Need help with code

[zed420]

Hi All

Can someone please help me with this code, there are two MySQL tables ‘user_tb’ and ‘job_tb’  id is the primary key in user_tb and user_id is the foreign key in job_tb.  A user populates the user_id by form as his Acc no. All I’m trying to do is to prevent him inserting the wrong Acc no (user_id)  if he does an error message pop up.  With code below I’m getting error message both times whether he inserts Right or Wrong Acc no. there are no other errors, I have also echo the id from user it bring out the right one for the current session user. Some help will be greatly appreciated.

 

 if (isset($_POST['user_id'])) {
     $user_id= mysql_real_escape_string($_POST['user_id']); 
     $query = "SELECT id FROM user WHERE id ='$user_id'";
     $result = mysql_query($query)or die(mysql_error());
                  // If the user was found, 
     if (mysql_num_rows($result) < 1) {
	 error_message("Your Account number was NOT found in our database!");   
	 }else{
	if ($name = $_SESSION['name']){
$query = "SELECT id FROM user WHERE username = '$name'";
$result = mysql_query($query)
       or die ("Couldn't execute query for collecting your data.");
     if (mysql_num_rows($result) != 'user_id') {
	 error_message("Sorry your inserted Account no. Does Not match with your username");   
	 }else{
Query= INSERT .....
      }
    }
  }
}

 

Thanks

Zed

 

 

[samshel]

if (mysql_num_rows($result) != 'user_id') {

 

u r comparing integer with string...i think u need this.

$query = "SELECT id FROM user WHERE username = '$name' and id = '$user_id'";
$result = mysql_query($query)
       or die ("Couldn't execute query for collecting your data.");
     if (mysql_num_rows($result) < 1) {
	error_message("Sorry your inserted Account no. Does Not match with your username");   
	}else{
Query= INSERT .....

[zed420]

Thanks for your reply but no this one doesn't give out any error messages at all even with wrong Acc no.

 

Thanks

Zed

[samshel]

$query = "SELECT id FROM user WHERE username = '$name' and id = '$user_id'";
             echo $query;
$result = mysql_query($query)

 

echo the query and check the values that are going in there...

[zed420]

Yes its echoing the right values. Right id for each user. Its matter of comparing id with user_id and if they don't match pop out the error msg.

 

Zed

[samshel]

you mean you are entering the wrong user id and still it is giving you no error ?

[zed420]

Yes even if you insert wrong user_id.

 

Zed

[zed420]

 

Any suggestions  ???

[zed420]

Anyone any suggestions please.  ???

 

zed

[marcus]

Your code is confusing from the get-go

 

<?php
if (isset($_POST['user_id'])) {
    $user_id = mysql_real_escape_string($_POST['user_id']);
    $query = "SELECT id FROM user WHERE id ='" . $user_id . "'";
    $result = mysql_query($query) or die(mysql_error());
    // If the user was found,
    if (mysql_num_rows($result) < 1) {
        error_message("Your Account number was NOT found in our database!");
    } else {
        $row = mysql_fetch_assoc($res);
        if ($row['name'] == $_SESSION['name']) {
            $query2 = "SELECT * FROM user WHERE username = '" . $row['name'] . "'";
            $result2 = mysql_query($query2) or die("Couldn't execute query for collecting your data.");
            $row2 = mysql_fetch_assoc($result2);
            if ($row2['id'] != $user_id) {
                error_message("Sorry your inserted Account number does not match with your username");
            } else {
                #Query = INSERT . . . . .
            }
        }
    }
}
?>

[zed420]

Hi

First Query validates if there is a 'id' in user table else error the Second one I'm trying to validate and failing baddly if the user is inserting his own 'id' if not error msg.

 

Thanks

Zed