Validate a variable with a field from my bd

Question

Validate a variable with a field from my bd

Navigation

#1 by (0 votes)
#2 by (0 votes)
#3 by (-1 votes)

2

I am developing a Web page, which has corresponding users to cities, to be more precise it is built in the following way (and it is done in Postgres)

USER

┌────────────┬───────────┐
│ cv_usuario │ Password  │
├────────────┼───────────┤
│        011 │ Ciudad1   │
│        022 │ Ciudad2   │
└────────────┴───────────┘

And on the other hand I have the CITIES table

┌────────────┬───────────┬─────────────┐
│ cv_ciudad  │  nombre   │  Habitantes │
├────────────┼───────────┼─────────────┤
│ 011        │ Del Valle │      123823 │
│ 022        │ Madero    │      998337 │
└────────────┴───────────┴─────────────┘

Basically my website needs to do the following:

Login (that you enter with the username corresponding to your city code)
When you access, open a map that I have mounted with a Google API, which has the layers of the cities
When you click on the SEE FILE button, you must upload all the data corresponding to that city (launch a query with the corresponding data), BUT, if you click on a different city, you should show a message: ¡No tiene permiso para acceder a los datos de esta ciudad!

Until now I have managed to access the click to the city with which I access but I have not been able to validate with a different city. I'm working with php

My php code of the Login where I build my valiable logon

session_start();
$_SESSION['varname'] = $userName;
echo "Welcome " . $userName;
header("Location: ../index.php"); //Me dirijo a index de mi página que contiene el mapa

In my map I show a small file with a link, which contains an xml where I manage a predator to direct to the information card with its corresponding key

<campo predato="CIUDAD|http://127.0.0.1/CIUDADES/verficha.php?varname=">
  <nombre>clavegeo</nombre>
  <alias>Ficha</alias>
</campo>

and in my information sheet I have the following: Reassign what is stored at the start of the session in another variable

$ciudad = $_SESSION['varname'];

and there my question comes as valid so that it only shows what corresponds to that city. at the moment I have something like that

if ($ciudad) {
    $query="Select *
            from ciudad
            where cv_ciudad
                in ($ciudad) )
                ;";

    $result = pg_query($query) or die('Query failed: ' . 
              pg_last_error());
    $rows = pg_num_rows ($result);
    $i = pg_num_fields($result);
}
else {
    echo "<br><center>¡No tiene permiso para acceder a los datos de esta ciudad!";
    echo $ciudad;
}

However, if I click on another city and I give it in -show sign- it sends me perfectly the query of that city even if it does not correspond with the password with which I access in the login: (

I hope you can help my friends, thank you in advance

php variables

asked by IndiraRivas 01.03.2018 в 21:05

source

3 answers

Remote access to MySQL validate number in input and at the same time format it in thousands

score 0 · Answer 1

As far as I understood, the user who initiates a session has a city assigned to it. which should only see this.

If that is the case, you should have

the city_id assigned to the User

capture the selected_city_id.

make a simple if

.

if(id_ciudad.equals(id_ciudad_seleccionada))
{
      //realizar llamada 
}
else
{
     //mandar mensaje.
}

or good if you want to do it from the query ..

you just have to change your query

   Select * from CIUDADES 
    where cv_ciudad = (select cv_ciudad  from USER WHERE cv_usuario = '011 ' and password = 'Ciudad1' and  cv_usuario  = $ciudad)

The magic is in

select cv_ciudad  from USER WHERE cv_usuario = '011 ' and password = 'Ciudad1' and  cv_usuario  = $ciudad

you are looking for the user 011 with password Ciudad1 and also you have to make sure that the city is the same as the one previously selected ... if it exists, the city will return you otherwise it will not do anything.

I hope it's your help.

score 0 · Answer 2

I think you have a little detail in your logic, because to do what you ask first you should have "tied" users with cities, you can do it manually in your BD, or do form where you can register to the usuarios with your respective city and at the end to consult it you can do it with a query tying the two that I think is the easiest.

 $query= "SELECT c.cv_ciudad, c.nombres, c.habitantes, u.cv_usuario FROM  cv_ciudad c, cv_usuario u WHERE c.cv_ciudad=u.cv_ciudad";

score -1 · Answer 3

-1

if ($ _ GET ['varname'] == $ _SESSION ['varname']) { process } else { does not process } although I did not understand much that data saved in the session:)

answered by 16.08.2018 в 16:03