Member Avatar for nadiam

So i have this web page to book a studio and on the page there are two tables. one table is a form to book the studio(time,date,etc) and the other table i plan to display other data that is already in the database. the thing is in the second table i want to have a change and delete button but those buttons are only available for the data that was entered by the same user only. for example user A and B has previously booked the studio for diff times and date. lets say user B has logged in and sees the second table, user B can see time,date etc that user A has booked but the change and delete button is not available for user B whereas the data user B had previously keyed is available to be changed and be deleted, as in the buttons are available. how do i do this? i know theres php and mysql coding like alter and update involved but i dont know how to go about putting it all together.

i hope ive explained what i want properly. if not, sorry and if u need more clarification just ask.
thanks in advance for any ideas or suggestions.

  • 3 Contributors
  • 4 Replies
  • 201 Views
  • 6 Days Discussion Span
  • Latest Post Latest Post by diafol

Recommended Answers

All 4 Replies

Member Avatar for diafol

I coded something like this myself a few years ago for a school. Minibus and computer room bookings. It's quite straightforward really, you need to get the tables right though.

user

user_id
username
pw...(etc)

room

room_id
label
location

bookings

book_id
user_id
room_id
from
to

As you have a user_id in your bookings table, you can ensure that only the booker can delete or update his/her reservation. So, you'll need a login and store the user_id in a session variable and compare that to each booking record in a list. Matches provide buttons, non-matches do not.

Member Avatar for fheppell

This will involve quite a bit of code so I'll walk you through it.

  1. When the delete button is pressed, somehow send the row to be changed.
  2. Check if the user has authority to do so - if the username of the creator is the same as the person who is trying to delete ot change it let them, otherwise send an error message
  3. If they're changing display a form with the current data prefilled and a save button. When saved update the information and return the user to the main page.
  4. If the row is to be deleted, use the SQL REMOVE syntax to remove the row

One massive thing: Even if you only selectivley show the button, ALWAYS check anyway if the user has authority. These things can be very easily hacked and it literally takes 2 lines of code to check. It's worth it!

Member Avatar for nadiam

thanks for the info guys. and i was just helping a friend out, that's why the lack of coding.

Member Avatar for diafol

So solved?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.