help with IF function needed

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
shurst
Forum Newbie
Posts: 2
Joined: Tue May 24, 2005 5:12 am

help with IF function needed

Post by shurst »

Hi Guys

what i'am trying to do is from a link

Code: Select all

echo &quote;  <td align=left><a href='modules.php?name=Training&mode=viewprofile&username=&quote; . $row&#1111;&quote;username&quote;] . &quote;&status=&quote; . $row&#1111;&quote;status&quote;] . &quote;'><b>regrade</b></a></b></td><td align=center>#&quote; . $row&#1111;&quote;user_id&quote;] .&quote;&quote; . $row&#1111;&quote;status&quote;] .&quote;\n&quote;;
it goes to another page and depending on there username and status it will either display a hidden section or keep it hidden heres the code i'am having problems with

Code: Select all

if ($username == $userinfo&#1111;&quote;username&quote;] and $status > 5)
{
echo &quote;<table align=center width=\&quote;83%\&quote; border=\&quote;0\&quote; bgcolor=\&quote;516783\&quote; cellspacing=\&quote;0\&quote;>\n&quote;;
echo &quote;         <tr height='40'>\n&quote;;
echo &quote;            <td>\n&quote;;
echo &quote;                      <div align=\&quote;center\&quote; bgcolor=\&quote;#516783\&quote;>\n&quote;;
echo &quote;                                <font color=\&quote;#FFFFFF\&quote; size='3'><b>IQT RE-Grade Section </b></font>\n&quote;;
echo &quote;                        </div>\n&quote;;
echo &quote;            </td>\n&quote;;
echo &quote;  </tr>\n&quote;;
echo &quote;</table>\n&quote;;
echo &quote;   <table width=\&quote;83%\&quote; bgcolor=EFEEEE border=\&quote;1\&quote; align=\&quote;center\&quote; cellspacing=\&quote;0\&quote; bordercolor=\&quote;#000000\&quote;>\n&quote;;
echo &quote;  <tr>\n&quote;;
echo &quote;    <td>\n&quote;;
echo &quote;      <div align=\&quote;center\&quote;><a href=\&quote;modules.php?name=Training&file=regrade\&quote;><i><b>Regrade a pilot</b></a> </div>\n&quote;;
   }
if any one can see what ive done wrong please gimme me thump and say hey dummy thats the cause :)

TIA
User avatar
phpScott
DevNet Resident
Posts: 1206
Joined: Wed Oct 09, 2002 6:51 pm
Location: Keele, U.K.

Post by phpScott »

you might want to change your if statment to this.

Code: Select all

if (($_GET["username"] == $userinfo["username"]) && ($status > 5))
{
//do stuff
}
the other thing I would recomend is not to pass the status but do a db look up on it as some one could pass that in the url string and still gain access. for Id just past the userId and do all the checking based on what you have stored in the db.
shurst
Forum Newbie
Posts: 2
Joined: Tue May 24, 2005 5:12 am

Post by shurst »

the other thing I would recomend is not to pass the status but do a db look up on it as some one could pass that in the url string and still gain access. for Id just past the userId and do all the checking based on what you have stored in the db.
hiya thanks for the quick reply yes i see what you mean by the url but if i take the &status= part out of the link it dosnt seem to work but leaving it in if i click the link with a guy with a status over 5 it will still display hidden part so not really what i wanted hmmmm i know ive gone wrong somewhere hehe any pointers please i,ve changed it to user_id but that didnt seem to work either ?

TIA
User avatar
phpScott
DevNet Resident
Posts: 1206
Joined: Wed Oct 09, 2002 6:51 pm
Location: Keele, U.K.

Post by phpScott »

what you need to do before your if statment is something like

Code: Select all

//db connection stuff
$sql="SELECT username FROM tableName WHERE status > 5";
$result = mysql_query($sql) or die (mysql_error());
if(mysql_num_rows($result);
{
  //get username and do your thing.

}
this should only display your if section of you get a result from the query.
Post Reply