Function help

[Nematode128]

Hello I'm currently working on a staff page for my website and I'm having trouble with a function not working corrrectly. The function is supposed to display an error message if the logged in user isn't a high enough level however it doesn't seem to be correctly getting the users rank level correctly cause in the error message it returns "You have a rank of" instead of "You have a rank of x". Here are my codes below

maindir/header.php

$username = $_SESSION['username'];
$sql = "SELECT * FROM users WHERE username=? LIMIT 1"; // SQL with parameters
$stmt = $link->prepare($sql); 
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result(); // get the mysqli result
$user = $result->fetch_assoc(); // fetch data  

function verify_staff() {

  if ($user['rank'] <= '2') {
  
    echo "
    <div class='alert alert-danger' role='alert'>
     You're not supposed to be here. You have a rank of " . $user['rank'] . "
     </div>
     ";
    exit;
   
   }
 }

 

/maindir/staff/index.php

<?php
require '../header.php';


verify_staff();

echo "Staff panel";

require '../footer.php';

?>

 

Edited April 14, 2020 by Nematode128

[gw1500se]

First do not use * in your query. Only ask for the columns you intend to use.

As for your question, you need to make sure the query is returning what you expect. Do this to verify it:

echo "<pre>";
print_r($user);
echo "</pre>";

 

[NotSunfighter]

Why are you pulling everything from the db with the * when all you want is the rank?

In your echo you are putting a double quote inside a double quote.  => You have a rank of " . $user['rank'] . "

[Nematode128]

8 minutes ago, NotSunfighter said:

Why are you pulling everything from the db with the * when all you want is the rank?

In your echo you are putting a double quote inside a double quote.  => You have a rank of " . $user['rank'] . "

I'm getting username, email and a few other things later on. 

[Nematode128]

11 minutes ago, gw1500se said:

First do not use * in your query. Only ask for the columns you intend to use.

As for your question, you need to make sure the query is returning what you expect. Do this to verify it:

echo "<pre>";
print_r($user);
echo "</pre>";

I know $user is returning other values because it can echo $user['username'], $user['email']; etc from the table no problem

 

[Barand]

The variable "$user" does not exist inside your function (variable scope!).

Pass it in your function call. E.G.

verify_staff($user);

 

[Nematode128]

1 minute ago, Barand said:

The variable "$user" does not exist inside your function (variable scope!).

Pass it in your function call. E.G.

verify_staff($user);

Okay that makes sense. Would I have to run another sql query inside the function then?

 

[Barand]

$user is already the output from a  query you have just run.