2. PHPRunner General questions
  3. [SOLVED] Security
This topic is locked
[SOLVED]

Security

 		4/12/2022 1:39:59 PM
PHPRunner General questions
S
 Steve Seymour author

I have been using PHP runner since version 10.2, I have always had to code the security detail "Users can see their own data only" by adding a where clause to the SQL. I have never had this option work via the security options. I have it set up correctly with an ID for each user, and a field in the main table that uses that user id to restrict it to that user, but its never worked.

I have always had to add my own where clause in the before SQL .... where uuid = userid

uuid (unique user id) in the main table
userid the users id

Has anyone else ever used the official security option and have it work ?
Sergey Kornilov admin 4/19/2022

This feature works for everyone since it was implemented a long tme ago. There must be something specific to your database or project settings. There are many ways to break this functionality i.e. it won't work if datatypes of link fields do not match, varchar vs integer or varchar versus char etc. You can always enable SQL debugging to see the exact SQL query being executed and have a better understanding of why something doesn't work.
S
 		Steve Seymour author 4/20/2022

Cheers, Both fields are of type int. I'll have a look at SQL debugging - something I've never done to date.
fhumanes 4/20/2022

To debug SQL and optimize access to MySQL, read this article:

https://fhumanes.com/blog/guias-desarrollo/guia-12-phprunner-optimizar-accesos-a-mysql/

Greetings,
fernando
S
 		Steve Seymour author 4/20/2022

Thank you. After enabling SQL debugging I see very complex SQL statements that cannot easily be deciphered. I will have a look at downloading MYSQL Workbench.
As the "functionality works for everyone since it was implemented", I understand It must be specific to my project. I have overcome the problem with my own where clause, but its useful to know that the function works so I can now determine where and why my project manages to break it.

Regards
Steve.