Is there a better way to do these queries?
I call these functions from an other php to get data back to my Android Application in JSON.
But I feel that this code is "dirty".
This code works. But can there be issues if there are many user requests? I want to keep all the stuff fast an slim for following stuff. Now there are about 100 people running this app. Everything is ok now. But how it will be if there are more?
<?php require_once("db_connection.php");?>
<?php
define('TIMEZONE', 'Europe/Paris');
date_default_timezone_set(TIMEZONE);
function storeUser($email, $password, $uuid, $name){
global $connection;
$date = date("Y-m-d H:i:s");
$query = "SELECT * FROM treuepass_users_all WHERE email ='{$email}'";
$res = mysqli_query($connection, $query);
$num = mysqli_num_rows($res);
if ($num == 0)
{
$query = "SELECT * FROM treuepass_users_all WHERE uuid ='{$uuid}'";
$res = mysqli_query($connection, $query);
$num = mysqli_num_rows($res);
if ($num > 0)
{
$query2 = "UPDATE treuepass_users_all SET email = '{$email}', password = '{$password}', name = '{$name}' WHERE uuid ='{$uuid}'";
$res2 = mysqli_query($connection, $query2);
return $res2;
mysqli_close($connection);
}
else //////Wenn sich HANDY das erste mal anmeldet
$query = "INSERT INTO treuepass_users_all (uuid, dateofregister, email, password, name) VALUES ('{$uuid}', '{$date}', '{$email}', '{$password}', '{$name}')";
$res = mysqli_query($connection, $query);
$query2 = "UPDATE treuepass_users_all SET lastlogin = '{$date}', logincounter = logincounter +1 WHERE uuid ='{$uuid}'";
$res2 = mysqli_query($connection, $query2);
return $res2;
mysqli_close($connection);
}else{
return false;
}
}
function getUserByUsernameAndPassword($email, $password, $uuid){
$date = date("Y-m-d H:i:s");
global $connection;
$query1 = "UPDATE treuepass_users_all SET uuid = '{$uuid}', lastlogin = '{$date}', logincounter = logincounter +1 WHERE email = '{$email}' AND password = '{$password}'";
$user1 = mysqli_query($connection, $query1);
$query2 = "SELECT * FROM treuepass_users_all WHERE email = '{$email}' AND password = '{$password}'";
$user2 = mysqli_query($connection, $query2);
if($user2){
while ($res = mysqli_fetch_assoc($user2)){
return $res;
}
}
else{
return false;
}
mysqli_close($connection);
}
function getUserByUUID($uuid){
global $connection;
//////Wenn UUID bereits Vorhanden
$date = date("Y-m-d H:i:s");
$query2 = "UPDATE treuepass_users_all SET lastlogin = '{$date}', logincounter = logincounter +1 WHERE uuid ='{$uuid}'";
$res2 = mysqli_query($connection, $query2);
$query = "SELECT * FROM treuepass_users_all WHERE uuid ='{$uuid}'";
$res = mysqli_query($connection, $query);
$num = mysqli_num_rows($res);
if ($num > 0)
{
while ($dsatz = mysqli_fetch_assoc($res))
return $dsatz;
mysqli_close($connection);
}
else //////Wenn sich HANDY das erste mal anmeldet
$query = "INSERT INTO treuepass_users_all (uuid, dateofregister, lastlogin, logincounter) VALUES ('{$uuid}', '{$date}', '{$date}', '1')";
$res = mysqli_query($connection, $query);
$query3 = "SELECT * FROM treuepass_users_all WHERE uuid ='{$uuid}'";
$res3 = mysqli_query($connection, $query3);
if($res3){
while ($res = mysqli_fetch_assoc($res3)){
return $res;
}
}
else{
return false;
}
mysqli_close($connection);
}
function getUpdateUserDataLocation($locationid, $id, $stampcard1counter, $stampcard1stampsnow, $stampcard1redeemed, $stampcard2counter, $stampcard2stampsnow, $stampcard2redeemed, $stampcard3counter, $stampcard3stampsnow, $stampcard3redeemed, $vouchercounter, $vouchernow, $voucherredeemed){
global $connection;
