PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
$sql = "SELECT * FROM hh_users2rights where UKey = '" . $_POST['employees'] . "' AND RKey = '" . $_POST['rights'] . "'";
$rs = mysql_query($sql);
if ($rs) {
$usql = "select UKey, FirstName, LastName FROM buzz_users WHERE UKey = '" . $_POST['emp'] . "'";
$uresult = mysql_query($usql) or die(mysql_error());
if ($uresult) {
while ($row = mysql_fetch_array($uresult, MYSQL_NUM)) {
echo "<b><font color='red'>" . $row[1] . " " . $row[2] . " already has this right</font></b>";
}
} else {
echo "system error";
}
}
what i want to do is that i want to compare and check if there is an existing record for this user, and if he does, then this script will execute. the problem is that it the first sql script evalutates to true, even if the the user does not have a record on the other field. how can i achieve that..pardom me, im really confused.thank you.
one another note, you have not escaped any of your incoming data, therefor leaving your queries vulnerable to SQL injection. Apply at minimum mysql_real_escape_string and trim, on all incoming data used in queries.
still the same problem, it does not filter the user..any hint on the problem?
[/quote]
You did not check mysql_num_rows as previously suggested