Page 1 of 1

passing variables ...

Posted: Sun Feb 29, 2004 6:13 pm
by HormonX
I have this problem and am sure how to aproach it. The problem is ... i have user login to a secure page where the menu is dynamicaly created according to users status. When i log in the menu is there and it works just fine but later when i use one of the links, after the page refreshes menu disappears. This is what i get;


Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home/polonia/public_html/sindex.php on line 78

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/polonia/public_html/sindex.php on line 83


Am sure it has something to do with some variables not being passed. Can some one help me how to pass variables while being loged in. How do i decalre global variables , do you think that would help ?

I really need help .... any suggestion is apreciated.

Greg

Posted: Sun Feb 29, 2004 7:08 pm
by andre_c
How are you passing the variables? through session? query string? can you post some of the code?

Alvaro

Posted: Sun Feb 29, 2004 9:44 pm
by HormonX
here is the code,

I hope i have not missed anything ... i have cut most of the html ... but all the php code is here :)

This is index.php where the authentication is being performed


PHP:
--------------------------------------------------------------------------------

Code: Select all

<? 
session_start(); 


if ($login && $password) 
{ 
    include('connect.php'); 
    $query = "SELECT * FROM sec_auth WHERE login='$login' and pass='$password'"; 
    $result = mysql_query( $query, $link ); 
    if (mysql_num_rows($result) >0) 
    { 
        $valid_user = $login; 
        session_register("valid_user"); 
    } 

} 
?>
--------------------------------------------------------------------------------



This is later on the same page where the menu is being creted according to users credentials.


PHP:
--------------------------------------------------------------------------------

Code: Select all

<? 
  if (session_is_registered("valid_user")) 
  { 
  ?> 

// Some HTML stuff .... 

<? 
$query = "SELECT * FROM sec_auth WHERE login='$login'"; 
$result = mysql_query( $query, $link ); 
     
while($r=mysql_fetch_array($result)) 
     { 
        //This is being passed to the secure_menu.php where the menu is being creted. 

        $security_id = $r['security_id']; 
         

        include('htmle/secure_menu.php'); 
         } 
?>
--------------------------------------------------------------------------------



this is where the page is being displayed after the link has been pressed.. More logic will follow.


PHP:
--------------------------------------------------------------------------------

Code: Select all

<table> 
<tr> 
<td> 
This is where page will be dispalyed after clicking on the clicking the menu</td> 
</tr> 
</table> 


// This is being dispalyed if the user enters invalid info 

} 
else 
{ 
if (isset($login)) 
{ 
echo "<table width='100%' border='0' height='400'><tr><td><span class='text'><center><font color='#ff0000'>Error loging in.</center></span></td></tr></table>"; 
} 
} 
           
?>
--------------------------------------------------------------------------------




Now this the secure_menu.php page where the menu is being created


PHP:
--------------------------------------------------------------------------------

Code: Select all

<? 
if (session_is_registered("valid_user")) 
{ 
?> 
<td bgcolor="FAFAFA"><table width="121" border="0" cellpadding="5" cellspacing="0" class="links"> 
<tr> 
<td width="111"><a href="xindex.php?user=logout" class="links"><b>logout</b></a></td> 
</tr> 
<? 
$qery1 = "SELECT * FROM menu_tbl WHERE security_id='$security_id'"; 
$result1 = mysql_query($query1, $link); 
                 
while($r1=mysql_fetch_array($result1)) 
{ 
                            $menu_item = $r1['menu_item']; 
                            $menu_pointer = $r1['menu_pointer']; 
?> 
<tr> 
<td><a href="sindex.php?page=<? echo "$menu_pointer"; ?>" class="links"><? echo "$menu_item"; ?></a></td> 
        </tr> 
<? 
} 
?> 
</table> 
<? 
} 
else 
{ 
echo "<span class='font'><center><font color='#ff0000'>ERROR!</font></center></span>"; 
} 
?>
I think this should be all :)

thanx

Greg

Posted: Sun Feb 29, 2004 10:55 pm
by andre_c
The only thing that I see wrong by just looking at the code quickly is that you spelled $query1 as $qery1 on the last section of your code.

hopefully after that it will work.

I would also recommend using the new session superglobal $_SESSION to pass variables instead of session_register() since it's more secure and it's very easy to learn. But that's just a recommendation.

let me know if that fixes it,
Alvaro

Posted: Sun Feb 29, 2004 11:01 pm
by infolock
aye..
last page you posted..

$qery1 = "SELECT * FROM menu_tbl WHERE security_id='$security_id'";
$result1 = mysql_query($query1, $link);


should be

$query1 = "SELECT * FROM menu_tbl WHERE security_id='$security_id'";
$result1 = mysql_query($query1, $link);



btw... here is a quick tip. when you are gonna be doing mysql calls, try putting an OR DIE(MySQL_ERROR()) at the end of them.. this will help you see what is happening at least

ex :

$query1 = "SELECT * FROM menu_tbl WHERE security_id='$security_id'";
$result1 = mysql_query($query1, $link) or die(MySQL_Error());

Posted: Mon Mar 01, 2004 6:29 pm
by HormonX

$qery1 = "SELECT * FROM menu_tbl WHERE security_id='$security_id'";
$result1 = mysql_query($query1, $link);


should be

$query1 = "SELECT * FROM menu_tbl WHERE security_id='$security_id'";
$result1 = mysql_query($query1, $link);
This was just a typo on my part sorry about that .... am still getting that error and i am totaly confused. If you want to see exactly what is happening ill give you a url and login/pass to try so you can see.

this is so frustrating ...

Greg

Posted: Mon Mar 01, 2004 10:39 pm
by infolock
did you not put the error checks in your code? your error is saying that the query you are trying to use is incorrect...

in other words, if you will put the OR DIE statement in there like i suggested, it should tell you what part of your query is wrong. could be a wrong field type, field name, table name, or anything and you'd never know without it..

so, put the or die statments in there like i showed ya, and see if youc an't get a more specific error for us ;)