1

I have been working on the header recently. Now I'm end up to create some likes button like Facebook do.

I'm following the PHPacademy on Youtube. The one who's called Alex is really awesome to share what his idea is.

The problem is, I can't show the user name and the product name which to be liked

This is my query:

function plus_the_like($meal_id) {
    $meal_id = (int)$meal_id;
    $user_name = mysql_query("SELECT `fullname` FROM `users` WHERE `user_id` = (".$_SESSION['user_id'].")");
    mysql_query("UPDATE `meal` SET `likes_meter` = `likes_meter` + 1 WHERE `meal_id` = $meal_id");
    mysql_query("INSERT INTO `likes` (`user_id`,`user_name`, `meal_id`) VALUES (".$_SESSION['user_id'].", $user_name, $meal_id)") or  die(mysql_error());
}

I know what I am doing wrong just on my query, but ahh... When I'm using the SQL in MySQL all works so well:

SELECT `fullname` FROM `users` WHERE `user_id` = 1

And that query can show me what is the username with the user_id 1 I hope that I can put that username from users table into likes table

pirho
  • 11,565
  • 12
  • 43
  • 70
Obink
  • 229
  • 2
  • 13
  • **warning** your code maybe vulnerable to sql injection attacks! – Daniel A. White Sep 13 '13 at 16:02
  • 3
    If this tutorial is teaching you `mysql_query` and isn't teaching you [proper escaping practices](http://bobby-tables.com/), stop watching it now before you develop some *seriously* bad habits. Learning to develop web sites from the ground up like this is not a very good way to get started, it's way too low-level. A better way to learn is to try out a [popular PHP framework](http://codegeekz.com/best-php-frameworks-for-developers/) and follow along with the framework's conventions instead of having to invent your own way of doing it. – tadman Sep 13 '13 at 16:03
  • @halfer This query may not have a problem, it depends on the way he retrieves and sets the session data. However, it is still good practice to be doing things properly all the time, so you are less likely to forget to do it in a situation that actually matters. – Justin Wood Sep 13 '13 at 16:18
  • @DanielA.White woo wooo woo, wait... what did u mean? u mean, somebody else can get rid of my website? – Obink Sep 13 '13 at 18:27
  • @tadman thanks for your concern, but i just trying to understand php... i will take a look at your post.. hehehe.... a lot of thanks anyway :D – Obink Sep 13 '13 at 18:29
  • @halfer i'm sorry halfer but i don't get u.. can u explain it to me more specific? i'm sorry to bother you... – Obink Sep 13 '13 at 18:32
  • @JustinWood thx for following this question justin :) – Obink Sep 13 '13 at 18:33

1 Answers1

2

Here is what you should be doing.

You have a users table with the following information

id - this is a unique ID of the user, this should be marked as a primary key. Auto incrementing.

Keep whatever else information you want on the user, possibly name, email, etc.

You have an articles table (or whatever your likes are based off of. id - this is a unique ID of the article, this should be marked as a primary key. Auto incrementing.

Store whatever information you want on your articles, or your items in a store or whatever it is you want to "like".

You have a likes table. id - this is a unique ID of the like, this should be marked as a primary key. Auto incrementing. user_id - this is a unique ID of your user that clicked the like button, should be marked as a foreign key. article_id - this is a unique ID of your article that was "liked", should be marked as a foreign key.

With this, whenever a user "likes" an article, you would have a query like

INSERT INTO likes (user_id, article_id) VALUES (:userID, :articleID);

and to count the number of likes on a given article, you would do something like

SELECT count (user_id) FROM likes WHERE article_id = :articleID;

This will allow you to track how many likes for each article, as well as what each user liked. Potentially, you could eventually suggest things to users based on what they have liked. Though, that is a lot more work to do.

This is a very basic version of what you are attempting to accomplish. As people in the comments have said, look into properly sanitizing your database input. If nothing else, at least change to my_sqli_* if you do not have PDO access. PDO is the suggested way to go though, if you are not going to use a framework that gives you all of this.

Justin Wood
  • 9,941
  • 2
  • 33
  • 46
  • If you want to carrot-and-stick people to use PDO, which is probably a great idea, give your answer in PDO format. – tadman Sep 13 '13 at 16:36
  • 1
    I technically didn't give it on any format, I gave pure sql, with PHP style variables so people would recognize them. – Justin Wood Sep 13 '13 at 16:38
  • You do have stuff like `$articleID` right in the query which does promote the very habits you're warning people against. `:articleID` or simply `?` would suffice. – tadman Sep 13 '13 at 16:51
  • @JustinWood i know where is the primary key on each table that i made... but can you describe me about the insert? this is cause me a problem when i trying to `insert` a name of the user into the `likes table` for record – Obink Sep 13 '13 at 18:39
  • You don't want to insert the name of the user into the table. You want to insert the users unique ID into the `likes` table. This is to identify the user, even if they change their name in the future. – Justin Wood Sep 13 '13 at 18:45
  • ow i see... so the point is i can't insert the name of the user into the `likes table` right? ya that make sense, if they have to change the name and the record should be a fatal error, isn't it? – Obink Sep 13 '13 at 18:48
  • The point of the `id` field in the `users` table is to give the user a unique identifier that can be used in place of any other information on that user. So, because it is guaranteed to be unique, you should be using that when referencing the user anywhere in your application. Take my name as an example. I am not likely to be the only Justin Wood on Stack Overflow, so, to access my profile, you would use my ID, `773228` similarly, you should reference your users by the UNIQUE identifier. – Justin Wood Sep 13 '13 at 18:52