I borrowed some code from a website, and then hacked a little part of the class adding my own function, except it doesn't work. I am sure there is something small that i am missing,
class auth {
// default constructor
function auth() {
if( isset( $_POST['username'] ) && isset( $_POST['password'] ) )
{ $this->mysql_bind(); }
else if ( isset( $_GET['logout'] ) ) {
$this->user_logout();
}
}
// cut a bunch of code out here
function user_secLevel($username, $secLevel){
$sql = sprintf("UPDATE auth_users SET secLevel = %s WHERE username = %s",
$this->quote_smart($secLevel),
$this->quote_smart("patty"));
mysql_query($sql) or die ("Couldn't execute query. r_name=".$username.". seclevel".$secLevel." : ".$sql);
}
// Quote variable to make safe
function quote_smart($value)
{
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Quote if not a number or a numeric string
if (!is_numeric($value)) {
$value = "'".mysql_real_escape_string($value)."'";
}
return $value;
}
}
// create the auth object
$auth = new auth();
<?
include('../includes/auth.php');
switch ($_GET['action']){
case "delete":
echo "i equals 0";
break;
case "update":
$auth->user_secLevel($_GET['uid'], $_GET['secLevel']);
echo "the user ".$_GET['uid']." has been updated to security level ".$_GET['secLevel'] ;
break;
default:
echo "There was a mistake and you should not be viewing this page";
//2265
}
?>
this is the output that i get
Couldn't execute query. r_name=patty. seclevel2 : UPDATE auth_users SET secLevel = 2 WHERE username = ''
I know my debugging is ugly. but it seems to spit out the relevant info.
This leads me to believe that the quote_smart function works for the numeric value but not the string value. which baffles me since it works when tested alone.
i am pulling my hair out here. what am i missing?
thanks in advance.