if statement

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jamrop
Forum Commoner
Posts: 80
Joined: Fri May 16, 2003 5:38 pm

if statement

Post by jamrop »

Hey

I am trying to make some code so that only the admin can make changes to certain parts of the database. FOr example i have called the admin username david. Trying to make an if statement to say that if the username is called david go ahead with the changes, but if not , message saying not allowed. I am using session

the code

Code: Select all

<?php


//start the session
session_start();
header("Cache-control: private"); //IE 6 Fix 
 

//check to make sure the session variable is registered
if(session_is_registered('username')){

//the session variable is registered, the user is allowed to see anything that follows

echo "Welcome, you are still logged in '$username'.";

}
else{

//the session variable isn't registered, send them back to the login page
header( "Location: login.php" );
}
if ('$username' != "david") {

echo "You are not authorised to make changes to the database";
} else {
$db =mysql_connect("","", "");
mysql_select_db("",$db) or die ("cannot connect to database");
$query = "INSERT INTO cars(make, engine,year,des,mot,price)
VALUES('".$_POST['make']."','".$_POST['engine']."','".$_POST['year']."','".$_POST['des']."'
,'".$_POST['mot']."','".$_POST['price']."')" ;
mysql_query($query);
}

?>
It just seems to ignore the if statment and keeps saying the message, "You are not authorised to make changes to the database"

Any help?

many thanks
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

Make it so:

If the user IS david, allow. Else, buzz off.


It's so much easier I think that way.
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

Code: Select all

<?php
if ($username == "david") { 
   $db =mysql_connect("","", "");  
   mysql_select_db("",$db) or die ("cannot connect to database"); 
   $query = "INSERT INTO cars(make, engine,year,des,mot,price) 
   VALUES('".$_POST['make']."','".$_POST['engine']."','".$_POST      ['year']."','".$_POST['des']."' 
   ,'".$_POST['mot']."','".$_POST['price']."')" ; 
   mysql_query($query); 
} else { 
   echo "You are not authorised to make changes to the database"; 
    exit; // <-- this is optional
} 
?>
jamrop
Forum Commoner
Posts: 80
Joined: Fri May 16, 2003 5:38 pm

Post by jamrop »

hey


tried it, but still saying the same thing
jamrop
Forum Commoner
Posts: 80
Joined: Fri May 16, 2003 5:38 pm

Post by jamrop »

hey

solved it

cause it should have been $username not '$username'

thanks for your help
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

not just that, but if you use look for equality or inequality, use == and !== respectively. = and != are for setting. (well i know = is and i think != might in php. i was told not to use it and that's the only reason that makes logical sense)
bionicdonkey
Forum Contributor
Posts: 132
Joined: Fri Jan 31, 2003 2:28 am
Location: Sydney, Australia
Contact:

Post by bionicdonkey »

!= is a comparision operator not an assignment operator
Post Reply