my url i have a parameter called uid
in my sql i have
Select * from users Where uid = {$_GET['uid']}
now I have my while loop
while (($row = mysqli_fetch_assoc($result)) != false) {
$uid = $row['uid'];
}
every thing is fine to this point. what i want is if the uid in the database does not equal the $_GET from parameter redirect.
if ($uid == $_GET['uid']) {
return true;
} else {
redirect(ROOT_URI);
}
what i am trying to prevent is modifying uid in the url. that if the uid does not exists it will redirect.
simply you can do like this
$rowcount=mysqli_num_rows($result);
if($rowcount != 0)
{
return true;
}
else
{
redirect(ROOT_URI);
}
since if the uid is in the table mysqli_num_rows doesn't return 0
Use this. I've included some comments as explanation to what I am doing.
$x = 0; //checker
while (($row = mysqli_fetch_assoc($result)) != false) {
if($uid == $row['uid']){
$x = 1; //logic is if there is a match, $x will become 1, else it will stay at 0 value
}
}
//now check the value of $x
if ($x == 1){
//there is a match
return true;
}
else{
//there is no match
redirect(ROOT_URI);
}
To redirect in PHP, you can use the header() function:
header("Location: your_url");
Your sql query is wrong. Try with this one:
Select uid from users Where uid = {$_GET['soldier']}
Related
I have the following code.
$query = "SELECT HealthStatus FROM healthstatus where HealthStatus=$HealthStatus";
$result = mysql_query($query);
echo $HealthStatus;
if($result = false)
{
//do something
}
else
{
//print value already exists
}
I don't get any error or warning when the code is executed. But, even if $HealthStatus exists in database, the if part gets executed. When I give echo $HealthStatus, the value fetched is printed correctly.
I have tried using if(!$result). That doesn't work either. Can someone help me.
You have to use mysql_num_rows to know if the query returned any rows, eg:-
if($result && mysql_num_rows($result))
{
// a row exists
}
else
{
// do something
}
also if HealthStatus is a string it needs to be enclosed in quotes eg:-
$query = "SELECT HealthStatus FROM healthstatus where HealthStatus='".$HealthStatus."'";
$result = mysql_query($query);
if($result && mysql_num_rows($result))
{
// a row exists
$row=mysql_fetch_array($result);
echo "Health status was ".$row["HealthStatus"];
}
else
{
// do something
echo "There were no rows found";
}
To understand how much rows were received use mysql_num_rows function.
if(mysql_num_rows($result) > 0) {
} else {
}
Also, you have error in your if:
if($result = false)
{
//do something
}
else
{
//print value already exists
}
You assign false to $result in your if statement.
You have to use if($result == false).
To avoid such mistakes you can change order:
if(false == $result)
This will work, but this:
if(false = $result)
Will cause error.
Hope, this will help.
I would like to know what code I would need to use to get the values from a row (which would naturally have data from different columns)
I would like to check if the IP address is the same as the Poll ID. As you would expect the IP address is stored in one column, and the poll id in a next column.
$q = mysql_query("SELECT * FROM logs");
while($row = mysql_fetch_array($q))
{
if(($ip = $_SERVER['REMOTE_ADDR']) == $row['ip'])
{
$duplicateIP = true;
}//end if
if(($row['poll_id'] == 1))
{
$duplicatePoll = true;
}//end if
}//end while
I realised this code won't work as it will return the poll id to be true as long as it is equal to 1. How do I ensure that it will only return to be true if that poll id matches the IP address? Thanks.
Instead of:
if(($ip = $_SERVER['REMOTE_ADDR']) == $row['ip'])
{
$duplicateIP = true;
}//end if
if(($row['poll_id'] == 1))
{
$duplicatePoll = true;
}//end if
You should write:
if($_SERVER['REMOTE_ADDR'] == $row['ip'] && $row['poll_id'] == 1){
$duplicateIP = true;
}//end if
Or change your query:
$q = mysql_query(
"SELECT * FROM logs WHERE ip = '".$_SERVER['REMOTE_ADDR'] .
"' and poll_id = '".$iPollid."' "
);
This is a really simple one, I just can't get my head around it sorry. I have this PHP code which picks up my form value, then compares it with the value stored in the database. That works fine.
However I am not sure how to write this logic in terms of this query:
If posted value = database value {
// do something } else { // do something else }
if (empty($_POST['order_id']) === false) {
// prepare data for inserting
$order_id = htmlentities(trim($_POST['order_id']));
$order_id = preg_replace("/[^0-9]/","", $order_id);
$result = mysqli_query($con,"SELECT * FROM listings WHERE order_id = $order_id");
$row = mysqli_fetch_assoc($result);
echo $row['order_id'];
}
SOLVED:
Solved the question, was a silly one I know! Just needed this at the end of the code:
if($order_id === $row['order_id']) {
echo 'found';
} else {
echo 'not found';
}
Try
If ($result->num_rows === 1) { do something } else { do something else }
Since you did the business logic in your query you can just use
if( ! is_null($row)) {
// do
} else {
// nothing
}
Did I read too much into "If posted value = database value "? Are you just referring to the order_id?
if ($row['listingName'] == $_POST['frm_listingName']) {
// something
}
else {
//something else
}
Check this code:
if (empty($_POST['order_id']) === false) {
// prepare data for inserting
$order_id = htmlentities(trim($_POST['order_id']));
$order_id = preg_replace("/[^0-9]/","", $order_id);
$result = mysqli_query($con,"SELECT * FROM listings WHERE order_id = $order_id");
if(mysqli_num_rows($result)>0)
{
//Match found. do something.
