Jump to content

Check MySql entry help


Drewdle

Recommended Posts

I tried adding a group field to my user table so I can show different content to different users but when I do the check and then if/else the required info it doesn't seem to do it.

 

I think I've got a mistake in my query:

<?php include ('header.php'); ?>
</center>
<?php
$username = mysql_real_escape_string($_POST['username']);

$checkadmin = mysql_query("SELECT Group FROM users WHERE Username = '".$username."'");

if('$checkadmin' == GroupA)
{
?>
Welcome Admin!
<?php
}
else
{
?>
You are not authorised.
<?php
}
include ('footer.php') ?>

 

Whats wrong with it?

 

Cheers.

Link to comment
Share on other sites

A few things. Firstly variables are not interpolated within single quotes, so '$checkadmin' is simply a string. Secondly, strings need to be surrounded by quotes, so GroupA will likley be an undefined constant.

 

Thirdly, mysql_query returns a result resource, this needs to be passed to one of the mysql_fetch_* functions in order to retrieve any actual data. See mysql_fetch_assoc.

 

Fourthly, why not simply query for the data you want in the first place?

 

Lastly, you have no error handling at all.

 

<?php

if (isset($_POST['username'])) {

  $username = mysql_real_escape_string($_POST['username']);

  if ($result = mysql_query("SELECT Group FROM users WHERE Username = '$username' && Group = 'GroupA' LIMIT 1")) {
    if (mysql_num_rows($result)) {
      echo "Welcome Admin!";
    } else {
      echo "You are not authorised.";
    }
  }
}

Link to comment
Share on other sites

OK I think I fixed the previous error:

<?php include ('header.php'); ?>
</center>
<div class=content>
<?php
$username = $_SESSION['Username'];

$checkadmin = mysql_query("SELECT 'Group' FROM users WHERE '$username' = Username")or die ('Error: '.mysql_error ());
$field = mysql_fetch_assoc($checkadmin);
if ($field == "Admin")
{
?>
Welcome Admin!
<?php
}
else
{
?>
You are not authorised.
</div>
<?php
}
include ('footer.php') ?>

 

Only problem is it outputs the query as Group instead of Admin so the if statement wont work?

 

I run the query in phpMyAdmin and it worked, showing me the Group column and the field entry 'Group' however the field entry should be Admin, it is when I check it in Browse...?

 

Link to comment
Share on other sites

I apologise I did not use the horizontal scroll bar, or rather didn't see it.

 

I've changed it to your version and it just outputs 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Group = 'GroupA' LIMIT 0, 30' at line 1

 

My database is set up as follows:

 

id  |  username  |    group    |    email  |

----------------------------------------------------

1  |      name      |    GroupA  |    a@a  |

 

Basically what I want is to check the user is in GroupA and display the page or show them an access denied message.

 

Am I even going about it the right way?

 

(sorry for seeming bit dumb I haven't quite grasped queries properly)

Link to comment
Share on other sites

<?php

if (isset($_POST['username'])) {

  $username = mysql_real_escape_string($_POST['username']);

  if ($result = mysql_query("SELECT group FROM users WHERE username = '$username' && group = 'GroupA' LIMIT 1")) {
    if (mysql_num_rows($result)) {
      echo "Welcome Admin!";
    } else {
      echo "You are not authorised.";
    }
  }
}

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.