php - Best Way To Show User Their Photo -


okay wondering best way show user own photo , if way safe or should change.

url: 

http://localhost/project/everyone/myphoto.php?num=2

php code:

$user_id = $_session['user_id'];  if (isset($_get['num'])) {     $num = $_get['num'];      if ($stmt = $dbconn->prepare("select 1 t_photos id ='$num' , user_id ='$user_id' limit 1")) {         $stmt->execute();         $stmt->store_result();          $rows = $stmt->num_rows;         if ($rows === 1) {             $stmt = $dbconn->prepare("select url,uploaddate t_photos id = ?");         $stmt->bind_param('i', $num); // bind "$email" parameter.         $stmt->execute(); // execute prepared query.         $stmt->store_result();         $stmt->bind_result($photopath, $uploadtime); // variables result.         $stmt->fetch();         } else {             $error2 = "error 2 fuck";             require 'notfound.php';             die();         }     } }

html & php code :

<div id="pathwrap">     <div class="photowrap">         <?php if (isset($photopath)) {         echo '<img src="' . $photopath . '">';         } ?>     </div> </div>

this how pdo , exception style:

function requestcurrentuserphoto(){ if( !isset($_get['num']) ){     throw new exception('bad request. generated link missing prop num.'); } if( !isset($_session['user_id']) ){     throw new exception('bad request. generated link linked guest.'); } $sth = $dbh->prepare('select url,uploaddate t_photos id = :id , user_id = :user_id limit 1'); $sth->execute(array(     ':id' => (int) $_get['num'],     ':user_id' => (int) $_session['user_id'] )); $result = $sth->fetch(pdo::fetch_assoc); if( $result === false ){     throw new exception('bad request. generated link linked non-existence photo or unauthorized user.'); } //optional... if( empty($result['url']) || empty($result['uploaddate']) ){     throw new exception('bad database table row. there invalid photo row in t_photos'); } return $result; }

this code should safe. , should check if code related got errors.


Comments

Post a Comment

Popular posts from this blog

java.util.scanner - How to read and add only numbers to array from a text file -

i'm learning java , have question regarding reading file want read numbers file contains strings well. here example of file: 66.56 "3 java 3-43 5-42 2.1 1 and here coding: public class test { public static void main (string [] args){ if (0 < args.length) { file x = new file(args[0]); try{ scanner in = new scanner( new fileinputstream(x)); arraylist<double> test = new arraylist<>(); while(in.hasnext()){ if(in.hasnextdouble()){ double f=in.nextdouble(); test.add(f);} else {in.next();} } catch(ioexception e) { system.err.println("exception during reading: " + e); } } my problem add 66.56,2.1 , 1 doesn't add 3 after "3 or ignores 3-43 , 5-42 can tell me how skip strings , add doubles here? thanks all said 3 ie; "3, 3-43 , 4-42 strings either u read string , split , check number @ " , - or put in space between characters , integers. jvm after compilation tre
Read more

rewrite - Trouble with Wordpress multiple custom querystrings -

i'm working on adding multiple querystring , doesn't seem work. i've found codes seems work others might i'm missing something. i want like: http://mydomain.com/board/?getyear=2013&getsometext2=sometext to http://mydomain.com/board/2013/sometext/ i added code below functions.php file. doesn't seem work should though. this works. echoing querystring gets both variable without problem. http://mydomain.com/board/2013/sometext/ but doesn't. tested querystring vis isset() seems nothing being set/get http://mydomain.com/board/2013/ function add_query_vars($vars) { $vars[] = "getyear"; $vars[] = "getsometext2"; return $vars; } add_filter('query_vars', 'add_query_vars'); function add_rewrite_rules($arules) { $anewrules = array('board/([^/]+)/([^/]+)/?$' => 'index.php?pagename=board&getyear=$matches[1]&getsometext2=$matches[2]'); $arules = $a
Read more

php - Accessing static methods using newly created $obj or using class Name -

see class definition below: i using 5.3.9 version of php class a{ static function ab(){ echo "static function ab<br>"; } public function xy(){ echo "public function xy<br>"; } } $obj = new a(); $obj->ab(); a::ab(); both functions call give same output without error static function ab static function ab how possible static method can called class object? because static method calls using class name only?! now difference between accessing these 2 ways call static method ? referring php.net website declaring class properties or methods static makes them accessible without needing instantiation of class. property declared static can not accessed instantiated class object (though static method can). a big difference is because static methods callable without instance of object created, pseudo-variable $this not available inside method declared static. refer page php.net/manual/en/
Read more