prob in sessions

vividona

I am trying to select just one specified article using sessions

$CheckArtiList = sprintf("SELECT `artid`, `subject`, `body`, `uid`, `username` FROM %s WHERE uid=".$_SESSION['uid']." ORDER BY curtime DESC",
		parent::BHL_CONT_MGM);
		$ArtiList = mysql_query($CheckArtiList) or die( mysql_error());

but the code select all articles which I posted.

I need to select the article whick I click only. so that I can update it or delete it

vividona

check my full code
it is working fine but select all user own article.

public function EditArtis() {
	try{
	if(!$_SESSION['uid']){
		echo "Hey, you are not entitle to modify this article. May be it is not yours or you are not login!";
		echo ". . . This is a ristricted area for you . . . please wait till transfer you to the proper place . . .";
		echo "<meta http-equiv='Refresh' content='5; URL=../index.php'/>";
		return false;
	}
		$CheckArtiList = sprintf("SELECT `artid`, `subject`, `body`, `uid`, `username` FROM %s WHERE uid=".$_SESSION['uid']." ORDER BY curtime DESC",
		parent::BHL_CONT_MGM);
		$ArtiList = mysql_query($CheckArtiList) or die( mysql_error());
		if(!mysql_num_rows($ArtiList) == 1) {
			throw new Exception( "Hey, we did not Articles in databases!");
		}			
			if (isset($_GET['editarti'])) {
			parent::ClnArtiSub();
			parent::ClnArtiBod();

		$Artid = $_GET['editarti'];
		$sql = sprintf("SELECT `artid`, `subject`, `body`, `uid`, `username`, `curtime` FROM %s WHERE artid='%s'",
		parent::BHL_CONT_MGM, $Artid);
		$Checkq = mysql_query($sql);
		if ($Checkq) {
		echo "";
		}else{
		echo "Sorry, we did not find any article here!";
		}
		$row = mysql_fetch_array($Checkq);
		echo '<HTML>
			<BODY>
			<table width="40%" border="1" align="center" cellpadding="1" cellspacing="1">
			<tr><td align="right"><H1 style="margin-top: 0; margin-bottom: 0"><font face="Tahoma" size="4" >
			</font></H1><br>
			<fieldset><legend>You can submit your article from this section:</legend>
			<FORM METHOD="POST" ACTION="" >
			</font><font face="Tahoma" size="2">
			subject:</font><font face="Tahoma" size="1"><br>
			<INPUT type="text" name="subject" SIZE=25 MAXLENGTH=50 value="'.$row['subject'].'"/></font></font></p>
			</font><font face="Tahoma" size="2">
			Body:</font><font face="Tahoma" size="1"><br>
			<textarea name="content" rows="10" cols="70" wrap="virtual">'.$row['body'].'</textarea>
			<P style="margin-top: 0; margin-bottom: 0">
			<INPUT TYPE="submit" NAME="submit" VALUE="Save!" style="font-family: Tahoma"></p></td></tr>
			</fieldset>
			</table>
			</FORM>
			</BODY>
			</HTML>';
			if(parent::ClnArtiSub() == "" || parent::ClnArtiBod() == ""){
				throw new Exception( "Hey, You have to fill all the required fields!");
			}
			if( ! parent::getmail() == 0){
			$QUERY = sprintf("UPDATE %s SET `subject` = '%s', `body` = '%s' WHERE artid='%s'",
			parent::BHL_CONT_MGM, parent::ClnArtiSub(), parent::ClnArtiBod(), $Artid)or die(mysql_error());
			$Result = mysql_query($QUERY);
			if(! Result){
				throw new Exception( "Hey, We can not update this article!" );
			}
			}
		}else {
		echo '' .
		mysql_error() . '</p>';
		}
		while($row = mysql_fetch_array($ArtiList)){
		$Artid = $row['artid'];
		$Article = $row['subject'];
		echo '<table width="690" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#666666">
			<tr>
			<th scope="col"><div align="center">'.$Article.'</div></th>
			<th width="150" height="40" scope="col"><div align="center"><a href="' . $_SERVER['PHP_SELF'] .'?editarti=' . $Artid . '">' .	'Edit this article</a></div></th>
			</tr>
			</table>';

		}

}
	catch ( Exception $e ) {
		echo $e->getMessage();
	}
}

shawty

When your doing concatenated strings you still need to ensure you have your single quotes in your query strings. EG:

WHERE uid='".$_SESSION['uid']."' ORDER BY

this ensures that you end up with:

WHERE uid='xxx' ORDER BY

rather than

WHERE uid=xxx ORDER BY

Which is what your string will be generating at the moment.