Here is the code to check if the contact_id is present in the pool of particular user's pool
function checkid()
{
$conn = connectPDO();
$query = "SELECT contact_id FROM contacts WHERE contact_by = :cby";
$st = $conn->prepare( $query );
$st->bindValue( ':cby', $this->contact_by, PDO::PARAM_INT );
$st->execute();
$row = $st->fetchALL();
$conn = null;
print_r($this->contact_id); //1
print_r($row); //Array ( [0] => Array ( [contact_id] => 1 [0] => 1 ) [1] => Array ( [contact_id] => 3 [0] => 3 ) )
if( !in_array( $this->contact_id, $row ))
{
echo 'You are not authorised to update the details of this contact';
}
}
Here is the url:
http://localhost/contmanager/home.php?action=update&contactid=1
One thing i noticed is that, when i use fetch instead of fetchall, it works fine for contact_id '1' but fails when using fetchALL.