I have this if statement. It is part of a php script that is run when a button is clicked to determine the page it is forwarded to.
I have a table that is updated when an admin changes the page and this all works fine.
For some reason however this is always forwarding to scriptone. Even though for instance scriptthree is definately selected.
Any suggestions please?
$sql = "SELECT scriptName FROM selectedscript WHERE scriptSelected = '1'";
if($sql = "ScriptOne") {
header('Location: scriptone.php');
}
elseif ($sql = "ScriptTwo") {
header('Location: scripttwo.php');
}
elseif ($sql = "ScriptThree") {
header('Location: scriptthree.php');
}
else {
echo "Error";
}
Thank you
I have tried double and triple equal signs however that leads to the Error message being displayed :(
= is assignment. == is equality. === is strict equality. You want one of the latter as the first typically results in a true value.
if ($sql == "ScriptOne") {
header('Location: scriptone.php');
}
You'll need to perform the sql query and fetch some values before using them in your if statements.
Something like this:
$sql = "SELECT scriptName FROM selectedscript WHERE scriptSelected = '1'";
$q=mysql_query($sql) or die(mysql_error());
$row=mysql_fetch_assoc($q);
switch ($row['scriptName']) {
case 'ScriptOne':
header('Location: scriptone.php');
break;
case 'ScriptTwo':
header('Location: scripttwo.php');
break;
case 'ScriptThree':
header('Location: scriptthree.php');
break;
default:
echo "Error";
}
Also, consider using PDO instead of mysql_* statements as they are depreciated.
if($sql == "ScriptOne") {
^
not
if($sql = "ScriptOne") {
= is assignment, == is comparison
You need to use double or triple equal signs
if($sql == "ScriptOne") {
Related
The error occurs like that, when i try to connect to DB to search something, it doesn't connects... here is the code below
$connection = new mysqli($db_server,$db_user,$db_pass,$db_name);
if($connection->connect_errno)
{
die ("Connection Failed");
}
$selcap = "SELECT * FROM captcha_codes ORDER BY RAND() LIMIT 1";
$seldcap = $connection->query($selcap);
if($seldcap === true)
{
while ($capdata = $seldcap->fetch_array(MYSQLI_BOTH))
{
$imglink = $capdata['image'];
$idcap = $capdata['id'];
$codecap = $capdata['code'];
}
} else {
$msgreg = "Couldn't connect to Captcha, please contact admin!";
}
The result is Couldn't connect to Captcha, please contact admin!
Use the less strict == comparison here: if($seldcap === true), that should solve the issue.
So the condition would look like: if($seldcap == true)
As mentioned by others, you could also check the number of results as well.
See the docs for mysqli::query() for more information on the results of that function.
If you want to check either query returns result or not use num_rows :
$seldcap = $connection->query($selcap);
if($seldcap->num_rows > 0)
{
//your while stuff
}
else{
//your error stuff
}
I've tried this so far:
$query = "SELECT * FROM users WHERE id = :id";
$stmt = $connectionPDO->prepare($query);
$stmt->bindParam(':id', $id);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$type = $row['rights'];
if(check_login_status() == false)
{
header("Location:error.php");
exit;
}
If the entry in the column "rights" for the specific user is "user" and if there is no one logged in then it must redirect to error.php. So far this doesn't work. It still shows the page if i'm logged in with a user account. Hopefully I'm specific enough.
You need an extra piece of information in the header() function and also to add a exit; after the header() otherwise execution will just continue within this code fragment.
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$type = $row['rights'];
if(check_login_status() == false && $type == "user")
{
header("Location: error.php");
exit;
}
Of course the proper execution of the if statement depends on things you have not specified like does check_login_status() actually return false and have you checked that $type actually is "user".
Try this as a test :
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$type = $row['rights'];
// just testing
$type = "user";
if(check_login_status() == false && $type == "user")
{
header("Location: error.php");
exit;
}
You have a wrong syntax:
header("Location:error.php");
So, I have this:
$user = $db->prepare("SELECT * FROM `users` WHERE LL_IP='" . $_SERVER['REMOTE_ADDR'] . "'");
$user->execute();
while($userDATA = $user->fetch(PDO::FETCH_ASSOC)) {
if( userDATA['LL_IP'] == $_SERVER['REMOTE_ADDR']) {
echo "Logged in";
}
else {
echo "Register / Login";
}
}
I'm trying to get it where if no $userDATA['LL_IP'] is found. Then it does the else statement, but for some reason it's not working.