}
else
{
//No match found. do something.
}
}
N.B. In place of mysqli_num_rows($result) you can also use $result->num_rows
I am working on a piece that allows user to create an article, but there are some restricted for an admin, which i identify as SgroupId 1. Now when I log in with my admin code, i realize i still cant post everything, except for what I identified in loadTypeUsers. I know i get the value of Sgroup1 with me, since the admin panel loads in the bar below. Also when I echo the value I get the return of 1, which should be fine.
But when I try to load the dropdown in my popup, it wont give me the full list. Instead, it loads just the list I specified in the LoadTypeUsers. Can somebody help me out here?
Thanks in advance.
~Dorv
function MakeArticleTypeDropdown(){
echo "<select name='ArticleTypeId'>";
if($SgroupId == 1 || $SgroupId == 1){
$results = LoadType();
}
else
{
$results = LoadTypeUsers();
}
while($row = mysql_fetch_array($results)){
echo "<option value='".$row['ArticleTypeId']."'>"
.$row['ArticleTypeName']."</option>";
}
echo "</select>";
}
This is tucked in the ArticleFunction.php file
function LoadTypeUsers(){
$query = "SELECT * FROM Articletype limit 1,3;";
$resultaat=SendQuery($query);
return $resultaat;
}
function LoadType(){
$query = "SELECT * FROM Articletype;";
$resultaat=SendQuery($query);
return $resultaat;
}
This is tucked in the Sentry.php file
session_start();
$UserName = $_SESSION['username'];
$result = mysql_query("select * from user where username='".$UserName."'");
while($row = mysql_fetch_array($result)){
$UserId = $row['UserId'];
$CharacterName = $row['CharacterName'];
$UserName = $row['UserName'];
$SgroupId = $row['SgroupId'];
};
$SgroupId is not defined in the function MakeArticleTypeDropdown() so it will always goes in else condition .Try something as follows
MakeArticleTypeDropdown($SgroupId)
{
//-----------your code
}
first of all, I don't see you passing the value of $SgroupId to MakeArticleTypeDropdown(). Maybe you have an scope problem and you're checking a variable $SgroupId that isn't set inside the function?
second: ($SgroupId == 1 || $SgroupId == 1) What is that || for?
I think that the LIMIT clause should be a WHERE clause.
i.e.
SELECT * FROM Articletype WHERE SgroupId = 1 OR SgroupId = 3
and perhaps the line
if($SgroupId == 1 || $SgroupId == 1){
should read
if($SgroupId == 1 || $SgroupId == 3){
I have output from a select query as below
id price valid
1000368 69.95 1
1000369 69.94 0
1000370 69.95 0
now in php I am trying to pass the id 1000369 in function. the funciton can execute only if the valid =1 for id 1000368. if it's not 1 then it will throw error. so if the id passed is 1000370, it will check if valid =1 for 1000369.
how can i check this? I think it is logically possible to do but I am not able to code it i tried using foreach but at the end it always checks the last record 1000370 and so it throws error.
regards
Use a boolean variable:
<?php
$lastValid=false;
while($row = mysql_fetch_array($result))
{
if ($lastValid) {
myFunction();
}
$lastValid = $row['valid'];
}
?>
(Excuse possible errors, have no access to a console at the moment.)
If I understand correctly you want to check the if the previous id is valid.
$prev['valid'] = 0;
foreach($input as $i){
if($prev['valid']){
// Execute function
}
$prev = $i;
}
<?php
$sql = "SELECT * FROM tablename";
$qry = mysql_query($sql);
while($row = mysql_fetch_array($qry))
{
if ($row['valid'] == 1)
{
// do some actions
}
}
?>
I really really recommend walking through some tutorials. This is basic stuff man.
Here is how to request a specific record:
//This is to inspect a specific record
$id = '1000369'; //**some specified value**
$sql = "SELECT * FROM data_tbl WHERE id = $id";
$data = mysql_fetch_assoc(mysql_query($sql));
$valid = $data['valid'];
if ($valid == 1)
//Do this
else
//Do that
And here is how to loop through all the records and check each.
//This is to loop through all of it.
$sql = "SELECT * FROM data_tbl";
$res = mysql_query($sql);
$previous_row = null;
while ($row = mysql_fetch_assoc($res))
{
some_action($row, $previous_row);
$previous_row = $row; //At the end of the call the current row becomes the previous one. This way you can refer to it in the next iteration through the loop
}
function some_action($data, $previous_data)
{
if (!empty($previous_data) && $condition_is_met)
{
//Use previous data
$valid = $previous_data['valid'];
}
else
{
//Use data
$valid = $data['valid'];
}
if ($valid == 1)
{
//Do the valid thing
}
else
{
//Do the not valid thing
}
//Do whatever
}
Here are some links to some good tutorials:
http://www.phpfreaks.com/tutorials
http://php.net/manual/en/tutorial.php