Check MySql entry help

[Drewdle]

I tried adding a group field to my user table so I can show different content to different users but when I do the check and then if/else the required info it doesn't seem to do it.

 

I think I've got a mistake in my query:

<?php include ('header.php'); ?>
</center>
<?php
$username = mysql_real_escape_string($_POST['username']);

$checkadmin = mysql_query("SELECT Group FROM users WHERE Username = '".$username."'");

if('$checkadmin' == GroupA)
{
?>
Welcome Admin!
<?php
}
else
{
?>
You are not authorised.
<?php
}
include ('footer.php') ?>

 

Whats wrong with it?

 

Cheers.

[trq]

A few things. Firstly variables are not interpolated within single quotes, so '$checkadmin' is simply a string. Secondly, strings need to be surrounded by quotes, so GroupA will likley be an undefined constant.

 

Thirdly, mysql_query returns a result resource, this needs to be passed to one of the mysql_fetch_* functions in order to retrieve any actual data. See mysql_fetch_assoc.

 

Fourthly, why not simply query for the data you want in the first place?

 

Lastly, you have no error handling at all.

 

<?php

if (isset($_POST['username'])) {

  $username = mysql_real_escape_string($_POST['username']);

  if ($result = mysql_query("SELECT Group FROM users WHERE Username = '$username' && Group = 'GroupA' LIMIT 1")) {
    if (mysql_num_rows($result)) {
      echo "Welcome Admin!";
    } else {
      echo "You are not authorised.";
    }
  }
}

[Drewdle]

Ok sorted all that, thanks!

 

I get an error now:

 Unknown column '$username' in 'where clause'

 

$username = Currently logged in user (eg. Bob)

 

The user does exist, do I have something in the wrong place?

[Drewdle]

OK I think I fixed the previous error:

<?php include ('header.php'); ?>
</center>
<div class=content>
<?php
$username = $_SESSION['Username'];

$checkadmin = mysql_query("SELECT 'Group' FROM users WHERE '$username' = Username")or die ('Error: '.mysql_error ());
$field = mysql_fetch_assoc($checkadmin);
if ($field == "Admin")
{
?>
Welcome Admin!
<?php
}
else
{
?>
You are not authorised.
</div>
<?php
}
include ('footer.php') ?>

 

Only problem is it outputs the query as Group instead of Admin so the if statement wont work?

 

I run the query in phpMyAdmin and it worked, showing me the Group column and the field entry 'Group' however the field entry should be Admin, it is when I check it in Browse...?

 

[trq]

Did you look at my first reply or are you just choosing to ignore good advice?

[Drewdle]

I apologise I did not use the horizontal scroll bar, or rather didn't see it.

 

I've changed it to your version and it just outputs 

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Group = 'GroupA' LIMIT 0, 30' at line 1

 

My database is set up as follows:

 

id  |  username  |    group    |    email  |

----------------------------------------------------

1  |      name      |    GroupA  |    a@a  |

 

Basically what I want is to check the user is in GroupA and display the page or show them an access denied message.

 

Am I even going about it the right way?

 

(sorry for seeming bit dumb I haven't quite grasped queries properly)

[trq]

<?php

if (isset($_POST['username'])) {

  $username = mysql_real_escape_string($_POST['username']);

  if ($result = mysql_query("SELECT group FROM users WHERE username = '$username' && group = 'GroupA' LIMIT 1")) {
    if (mysql_num_rows($result)) {
      echo "Welcome Admin!";
    } else {
      echo "You are not authorised.";
    }
  }
}