• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Updating Data, Getting User ID?

#1
[eluser]scm22ri[/eluser]
Hi Everyone,

I wrote syntax allowing my users to update their user information but I'm having a problem. For testing purposes I hard-coded the user_id of 24 into my syntax but I want that user_id to be dynamic. My question is, how would I get my users ID? The below syntax works (I haven't added form validation but I soon will) when it comes to updating user data I have to dynamically get their ID. Looking at the below snytax how would I go about doing that? Thanks everyone.

My Controller

Code:
public function update_records(){
    
  $now = date("Y-m-d H:i:s");
  
  $form_data = array(
  'business' => $this->input->post('business'),
  'user_id' => $this->input->post('user_id'),
  'address' => $this->input->post('address'),
  'state' => $this->input->post('state'),
  'city' => $this->input->post('city'),
  'zip' => $this->input->post('zip'),
  'phone' => $this->input->post('phone'),
  'website' => $this->input->post('website'),
  'email' => $this->input->post('email'),
  'name' => $this->input->post('name'),
  'time' => $now
  );
  
  $this->load->model('Change_data');
  $this->Change_data->update_function_three($form_data);

My Model

Code:
function update_function_three($formdata){
// How would I make '24' dynamic?  
$this->db->where('user_id', '24');
$this->db->update('business',$formdata);
}

#2
[eluser]CroNiX[/eluser]
Code:
$this->db->where('user_id', $formdata['user_id']);
?

#3
[eluser]scm22ri[/eluser]
That's grand. It's working great, thanks

#4
[eluser]CroNiX[/eluser]
Just a security concern with that, which may or may not apply to you. If you are passing along the user_id in your form and using that to update your records, it means that anyone with access to that form can change that user_id value in the form and overwrite stuff they may not, or should not, have permission for.

If you are using some sort of authentication where you are logging people in and storing the current user's data in session, I would use that data for retrieving the current users user_id instead of passing it around in a form, unless it doesn't apply to your case. All form/post values can be manipulated by the user using the browsers javascript console, among other ways, before submitting the form.

#5
[eluser]scm22ri[/eluser]
Thanks for the reply. I'm making sure the user logs into their account first before submitting information via forms that I have on my website. This is how I'm getting the users ID

Code:
$userid = $this->session->userdata('id');

I'm assuming this is relatively safe?

#6
[eluser]CroNiX[/eluser]
Then you'd probably want to use that session value instead of $formdata['user_id'] for the WHERE in the code I provided. This way they can't alter it on the form, so it would be more secure. I also then wouldn't pass user_id in the form at all, because you are currently including it in your update data, and the ID wouldn't change anywhere since you are using it in your WHERE for the update.

Either that or don't include it in your formdata that you send to the model for update.
Code:
$form_data = array(
//...
'user_id' => $this->input->post('user_id'),  //remove
);

#7
[eluser]scm22ri[/eluser]
Hi,

Thanks for your reply but I'm a little confused. If I don't pass the user_id in the form then how would the correct information in the database be updated? If I'm user "24", I only want user ID's 24 information to be updated.

Also, when you say "session value" do you mean the session ID?

Code:
$sessionid = $this->session->userdata('session_id');
(When I echo out the $sessionid every few minutes I get a new very long number. Is this number unique to the user? Can this information be passed into my user_id field? Please advise.)

What am I doing wrong? Thanks

My new function would look something like this

Code:
public function update_records(){
    
  $now = date("Y-m-d H:i:s");
  
  $form_data = array(
  'business' => $this->input->post('business'),
  // 'user_id' => $this->input->post('user_id'),
  'address' => $this->input->post('address'),
  'state' => $this->input->post('state'),
  'city' => $this->input->post('city'),
  'zip' => $this->input->post('zip'),
  'phone' => $this->input->post('phone'),
  'website' => $this->input->post('website'),
  'email' => $this->input->post('email'),
  'name' => $this->input->post('name'),
  'time' => $now
  );
  
  $this->load->model('Change_data');
  $this->Change_data->update_function_three($form_data);

My new model

Code:
function update_function_three($formdata){
// This isn't working
$this->db->where('user_id',$sessionid );
$this->db->update('business',$formdata);
}

#8
[eluser]scm22ri[/eluser]
Hi Everyone,

I just figured this out. It was fairly straightforward.

I took the below code and saved my user_id into a session.
Code:
$userid = $this->session->userdata('id');
$this->session->set_userdata('user_id', $userid);

I then inserted the session variable this way. It works!
Code:
$this->db->where('user_id', $this->session->userdata('user_id'));


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.