Can't retrieve admin status from SQL retrieval.

[sabinmash]

Hi all!  I am trying to get an admin status ("y" or "n" to be retieved from an SQL select.  I do so in the following function:

 

function get_admin_status($username) {
   // query database for the name for a category id
   $conn = db_connect();
   
   $result = $conn->query("select admin from user
             where username='".$username."'");

   $result = @$conn->query($query);
   
   if (!$result) {
     return false;
   }
   $num_cats = @$result->num_rows;
   if ($num_cats == 0) {
      return false;
   }
   $row = $result->fetch_object();
   return $row->admin;
}

 

 

I then utilize this function in another file in the following code.  However, the adminhome.php page never loads.  It always goes to "survey1.php" .  I'm not sure why this is happening.  Any help would be appreciated.  Thanks for you time!

 

if ($username && $password) {
// they have just tried logging in
login($username, $password);
	$admin = get_admin_status($username);
	if($admin == "y"){
		header("Location: adminhome.php");
	}
	else{
		//login($username, $password);
		// if they are in the database register the user id
		$_SESSION['valid_user'] = $username;
		$_SESSION['admin'] = $admin;			
		header("Location: survey1.php");
	}

[freelance84]

 

Well it goes there if($admin != "y"){...

 

So have you checked that the value in your db is correct?

 

try echo $admin to the screen to double check the value is what you expect it to be.

[sabinmash]

Yes the admin value of the user I am using is "y". 

 

These things are all in php files that essential just process things between pages that output.

This is why i have 

$_SESSION['valid_user'] = $username;
		$_SESSION['admin'] = $admin;

in there.  There is a session start not shown about these session variable assignements, and the session continues to survey1.php, where i then print $_SESSION['valid_user'] and $_SESSION['admin']  only only the valid user variable prints anything.  Because I am getting the valid user value from a form, and the admin status I am getting from an SQL select, I cannot just copy what I did to get the valid user session variable.

[freelance84]

 

if ($username && $password) {
// they have just tried logging in
login($username, $password);
	$admin = get_admin_status($username);
          echo $admin;
exit();

 

So if you echo $admin then exit the script as above the output is definitely 'y'? And you have checked this.

 

If it is then your script should go to adminhome.php.

 

Try it and see what the output is.

[kicken]

   if (!$result) {
     return false;
   }
   $num_cats = @$result->num_rows;
   if ($num_cats == 0) {
      return false;
   }
   $row = $result->fetch_object();
   return $row->admin;
}

 

The num rows check is not really necessary.  Also, do not use the @ operator.  It hides any errors which 99% of the time you do not want to do.  Configure your script to log errors to a file rather than display them to the screen if necessary, do not just hide them all together.

 

   $result = $conn->query($query);
   if (!$result || !($row = $result->fetch_object())) {
     return false;
   }
   
   return $row->admin;

 

 

Do as suggested, dump the value of $admin and exit the script so you can see it.  Just because your script is supposed to redirect doesn't mean it has to while you debug.  Just have it print debug info and die.  var_dump() can be better than a direct echo as it will also show things like null/false more clearly

 

[sabinmash]

OK, done as told.  It's returning "bool(false)"  But the SQL select looks ok.  I'm not sure why it's not selecting.

 

The db_connect() function works in another page, and I get no connection error.

 

Also, what did moving "$row = $result->fetch_object()"  into the if statement do?  (And I take it I am supposed to change it to "$row =="?)  Once I do this, it still dumps "NULL".

 

function get_admin_status($username) {
   // query database for the name for the user's admin status
   $conn = db_connect();
   
   $result = $conn->query("select admin from user
             where username='".$username."'");
   
   if (!$result || $row == $result->fetch_object()) {
     return false;
   }
   
   return $row->admin;
}

[sabinmash]

So it works now when i comment out:

$result = @$conn->query($query);

 

and when I delete $row = $result->fetch_object() , (with or without the "==") from

if (!$result || $row = $result->fetch_object()) {

 

The now working function looks like this:

function get_admin_status($username) {
   // query database for the name for the user's admin status
   $conn = db_connect();
   
   $result = $conn->query("SELECT admin FROM user WHERE username = '".$username."'");

   //$result = @$conn->query($query);
   
   if (!$result) {
     return false;
   }
   $row = $result->fetch_object();
   return $row->admin;
}

 

Is there any way I can make this better?  Best practices I am missthing?

 

Thanks again for your time.

[kicken]

 

Also, what did moving "$row = $result->fetch_object()"  into the if statement do?

 

It just removes what is an unnecessary check. fetch_object would return false in the case of no rows, there's no need to have a separate check for num rows=0

 

(And I take it I am supposed to change it to "$row =="?)

No, you want =, not ==.

 

The way the condition would read is:

if $result is false (ie, query failed ) or the return value of fetch_object (which gets stored in $row) is false (ie, no rows) then return false.

 

The !$result is evaluated first, if it is true then the if is run and the function returns false.

If $result is ok, then PHP will execute the ($row=$result->fetch_row()) part, which will get the first row and assign it to $row

Then PHP tests if the result of that operation is false (the preceding !) and run the if causing the function to return false.