape_string($username)."'");
__________________
Wax on, Wax off
|
|
|
|