$date = date("Y-m-d H:i:s");
$locationtable5 = "treuepass_history_$locationid";
$query5 = "INSERT INTO $locationtable5 (uuid, date, time, stampcard1counter, stampcard1redeemed, stampcard2counter, stampcard2redeemed, stampcard3counter, stampcard3redeemed, voucherredeemed)
VALUES ('$id', '$date', '$date', '$stampcard1counter','$stampcard1redeemed', '$stampcard2counter','$stampcard2redeemed', '$stampcard3counter','$stampcard3redeemed', '$voucherredeemed')";
mysqli_query($connection, $query5);
$locationtable = "treuepass_users_$locationid";
$query3 = "UPDATE $locationtable
SET
stampcard1counter = stampcard1counter+'{$stampcard1counter}', stampcard1stampsnow = '{$stampcard1stampsnow}', stampcard1redeemed = stampcard1redeemed+'{$stampcard1redeemed}',
stampcard2counter = stampcard2counter+'{$stampcard2counter}', stampcard2stampsnow = '{$stampcard2stampsnow}', stampcard2redeemed = stampcard2redeemed+'{$stampcard2redeemed}',
stampcard3counter = stampcard3counter+'{$stampcard3counter}', stampcard3stampsnow = '{$stampcard3stampsnow}', stampcard3redeemed = stampcard3redeemed+'{$stampcard3redeemed}',
vouchercounter = vouchercounter+'{$vouchercounter}', vouchernow = '{$vouchernow}', voucherredeemed = voucherredeemed+'{$voucherredeemed}'
WHERE uuid ='{$id}'";
$res3 = mysqli_query($connection, $query3);
$query = "SELECT * FROM $locationtable WHERE uuid ='{$id}'";
$res = mysqli_query($connection, $query);
$num = mysqli_num_rows($res);
if ($num > 0)
{
while ($dsatz = mysqli_fetch_assoc($res))
return $dsatz;
mysqli_close($connection);
} ////////////////////////////////////////////
else // Wenn sich HANDY das erste mal anmeldet //
$query = "INSERT INTO $locationtable (uuid, stampcard1counter, stampcard1stampsnow, stampcard1redeemed, stampcard2counter, stampcard2stampsnow, stampcard2redeemed, stampcard3counter, stampcard3stampsnow, stampcard3redeemed, vouchercounter, vouchernow, voucherredeemed)
VALUES ('$id', '$stampcard1counter','$stampcard1stampsnow','$stampcard1redeemed', '$stampcard2counter','$stampcard2stampsnow','$stampcard2redeemed', '$stampcard3counter','$stampcard3stampsnow','$stampcard3redeemed',
'$vouchercounter','$vouchernow','$voucherredeemed')";
mysqli_query($connection, $query);
mysqli_close($connection);
}
function getUsersLocationStampcard($userid, $locationid){
global $connection;
$locationtable = "treuepass_users_$locationid";
$query = "SELECT * FROM $locationtable WHERE uuid ='{$userid}'";
$res = mysqli_query($connection, $query);
if($res){
while ($response = mysqli_fetch_assoc($res)){
return $response;
}
}
else{
return false;
}
mysqli_close($connection);
}
?>
Thanks for all the Comments!
I spend the whole day for rewrite my code xD
But now i get all the stuff you told me.
- I did the thing with the connection inside the php
- I only have 1 php for all the stuff now
- Password Hashing with 'password_hash()'
- Prepared Statemants for MySQLi
Here some Snippet:
//////////////////////////////////////////////////STORE USER
if (isset($_POST['uuid']) && isset($_POST['email']) && isset($_POST['password']) && isset($_POST['name'])) {
$sql = "SELECT * FROM treuepass_users_all WHERE email = ?";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param("s", $_POST['email']);
$stmt->execute();
$result = $stmt->get_result();
if($result->num_rows == 1)
{
$response["error"] = TRUE;
$response["error_msg"] = "E-Mail Adresse bereits registriert!";
echo json_encode($response);
exit;
}else{
$sql = "INSERT INTO treuepass_users_all (uuid, dateofregister, email, password, name, lastlogin, logincounter) VALUES (?, ?, ?, ?, ?, ?, ?)
