TechMistress

Ugh, OK - I get the (int) part now. I think the problem seems to be that I don't know how to get the current user's rolename from the database. Here's my latest code. <?php session_start(); require("./init.php"); $user = (int) $_SESSION["userid"]; if (!isset($_SESSION["userid"])) { $template->assign("loginerror", 0); $template->display("login.tpl"); die(); } if($user->rolename){ $sql="SELECT ID, name, rolename FROM user WHERE rolename = 'Case Administrator' ORDER BY name"; } else { $sql="SELECT ID, name, rolename FROM user ORDER BY name"; } $result=mysql_query($sql); $options=""; while ($row=mysql_fetch_array($result)) { $ID=$row["ID"]; $rolename=$row["rolename"]; $name=$row["name"]; $options.="<OPTION VALUE=\"$ID\">".$name."</OPTION>\n "; } ?> <form name="message" action="messageck.php" method="post"> Subject: <input type="text" name="message_subject"><br> To: <SELECT NAME=message_to> <?php echo" <OPTION VALUE=0>Choose</option> $options </SELECT>"; ?>

Ok, tried this, but then it just shows the first sql query no matter what. if((int) $_SESSION["rolename"] == "User"){ $sql="SELECT ID, name, rolename FROM user WHERE rolename = 'Case Administrator' ORDER BY name"; $result=mysql_query($sql); } else { $sql="SELECT ID, name, rolename FROM user ORDER BY name"; $result=mysql_query($sql); } $options=""; while ($row=mysql_fetch_array($result)) { $ID=$row["ID"]; $rolename=$row["rolename"]; $name=$row["name"]; $options.="<OPTION VALUE=\"$ID\">".$name."</OPTION>\n "; }

Like I said, I don't know anything about coding, so I'm trying to learn as I go. I wouldn't know how to create a new session with rolename (and would only want it on this page anyway). Then, I wouldn't know how to do the while statements using the query codes you gave me. Getting more buried here, I expect!

Well, I'm getting closer... Realizing that I was using logic that was probably from smarty, I looked at the code again and realized what you said about rolename being a constant. I changed my if/else statement to this: <form name="message" action="messageck.php" method="post"> Subject: <input type="text" name="message_subject"><br> To: <SELECT NAME=message_to> <?php if (isset($_SESSION['userid']) && $_SESSION['rolename'] == $row['User']) { echo" <OPTION VALUE=0>Choose</option> $options </SELECT>"; } else { echo" <OPTION VALUE=0>Choose</option> $options2 </SELECT>"; } ?> Now it always shows $options2, no matter what my rolename - where before it was always showing $options1

No, my session just relates my user id - and rolename is simply a text field in the user table. When I'm logged in, I have to problem calling on other fields by using $user.xxx. I DID try using: $user = (int) $_SESSION["userid"]; $rolename = $user.rolename; (before the queries) and then using $rolename in the if/else statement, but it didn't work either. I have been using smarty templates in the software I'm using for this so perhaps the $user.rolename only applies to that. What is the proper format for an if/else statement like that?

Ok, below is the whole page code. What I want to happen is, if my rolename is "User" (which is just a text title in the db), then the dropdown box I see is options1 (which should be users with a rolename of "Case Administrator"), else, if I am any other rolename, just show all of the users. Right now, it's just always showing all user. <?php require("./init.php"); if (!isset($_SESSION["userid"])) { $template->assign("loginerror", 0); $template->display("login.tpl"); die(); } $user = (int) $_SESSION["userid"]; $sql="SELECT ID, name, rolename FROM user WHERE rolename = 'Case Administrator'"; $result=mysql_query($sql); $options=""; while ($row=mysql_fetch_array($result)) { $ID=$row["ID"]; $rolename=$row["rolename"]; $name=$row["name"]; $options.="<OPTION VALUE=\"$ID\">".$name."</OPTION>\n "; } $sql2="SELECT ID, name, rolename FROM user"; $result2=mysql_query($sql2); $options2=""; while ($row=mysql_fetch_array($result2)) { $ID=$row["ID"]; $rolename=$row["rolename"]; $name=$row["name"]; $options2.="<OPTION VALUE=\"$ID\">".$name."</OPTION>\n "; } ?> <form name="message" action="messageck.php" method="post"> Subject: <input type="text" name="message_subject"><br> To: <SELECT NAME=message_to> <?php if ($user.rolename == "User") { echo" <OPTION VALUE=0>Choose</option> $options </SELECT>"; } else { echo" <OPTION VALUE=0>Choose</option> $options2 </SELECT>"; } ?> <br> Message: <br> <textarea rows="20" cols="50" name="message_content"> </textarea> <?php echo '<input type="hidden" name="message_from" value="'.$user.'"><br>'; ?> <input type="submit" value="Submit"> </form>

You'll have to forgive me, because I have never coded in my life - I'm just learning! About the markup, it did return fine, because I caught that </option> thing earlier,so it looks like this: while ($row=mysql_fetch_array($result2)) { $ID=$row["ID"]; $rolename=$row["rolename"]; $name=$row["name"]; $options2.="<OPTION VALUE=\"$ID\">".$name."</OPTION>\n "; As far as the $user, it's set in the first part of my document with the session: if (!isset($_SESSION["userid"])) $user = (int) $_SESSION["userid"]; I know the user part is working, because I am only seeing MY messages, etc. (this is for a pm system). The 4olename part I thought was set in the queries part, so $user.rolename would be sufficient enough to say if ME, the user had a rolename of ... then do this.

