I created a simple message system. registered user can write, view/read messages. I am having trouble when it comes in viewing messages. It view all the messages in database.
On my inbox.php -> can read/reply message. The link of every messages have a variable to get the specific message id. example: www.web.com/user/message.php?message_id=1234
Now when the link was loaded. It will load the messages/replies. I use this code to get the value of message_id. $message_id= intval($_GET['message_id']);
Unfortunately if I removed/change the value of message_id on the link (ex.www.web.com/user/message.php?message_id=) It load all the messages of users.
Here is the code I used as well as my database structure.
On my database Parent Post Id are those 'message_parent_post_id' = '0'; If it is a Children post, the column 'message_parent_post_id' should equal to the Parent Post Id.
if($message_id= intval($_GET['message_id'])){
$sql = "SELECT * FROM tblmessage WHERE message_id= '{$message_id}'";
$the_message = db::select_row($sql);//For ParentPostid#
$message_post_id = $the_message ['message_id']; }
//To load message, here is the problem
View first message (The parent post)
<?=date('M d, Y h:m a',strtotime($the_message ['message_date_added']))?>
<br />
<? echo nl2br($the_message ['message_message'])?>
View The Replies (Child posts)
<? $sql = "SELECT * FROM tblmessage WHERE message_parent_post_id = '{$message_post_id}' ORDER BY message_date_added DESC";?>
<? $u_message = db::select($sql); ?> //children posts
<? foreach ($u_message as $messages){ ?>
<?=date('M d, Y h:m a',strtotime($messages['message_date_added']))?><br />
<?=nl2br($messages['message_message'])?>
What I would like here is not to change the database structure yet the changes should be on my code. I would like to view the message of specific user securely.