ON DUPLICATE KEY UPDATE email=?, password=?, name=?, lastlogin=?, logincounter=logincounter +1";
$stmt = $mysqli->prepare($sql);
$one = "1";
$hash = password_hash($_POST['password'], PASSWORD_DEFAULT);
$stmt->bind_param("sssssssssss", $_POST['uuid'], $date, $_POST['email'], $hash, $_POST['name'], $date, $one, $_POST['email'], $hash, $_POST['name'], $date);
$stmt->execute();
$sql = "SELECT * FROM treuepass_users_all WHERE uuid = ?";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param("s", $_POST['uuid']);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc())
{
$response["error"] = FALSE;
$response["user"]["id"] = $row['id'];
$response["user"]["uuid"] = $row['uuid'];
$response["user"]["locked"] = $row['locked'];
$response["user"]["dateofregister"] = $row['dateofregister'];
$response["user"]["email"] = $row['email'];
$response["user"]["username"] = $row['username'];
$response["user"]["name"] = $row['name'];
$response["user"]["surname"] = $row['surname'];
$response["user"]["dayofbirth"] = $row['dayofbirth'];
$response["user"]["monthofbirth"] = $row['monthofbirth'];
$response["user"]["yearofbirth"] = $row['yearofbirth'];
$response["user"]["gender"] = $row['gender'];
$response["user"]["lastlogin"] = $row['lastlogin'];
$response["user"]["logincounter"] = $row['logincounter'];
echo json_encode($response);
}
}
}
I hope i did it well? :)
Related
Can someone find the problem?
It doesn't give any errors, but new rows don't appear in the database and I don't know the problem is.
if (isset( $_REQUEST['signupnbtn'] ) ) {
$age = mysqli_real_escape_string($con,$_REQUEST['ageinput']);
$discord = mysqli_real_escape_string($con,$_REQUEST['discordinput']);
$email = mysqli_real_escape_string($con,$_REQUEST['emailinput']);
$tmp = mysqli_real_escape_string($con,$_REQUEST['tmpinput']);
$steam = mysqli_real_escape_string($con,$_REQUEST['steaminput']);
$datum = date("d-m-Y");
$errorcode = 0;
$q = "INSERT INTO `admissions` (age, discord, email, tmp, steam, datum)
VALUES ('$age', '$discord', '$email', '$tmp', '$steam', '$datum')";
$query2 = "SELECT email FROM `admissions` WHERE email='$email'";
$sql = mysqli_query($con,$query2);
$countrows = mysqli_num_rows($sql);
if($countrows >= 1){
$errorcode = 1;
}else {
$result = mysqli_query($con,$q);
}
if ($result) {
$errorcode = 4;
}
}
$q = "INSERT INTO admissions (age, discord, email, tmp, steam, datum) VALUES ('$age', '$discord', '$email', '$tmp', '$steam', '$datum')";
Problem solved, the date should be in "Y-m-d" format instead of "d-m-Y" as below:
if (isset( $_REQUEST['signupnbtn'] ) ) {
$age = mysqli_real_escape_string($con,$_REQUEST['ageinput']);
$discord = mysqli_real_escape_string($con,$_REQUEST['discordinput']);
$email = mysqli_real_escape_string($con,$_REQUEST['emailinput']);
$tmp = mysqli_real_escape_string($con,$_REQUEST['tmpinput']);
$steam = mysqli_real_escape_string($con,$_REQUEST['steaminput']);
$datum = date("Y-m-d");
$errorcode = 0;
$q = "INSERT INTO `admissions` (age, discord, email, tmp, steam, datum)
VALUES ('$age', '$discord', '$email', '$tmp', '$steam', '$datum')";
$query2 = "SELECT email FROM `admissions` WHERE email='$email'";
$sql = mysqli_query($con,$query2);
$countrows = mysqli_num_rows($sql);
if($countrows >= 1){
$errorcode = 1;
}else {
$result = mysqli_query($con,$q);
}
if ($result) {
$errorcode = 4;
}
}
$sql="SELECT activity,work_order FROM works";
$result=mysql_query($sql);
while($row=mysql_fetch_assoc($result)){
if($row['work_order']==$work_order && $row['activity']==$activity){
$sql="UPDATE works SET wei_out='$wei_out',len_out='$len_out',end_time='$end_time' WHERE work_order='$work_order' AND activity='$activity'";
break;
}
else{
$sql="INSERT INTO works (jobno,date,start_time,work_order,worker,activity,status,len_in,wei_in,grams) values ('$jobno','$date','$start_time','$work_order','$worker','$activity','$status','$len_in','$wei_in','$grams')";
break;
}
}
the above code for insertion and updation in while loop is not working can anyone help me by solving
You forgot to execute the statement stored in $sql variable and its good to use mysqli for your security issue.