The html options return perfect - it lists all of the users just fine. I even tested the form, chose one of the options and the form worked, chose that option and everything. Query 1 returns a list of all users in the database with the rolename of "Case Administrator" and Query 2 returns a list of all users in the database. It's when I tried to lay out both queries to address my if/else statement where something happens - instead of treating the queries separately, it's basically just returning query 2 every thime and ignoring query 1.

There are no errors. In the session, I define who I am (my user id). Then in the query I am fetching the rolename from the user table; and in the html form, I am setting an if/else statement saying in $user.rolename equals The only problem is what I stated already, but it's not really an error, it's just not performing correctly - it's not paying attention to my if/else, and just always returning $options2.

That IS all of the relevant code. The page starts with a session/user id. I call on all of the relevant data in the queries. The $rolename determines which user is online at the moment. The html form is spitting out all of the users in the dropdown, all of the time. I want it to show just users who match rolename "Case Administers" in the dropdown, if the current session user has a rolename of "User" - else, show all users from the user table.

Well, the html is fine and it's generating fine. Let me see if I can clarify: I have an if/else statement in my form. It says if I'm a particular user, I should see the query results for $options1 and if I'm else, I should see the query results of $options2. The problem is, no matter how I'm logged in, I'm seeing the results of $options2. So I don't know if this is a query problem or a php problem. Since the html comes out clean, I'm guessing it's not my if/else statement, but a problem with how I'm executing the queries.

Hello smarties! I have some code I've written, and it almost works! The problem is, no matter how I log in, the option selects are simply passing $options2 from my query. I'm sure I've got some bad syntax in here. Anyone here see it??? The Queries: $sql="SELECT ID, name, rolename FROM user WHERE rolename = 'Case Administrator'"; $result=mysql_query($sql); $sql2="SELECT ID, name, rolename FROM user"; $result2=mysql_query($sql2); $options=""; $options2=""; while ($row=mysql_fetch_array($result)) { $ID=$row["ID"]; $rolename=$row["rolename"]; $name=$row["name"]; $options.="<OPTION VALUE=\"$ID\">".$name; } while ($row=mysql_fetch_array($result2)) { $ID=$row["ID"]; $rolename=$row["rolename"]; $name=$row["name"]; $options2.="<OPTION VALUE=\"$ID\">".$name; } ?> The form: <form name="message" action="messageck.php" method="post"> Subject: <input type="text" name="message_subject"><br> To: <SELECT NAME=message_to> <?php if ($user.rolename == "User") { echo" <OPTION VALUE=0>Choose</option> $options</option> </SELECT>"; } else { echo" <OPTION VALUE=0>Choose</option> $options2</option> </SELECT>"; } ?>

SOLVED: ShortDesc = '".mysql_real_escape_string($_POST[shortDesc])."', DetailedDesc = '".mysql_real_escape_string($_POST[DetailedDesc])."',

Solved: ShortDesc = '".mysql_real_escape_string($_POST[shortDesc])."', DetailedDesc = '".mysql_real_escape_string($_POST[DetailedDesc])."',

Ok, I'm putting in or leaving out a , or a ; or something... Can someone help? Original code, gives me error about having an apostrophe in a couple of fields: $q1 = "insert into listings set ShortDesc ='$_POST[shortDesc]', DetailedDesc = '$_POST[DetailedDesc]', Price = '$_POST[Price]', currencyID = '$_POST[currencyID]', neighbourhood = '$_POST[neighbourhood]', PropertyType = '$_POST[PropertyType]', rooms = '$_POST[rooms]', bathrooms = '$_POST[bathrooms]', fireplace = '$_POST[fireplace]', garage = '$_POST[garage]', SquareFeet = '$_POST[squareFeet]', LotSize = '$_POST[LotSize]', HomeAge = '$_POST[HomeAge]', NearSchool = '$_POST[NearSchool]', NearTransit = '$_POST[NearTransit]', NearPark = '$_POST[NearPark]', OceanView = '$_POST[OceanView]', LakeView = '$_POST[LakeView]', MountainView = '$_POST[MountainView]', OceanWaterfront = '$_POST[OceanWaterfront]', LakeWaterfront = '$_POST[LakeWaterfront]', RiverWaterfront = '$_POST[RiverWaterfront]', image = '$ImageStr', DateAdded = '$t' "; mysql_query($q1) or die(mysql_error()); So, I added the mysql_real_escape_string on the two fields in question: ShortDesc = mysql_real_escape_string($_POST[shortDesc]), DetailedDesc = mysql_real_escape_string($_POST[DetailedDesc]), Price = '$_POST[Price]', currencyID = '$_POST[currencyID]', neighbourhood = '$_POST[neighbourhood]', PropertyType = '$_POST[PropertyType]', rooms = '$_POST[rooms]', bathrooms = '$_POST[bathrooms]', fireplace = '$_POST[fireplace]', garage = '$_POST[garage]', SquareFeet = '$_POST[squareFeet]', LotSize = '$_POST[LotSize]', HomeAge = '$_POST[HomeAge]', NearSchool = '$_POST[NearSchool]', NearTransit = '$_POST[NearTransit]', NearPark = '$_POST[NearPark]', OceanView = '$_POST[OceanView]', LakeView = '$_POST[LakeView]', MountainView = '$_POST[MountainView]', OceanWaterfront = '$_POST[OceanWaterfront]', LakeWaterfront = '$_POST[LakeWaterfront]', RiverWaterfront = '$_POST[RiverWaterfront]', image = '$ImageStr', DateAdded = '$t' "; but, this is breaks the post also. I get this error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1235000', currencyID = '1', neighbourhood = '', PropertyType = 'W' at line 14 So now it's allowing the apostrophe, but it messed up the set. How do I use the escape portion, without breaking the set? I've tried so many ways, but it always breaks somewhere.