Topic: PHP Code Help Admin check (Read 113 times)

devangel · « **on:** March 17, 2010, 02:42:50 PM »

hey guys, i got this in an include file (leftbar) with the query in my config file.

i try to run this little code but its not working, its suppose to show you an admin panel if it works .

any help?

DWilliams · « **Reply #1 on:** March 17, 2010, 02:45:06 PM »

Quote from: devangel on March 17, 2010, 02:42:50 PM

any help?

Not without seeing the code in question, my crystal ball is overheated.

devangel · « **Reply #2 on:** March 17, 2010, 03:02:56 PM »

never mind about that one guys, stuck on this:

im trying to make an array to store all my users info so i can display it.

$data = mysql_query("SELECT * FROM users where userid="$_SESSION['SESS_USERID']) or die(mysql_error());
$usr = mysql_fetch_array( $data );

this is my code so far. i can pull info from the database, but i edited it with "where userid=$_SESSION['SESS_USERID']}"
to get the users id from my session.

but it still doesn't work, this code is located in my config file so i can reference it onto other files.

JD* · « **Reply #3 on:** March 17, 2010, 03:07:25 PM »

Did you try to echo out the sql statement? Do that and see what is being filled in for your session value, and then copy/paste that into your MySQL interface and see if you get results.

Right now, from your statement, I see that you may want to try and escape your "" and that you aren't ending the last quote correctly:
mysql_query("SELECT * FROM users where userid="$_SESSION['SESS_USERID'])
to
mysql_query("SELECT * FROM users WHERE userid = '".$_SESSION['SESS_USERID']."'")

devangel · « **Reply #4 on:** March 17, 2010, 06:03:34 PM »

tried that:

$data = mysql_query("SELECT * FROM users WHERE userid = '".$_SESSION['SESS_USERID']."'")) or die(mysql_error());
$usr = mysql_fetch_array( $data );

and got this parse error:

Parse error: parse error in C:\wamp\www\hero\game\includes\config.php on line 43

which is clean

function clean($str)
{
if (is_numeric($str)) $str=floor($str);
$cleaned=strip_tags($str);
$cleaned=htmlspecialchars($cleaned);
$cleaned=mysql_real_escape_string($cleaned);
$to_clean=array("%20", "\"", "'", "\\", "=", ";", ":"); <-- 43
$cleaned=str_replace($to_clean, "", $cleaned);
return $cleaned;
}

JD* · « **Reply #5 on:** March 17, 2010, 08:05:53 PM »

$data = mysql_query("SELECT * FROM users WHERE userid = '".$_SESSION['SESS_USERID']."'")) or die(mysql_error());

extra ) at the end of your query (before the "or die") part. Did you try to echo out the whole query (ie, between the $data =... and the $user =... you put a die($data)

and see if it successfully executes in MySQL?

News:

Author Topic: PHP Code Help Admin check (Read 113 times)

devangel

PHP Code Help Admin check

DWilliams

Re: PHP Code Help Admin check

devangel

Re: PHP Code Help Admin check

JD*

Re: PHP Code Help Admin check

devangel

Re: PHP Code Help Admin check

JD*

Re: PHP Code Help Admin check

PHP Freaks Forums