$sql="SELECT activity,work_order FROM works";
$result=mysqli_query($connection, $sql);
while($row=mysqli_fetch_assoc($result)){
if($row['work_order']==$work_order && $row['activity']==$activity){
$sql="UPDATE works SET wei_out='".$wei_out."',len_out='".$len_out."',end_time='".$end_time."' WHERE work_order='".$work_order."' AND activity='".$activity."'";
mysqli_query($connection, $sql);
break;
}
else{
$sql="INSERT INTO works (jobno,date,start_time,work_order,worker,activity,status,len_in,wei_in,grams) values ('".$jobno."','".$date."','".$start_time."','".$work_order."','".$worker."','".$activity."','".$status."','".$len_in."','".$wei_in."','".$grams."')";
mysqli_query($connection, $sql);
break;
}
}
You forgot your mysqli_query(); in your for loop. And please use mysqli_* not mysql_*.
$con = mysqli_connect("localhost", "my_user", "my_password", "my_db");
$sql = "SELECT activity, work_order FROM works";
$result = mysqli_query($con, $sql);
// Don't forget to escape your input!
$len_out = mysqli_real_escape_string($con, $len_out);
$wei_out = mysqli_real_escape_string($con, $wei_out);
$end_time = mysqli_real_escape_string($con, $end_time);
$start_time = mysqli_real_escape_string($con, $start_time);
$work_order = mysqli_real_escape_string($con, $work_order);
$activity = mysqli_real_escape_string($con, $activity);
$jobno = mysqli_real_escape_string($con, $jobno);
$date = mysqli_real_escape_string($con, $date);
$worker = mysqli_real_escape_string($con, $worker);
$status = mysqli_real_escape_string($con, $status);
$len_in = mysqli_real_escape_string($con, $len_in);
$wei_in = mysqli_real_escape_string($con, $wei_in);
$grams = mysqli_real_escape_string($con, $grams);
while ($row = mysqli_fetch_assoc($result)) {
if ($row['work_order'] == $work_order && $row['activity'] == $activity) {
$sql = "UPDATE works SET wei_out='$wei_out', len_out='$len_out', end_time='$end_time' WHERE work_order='$work_order' AND activity='$activity'";
mysqli_query($con, $sql); // Run the query
break;
} else {
$sql = "INSERT INTO works (jobno, date, start_time, work_order, worker, activity, status, len_in, wei_in, grams) VALUES ('$jobno', '$date', '$start_time', '$work_order', '$worker', '$activity', '$status', '$len_in', '$wei_in', '$grams')";
mysqli_query($con, $sql); // Run the query
break;
}
}
I want to add one to the last inserted value of a column in a the database. I am not getting any error but the query is not adding 1 to the last inserted value.
Note; I used MAX(id) to get the max id but it's not adding 1 to it. What am I doing wrong?
<?php
session_start();
ob_start();
if (isset($_POST['submit'])) {
$pin = htmlspecialchars(trim($_POST['pin']));
$surName = htmlspecialchars(trim($_POST['surName']));
$firstName = htmlspecialchars(trim($_POST['firstName']));
$otherName = htmlspecialchars(trim($_POST['otherName']));
$email = htmlspecialchars(trim($_POST['email']));
$passWord = md5(trim($_POST['passWord']));
$confirmPass = md5(trim($_POST['confirmPass']));
$date_added = date('Y.m.d - H:i:s');
$year = (100 . 'L');
$studentId = 201600001;
if ((empty($pin && $surName && $firstName && $otherName && $email && $passWord && $confirmPass) == false) && ($passWord) == ($confirmPass))
{
include "dbconnect.php";
$sql = "SELECT * FROM `sono` WHERE `pin`='$pin'";
$check = mysqli_query($dbconnect, $sql);
$numrow = mysqli_num_rows ($check);
if ($numrow == 1)
{
$rows=mysqli_fetch_assoc($check);
$Email = $rows['eMail'];
if ($Email == false)
{
$query = "SELECT * FROM `sono` WHERE `eMail`='$email'";
$check = mysqli_query($dbconnect, $query);
$numrow = mysqli_num_rows($check);
if ($numrow == 0)
{
$sql = "INSERT INTO `sono_nextofkin` (`eMail`) VALUES ('$email')";
mysqli_query($dbconnect, $sql);
$query = "INSERT INTO `sono_0level_results` (`eMail`) VALUES ('$email')";
mysqli_query($dbconnect, $query);