I've also tried:
elseif($userDATA['LL_IP'] == false) {
echo "Register / Login";
}
But that doesn't work either.
If you just want to check if a row was found, you can replace the loop with an if statement:
if($userDATA = $user->fetch(PDO::FETCH_ASSOC))
{
echo "Logged in";
}
else
{
echo "Register / Login";
}
Your logic is faulty. You already query only for cases where LL_IP equals $_SERVER['REMOTE_ADDR']. Why would expect to EVER gat a result turned where your if conditional wouldn't match.
It seems to me that all you would need to do in this case is to check to see if the number of records returned in the result set is greater than 1.
By the way, you should at least escape $_SERVER['REMOTE_ADDR'] before using it in a query, or better yet, since you are already using a prepared statement, you could use a parametrized value.
Your logic should be something like this:
// specify maybe a primary key field in query. No need for SELECT *
$query = "SELECT COUNT(user_id) FROM `users` WHERE LL_IP = :ip_address LIMIT 1";
$user->prepare($query);
$user->bindParam(':ip_address', $_SERvER['REMOTE_ADDR'], PDO::PARAM_STR]);
$user->execute();
if('1' === $user->fetchColumn(0)) {
// logged in
} else {
// not logged in
}
I also agree with comment from #jeroen above that you really shouldn't rely on an IP address to determine any sort of login status. IP addresses can change unpredictably (particularly for mobile users).
$user = $db->prepare("SELECT * FROM `users` WHERE LL_IP='" . $_SERVER['REMOTE_ADDR'] . "'");
$user->execute();
if ($user->fetchColumn() > 0) {
// logged in
} else {
// not logged in
}
The manual (see example #2) says to use fetchColumn
I am new in PHP and need help with my below code. When I am entering wrong userid instead of giving the message "userid does not exist" it is showing "password/id mismatch. Please guide me where I am wrong.
<?php
session_start();
$id = $_POST['userid'];
$pwd = $_POST['paswd'];
$con = mysqli_connect("localhost", "????", "????", "??????");
if ($con) {
$result = mysqli_query($con, "SELECT * FROM users WHERE userid=$id");
if ($result) {
$row = mysql_fetch_array($result);
if ($row["userid"] == $id && $row["paswd"] == $pwd) {
echo "Welcome! You are a authenticate user";
if ($id == $pwd)
//my default login id and password are same
{
header("Location: changepwd.html");
} else {
header("Location: dataentry.html");
}
} else {
echo "ID/Password Mismatch";
}
} else {
echo "User does not Exist !!!";
}
} else {
echo "Connection failed - ".mysqli_error()." -- ".mysqli_errno();
}
?>
The main problem you have is that you're mixing up between the mysqli and mysql functions. These two libraries are not compatible with each other; you must only use one or the other.
In other words, the following line is wrong:
$row=mysql_fetch_array($result);
It needs to be changed to use mysqli_.
While I'm here, going off-topic for a moment I would also point out a few other mistakes you're making:
You aren't escaping your SQL input. It would be extremely easy to hack your code simply by posting a malicious value to $_POST['userid']. You must use proper escaping or parameter binding. (since you're using mysqli, I recommend the latter; it's a better technique).
Your password checking is poor -- you don't appear to be doing any kind of hashing, so I guess your passwords are stored as plain text in the database. If this is the case, then your database is extremely vulnerable. You should always hash your passwords, and never store the actual password value in the database.
I've gone off topic, so I won't go any further into explaining those points; if you need help with either of these points I suggest asking separate questions (or searching here; I'm sure there's plenty of existing advice available too).
