Here is the code to check if the contact_id is present in the pool of particular user's pool
function checkid()
{
$conn = connectPDO();
$query = "SELECT contact_id FROM contacts WHERE contact_by = :cby";
$st = $conn->prepare( $query );
$st->bindValue( ':cby', $this->contact_by, PDO::PARAM_INT );
$st->execute();
$row = $st->fetchALL();
$conn = null;
print_r($this->contact_id); //1
print_r($row); //Array ( [0] => Array ( [contact_id] => 1 [0] => 1 ) [1] => Array ( [contact_id] => 3 [0] => 3 ) )
if( !in_array( $this->contact_id, $row ))
{
echo 'You are not authorised to update the details of this contact';
}
}
Here is the url:
http://localhost/contmanager/home.php?action=update&contactid=1
One thing i noticed is that, when i use fetch instead of fetchall, it works fine for contact_id '1' but fails when using fetchALL.
in_array not works for multidimentional array's, A workaroud will be:
foreach( $row as $each ){ #collect all the ids in an array
$temp[] = $each['contact_id'];
}
Then check for in_array:
if( !in_array( $this->contact_id, $temp )){
//your code here
}
use this function for multidimentional array's :
function in_multiarray($elem, $array)
{
$top = sizeof($array) - 1;
$bottom = 0;
while($bottom <= $top)
{
if($array[$bottom] == $elem)
return true;
else
if(is_array($array[$bottom]))
if(in_multiarray($elem, ($array[$bottom])))
return true;
$bottom++;
}
return false;
}
example :
$array = array( array( 'contact_id' => '1' , 1 ) , array( 'contact_id' => '3' , 3 ) );
var_dump( in_multiarray( 1 , $array ) );