$query = "UPDATE `sono` SET `surName`='$surName', `firstName`='$firstName', `otherName`='$otherName', `eMail`='$email', `passWord`='$passWord', `confirmPass`='$confirmPass', `date_added`='$date_added', `year`='$year', `studentid`='$studentId' WHERE `pin`='$pin'";
mysqli_query($dbconnect, $query);
$max = "SELECT * MAX(`studentid`) FROM `sono`";
$max2 = mysqli_query ($dbconnect, $max);
$update = "UPDATE `sono` SET `MAX(`studentid`) = '$studentId' + 1 WHERE `pin`='$pin'";
mysqli_query ($dbconnect, $update);
$query = "SELECT `id` as idmax FROM `sono`";
$result = mysqli_query($dbconnect, $query) or die (mysqli_error($dbconnect));
$rowa = mysqli_fetch_array($result);
$rw = $rowa['idmax'];
$rwo = $rw+1;
$rwo = str_pad($rwo,4,'0',STR_PAD_LEFT);
$sql = "UPDATE `sono` SET `id`='$rwo' WHERE `pin`='$pin'";
$result = mysqli_query($dbconnect, $sql);
$_SESSION['surName'] = $surName;
$_SESSION['firstName'] = $firstName;
$_SESSION['otherName'] = $otherName;
$_SESSION['email'] = $email;
$_SESSION['passWord'] = $passWord;
$msg= "<p style = 'color: green; padding-left: 0'>Registration successful,<a href='passport.php'> >>>Click here to proceed<<<</a></p>";
} else
$msg= "<p style = 'color: red; padding-left: 0'>Email already used, use another valid email to register</p>";
} else
$msg= "<p style = 'color: red; padding-left: 0'>The pin has been used</p>";
} else
$msg= "<p style = 'color: red; padding-left: 0'>The pin enter does not exist</p>";
} else
$msg= "<p style = 'color: red; padding-left: 0'>Please enter your names, pin, email and password to start registration</p>";
}
?>
you should do like
$update = "UPDATE `sono` SET `studentid` = MAX(`studentid`) + 1 WHERE `pin`='$pin'";
OR
Use LAST_INSERT_ID() from your SQL query.
OR
You can also use mysqli_insert_id() to get it using PHP.
Hello guys I was confused using the if else statement I know it is the basic in conditioning also other languages. Don't know what to do here, I would like that it has an if condition(check) then also inside I want that it has an else if but my problem is I have to else statement which is wrong cause I know that else statement will be use at the end of a condition
Here's my code:
if (isset($_POST['login']))
{
$idno = mysql_real_escape_string($_POST['idno']);
$password = mysql_real_escape_string($_POST['password']);
$position = $_POST['user_type'];
$YearNow=Date('Y');
$_SESSION['SESS_MEMBER_ID'] = $idno;
$sql1 = "SELECT * FROM student WHERE idno = '$idno' AND password = '$password' " ;
$result = mysql_query($sql1) or die();
$row = mysql_fetch_array($result);
$num_row = mysql_num_rows($result);
//,student WHERE studentvotes.idno = student.idno
$sql2 = "SELECT * FROM vote_logs,school_year where vote_logs.idno='$idno' AND vote_logs.syearid = school_year.syearid AND school_year.from_year like $YearNow ";
$result1 = mysql_query($sql2) or die();
$row1 = mysql_fetch_array($result1);
if (mysql_num_rows($result1)<=1)
{
$_SESSION['idno']=$row['idno'];
$sql_c = "SELECT * FROM student WHERE idno = '$idno' AND password = '$password'";
$result2 = mysql_query($sql_c) or die(mysql_error());
$faunc = mysql_fetch_assoc($result2);
$_SESSION['SESS_COURSE'] = $faunc['progid'];
$_SESSION['SESS_MEMBER_ID'] = $idno;
header('location: plsvote.php');
}
else if ($row['status'] == 'lock')
{
header('location: last.php');
}
else
{
header('location: notification.php');
exit();
}
else
{
echo "<script type='text/javascript'>\n";
echo "alert('Username or Password incorrect!, Please try again.');\n";
echo "window.location = 'index.php';";
echo "</script>";
exit();
}
}
Please help me
You have imbricated your blocks, try this:
if (isset($_POST['login']))
{
$idno = mysql_real_escape_string($_POST['idno']);
$password = mysql_real_escape_string($_POST['password']);
$position = $_POST['user_type'];