else
{
echo "ID/Password Mismatch";
}
is connected with the
if($row["userid"]==$id && $row["paswd"]==$pwd)
{
So since you are giving a wrong id. It echo's: ID/Password Mismatch
Also the else at if ($result) { wont ever show since
$result = mysqli_query($con, "SELECT * FROM users WHERE userid=$id");
You need some additionnal checks:
select * return 1 row (not 0, and not more)
you need to protect the datas entered by the html form (for example someone could enter 1 or 1 to return all rows
<?php
session_start();
$con = mysqli_connect("localhost", "????", "????", "??????");
$id = mysqli_real_escape_string($_POST['userid']);
$pwd = mysqli_real_escape_string($_POST['paswd']);
if ($con) {
// don't even do the query if data are incomplete
if (empty($id) || empty($pwd)
$result = false;
else
{
// optionnal : if userid is supposed to be a number
// $id = (int)$id;
$result = mysqli_query($con, "SELECT * FROM users WHERE userid='$id'");
}
if (mysqli_num_rows($result) != 1)
$result = false;
if ($result) {
$row = mysqli_fetch_assoc($result);
if ($row["userid"] == $id && $row["paswd"] == $pwd) {
echo "Welcome! You are a authenticate user";
if ($id == $pwd)
//my default login id and password are same
{
header("Location: changepwd.html");
} else {
header("Location: dataentry.html");
}
} else {
echo "ID/Password Mismatch";
}
} else {
echo "User does not Exist, or incomplete input";
}
} else {
echo "Connection failed - " . mysqli_error() . " -- " . mysqli_errno();
}
?>
Try with isset() method while you are checking if $result empty or not.
that is in line
if ($result) {.......}
use
if (isset($result)) { .......}
$result is always true, because mysqli_query() only returns false if query failed.
You could check if $result has actual content with empty() for example.
You can use this sql compare password as well with userid
$sql= "SELECT * FROM users WHERE userid='".$id.", and password='".$pwd."'";
I am using the header function to locate to another page based on certain conditions. I am monitoring a mailbox and the code redirects to another page based on the sender address. All headers are working except one. If the sender does not belongs to any existing group, I wanted to redirect it to new.php. But it is not redirecting. I am unable to figure out why. Please help me.
<?php
session_start();
$server = '{server}INBOX';
$username = 'aaa#bbb.com';
$password = 'password';
require_once '../swift/lib/swift_required.php';
include('connection.php');
$connection = imap_open($server,$username,$password) or die('Cannot connect to Gmail: ' . imap_last_error());
$_SESSION['connection']=$connection;
$result = imap_search($connection,'UNSEEN');
if($result) {
rsort($result);
foreach($result as $email_number)
{
$header = imap_headerinfo($connection, $email_number);
$fromaddr = $header->from[0]->mailbox . "#" . $header->from[0]->host;
$query = "select * from usergroup where email='$fromaddr'";
$_SESSION['fromaddr']=$fromaddr;
$result1 = mysql_query($query) or die($query."<br/><br/>".mysql_error());
while($line=mysql_fetch_array($result1,MYSQL_ASSOC))
{
$email=$line['email'];
$group=$line['group'];
if(mysql_num_rows($result1) == 1){
if($group == 1){
header("Location: facilitator.php");
}
elseif($group == 2){
header("Location: learner.php");
}
}
elseif (mysql_num_rows($result1) == 0) {
header("Location: new.php");
}
}
}
}
elseif (!$result)
{
echo "No unread messages found";
}
?>
It appears as though you are nesting that redirection inside the while loop. Since there are no rows, the while condition mysql_fetch_array() will immediately return FALSE and skip the whole block, including the redirection you intended it to follow.
Move the test for mysql_num_rows() outside the while loop.
// Test for rows and redirect BEFORE entering the while loop.
if (mysql_num_rows($result1) === 0) {
header("Location: new.php");
// Always explicitly call exit() after a redirection header!
exit();
}
// Otherwise, there are rows so loop them.
while($line=mysql_fetch_array($result1,MYSQL_ASSOC))
{
$email=$line['email'];
$group=$line['group'];
if($group == 1){
header("Location: facilitator.php");
}
}
You actually may not need a while loop at all, depending on how many rows you are expecting to fetch. If you only expect one group per email, then forego the loop and just call $line = mysql_fetch_array() once. However, if you are expecting multiple rows but want to redirect on the first one encountered where $group == 1, then your logic works. In that case however, since you are only doing the redirection and no other action, you might as well just put that condition in your query:
// Test the group in your query in the first place.
$query = "select * from usergroup where email='$fromaddr' AND group = 1";
$result1 = mysql_query($query) or die($query."<br/><br/>".mysql_error());
if (mysql_num_rows($result1) === 0) {
// you didn't match a row, redirect to new.php
}
else {
// you had a match, redirect to facilitator.php
}
Easy one:
change:
elseif (mysql_num_rows($result1) == 0){
to:
else {
The condition in the else if is probably false - so you don't get in there and thus the redirection doesn't occur.