i have a messaging system and it works fine but i have it so when its read it mysql_querys and sets read to 1. so that way in futer you can tell if its opend. it does not update here is the script for viewing the message where its suppose to update. THANKS
<?php
session_start();
require "../scripts/connect_to_mysql.php";
if (isset($_SESSION['id'])){
$touser = $_SESSION['id'];
}
elseif (!isset($_SESSION['id'])){
header('location: http://www.stat-me.com');
}
$id = $_GET['id'];
$memberfirstname = $_SESSION['firstname'];
if(!isset($id)) {
header('location: inbox.php');
}
elseif(isset($id)) {
mysql_query("UPDATE pms SET read='1' WHERE id='$id'");
$grab_pm = mysql_query("SELECT * FROM pms WHERE touser = '$touser' AND id = '$id'");
while($r= mysql_fetch_object($grab_pm)) {
$subject = $r->subject;
$message = $r->message;
$fro开发者_JAVA百科muser = $r->fromuser;
$datesent = $r->datesent;
$read = $r->read;
}
}
?>
It's not entirely clear if the id field is an INT but I'm guessing so, in which case fix the code as follows (remove the single quotes around $id):
mysql_query("UPDATE pms SET read='1' WHERE id=$id");
$grab_pm = mysql_query("SELECT * FROM pms WHERE touser = $touser AND id = $id");
Also be sure to escape your GET variables, e.g.
$id = mysql_real_escape_string($_GET['id']) ;
EDIT: also take single quotes around $touser above
Change your queries to
mysql_query("UPDATE pms SET read='1' WHERE id=".$id);
$grab_pm = mysql_query("SELECT * FROM pms WHERE touser = ".$touser." AND id = ".$id);
INT datatypes come without double quotes, enums depend on their content (so if you inserted '1' and '0' in example, delete the quotes around '1', if otherwise, keep them).
精彩评论