$YearNow=Date('Y');
$_SESSION['SESS_MEMBER_ID'] = $idno;
$sql1 = "SELECT * FROM student WHERE idno = '$idno' AND password = '$password' " ;
$result = mysql_query($sql1) or die();
$row = mysql_fetch_array($result);
$num_row = mysql_num_rows($result);
//,student WHERE studentvotes.idno = student.idno
$sql2 = "SELECT * FROM vote_logs,school_year where vote_logs.idno='$idno' AND vote_logs.syearid = school_year.syearid AND school_year.from_year like $YearNow ";
$result1 = mysql_query($sql2) or die();
$row1 = mysql_fetch_array($result1);
if (mysql_num_rows($result1)<=1)
{
$_SESSION['idno']=$row['idno'];
$sql_c = "SELECT * FROM student WHERE idno = '$idno' AND password = '$password'";
$result2 = mysql_query($sql_c) or die(mysql_error());
$faunc = mysql_fetch_assoc($result2);
$_SESSION['SESS_COURSE'] = $faunc['progid'];
$_SESSION['SESS_MEMBER_ID'] = $idno;
header('location: plsvote.php');
}
else if ($row['status'] == 'lock')
{
header('location: last.php');
}
else
{
header('location: notification.php');
exit();
}
}
else
{
echo "<script type='text/javascript'>\n";
echo "alert('Username or Password incorrect!, Please try again.');\n";
echo "window.location = 'index.php';";
echo "</script>";
exit();
}
With an indentation, this kind of problem is easily visible.
This can be ok:
if ( //validate the email
filter_var($email, FILTER_VALIDATE_EMAIL) &&
preg_match('/#.+\./', $email)
) {
$result = mysql_query (
"INSERT INTO users(unique_id, name, email, encrypted_password, salt, created_at) VALUES('$uuid', '$name', '$email', '$encrypted_password', '$salt', NOW())"
);
if ($result) { // check for successful store
// get user details
$uid = mysql_insert_id(); // last inserted id
$result = mysql_query("SELECT * FROM users WHERE uid = $uid");
// return user details
return mysql_fetch_array($result);
} else {
return false; //unsuccessful store
}
} else {
//not a valid email
return false;
}
}
Try this one :
if (filter_var($email, FILTER_VALIDATE_EMAIL) && preg_match('/#.+\./', $email)) {
$result = mysql_query ("INSERT INTO users(unique_id, name, email, encrypted_password, salt, created_at) VALUES('$uuid', '$name', '$email', '$encrypted_password', '$salt', NOW())");
if ($result) { // check for successful store
// get user details
$uid = mysql_insert_id(); // last inserted id
$result = mysql_query("SELECT * FROM users WHERE uid = $uid");
// return user details
return mysql_fetch_array($result);
} else {
return false; //unsuccessful store
}
} else {
//not a valid email
return false;
}
I think I have an error uon the usertype 3 cause it always go to the notification and if I change both notification and plsvote.php it will just refresh so please help me what to do
if (isset($_POST['login'])){
$idno = $_POST['idno'];
$password = $_POST['password'];
$position = $_POST['user_type'];
$sql1 = "SELECT * FROM users WHERE idno = '$idno' AND password = '$password'";
$result = mysql_query($sql1) or die();
$row = mysql_fetch_array($result);
$num_row = mysql_num_rows($result);
//if the user is admin
if ($row['user_type'] == "1"){
mysql_query("insert into user_log (idno,login_date) values('$username',NOW())")or die(mysql_error());
$YearNow=Date('Y');
header('location:admin/index.php');
}
//if the user is student
else if ($row['user_type'] == "3") {
$sql_c = "SELECT * FROM users,studentvotes,school_year = users.idno = studentvotes.idno AND studentvotes.syearid =school_year.syearid AND school_year.from_year like $YearNow ";
$result1 = mysql_query($sql_c) or die(mysql_error());
while($row2=mysql_fetch_array($result1)){
$_SESSION['SESS_COURSE'] = $row2['progid'];
$_SESSION['SESS_MEMBER_ID'] = $idno;
//$query = mysql_query ("INSERT INTO user_log VALUES('$idno',NOW(), 'Login') ") or die(mysql_error());
header('location:plsvote.php');
}
}
else{
header('location:notification.php');
exit();
}
}