Help with if statement and sql select from two tables

Question

mbhanley0 Light Poster

14 Years Ago

Can anyone tell me if I am going in the wright direction with this, or if there is a better way, I am trying to create a session check so that if logged in clients change the url id number
example.com?id=192
it won't show other clients contents. Its the first time having to write a cms with multiple mysql table checks so the query is probably wrong as well.

$id= mysql_real_escape_string($row['id']); $user_id= mysql_real_escape_string($row['user_id']); $username = mysql_real_escape_string($_SESSION['username']); $who = mysql_query("SELECT u.id, u.username FROM users u INNER JOIN profile p WHERE username='$username' AND user_id='$id'"); $who_num_rows = mysql_num_rows($who); if (!$username&&$id==$user_id) Runn valid page content. else { Runn error. }

mysql php session

2 Contributors
6 Replies
178 Views
7 Hours Discussion Span
Latest Post 14 Years Ago Latest Post by paulrajj

paulrajj6 Junior Poster

14 Years Ago

Hi,

Could you post your page entire content. May be that will help to identify the exact problem.

paulrajj6 Junior Poster

14 Years Ago

Do you have session_start() and database configurations enabled in this current page ?
and What kind of errors do u get ?

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

mbhanley0 Light Poster · Answer 1 · 2011-01-08T01:59:40+00:00

Sure no prob, thanks for your help..

$id = mysql_real_escape_string($row['id']); $user_id = mysql_real_escape_string($row['user_id']); $username = mysql_real_escape_string($_SESSION['username']); $who = mysql_query("SELECT u.id, u.username FROM users u INNER JOIN profile p WHERE username='$username' AND user_id='$id'"); $who_num_rows = mysql_num_rows($who); if (!$username&&$id==$user_id) function update_model_form($id){ $id = mysql_real_escape_string($id); sql = "SELECT p.cname, p.email, p.work_landline, p.mobile, p.door_no, p.street, p.town, p.county, p.country, p.postcode, p.website, p.aimage, p.intro, p.id FROM profile p INNER JOIN users u ON u.id=p.user_id WHERE u.username = "' . mysql_real_escape_string($_SESSION['username']) . ' " ORDER BY cname ASC"; $sql = "SELECT * FROM cescorts WHERE id = '$id'"; $res = mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_assoc($res); ?> <?php include 'tinymce.php'; ?> <form method="post" action="escorts.php"> <input type="hidden" name="update_model" value="true" /> <input type="hidden" name="id" value="<?php echo $row['id']; ?>"> <div id="edit-model-form"> <div class="edit-model"> <label for="g_name">Models Name:</label> <input type="text" name="g_name" value="<?php echo $row['g_name']; ?>"> </div> <br /> <div class="edit-model"> <label for="nationality">Nationality:</label> <input type="text" name="nationality" value="<?php echo $row['nationality']; ?>"> </div> <br /> <div class="edit-model"> <label for="age">Age:</label> <input type="text" name="age" value="<?php echo $row['age']; ?>"> </div> <br /> <div class="edit-model"> <label for="height">Height:</label> <input type="text" name="height" value="<?php echo $row['height']; ?>"> </div> <br /> <div class="edit-model"> <label for="bust">Bust:</label> <input type="text" name="bust" value="<?php echo $row['bust']; ?>"> </div> <br /> <div class="edit-model"> <label for="dress_size">Dress Size:</label> <input type="text" name="dress_size" value="<?php echo $row['dress_size']; ?>"> </div> <br /> <div class="edit-model"> <label for="hair">Hair Colour:</label> <input type="text" name="hair" value="<?php echo $row['hair']; ?>"> </div> <br /> <div class="edit-model"> <label for="eyes">Eye Colour:</label> <input type="text" name="eyes" value="<?php echo $row['eyes']; ?>"> </div> <br /> <div class="edit-model"> <label for="languages">Languages:</label> <input type="text" name="languages" value="<?php echo $row['languages']; ?>"> </div> <br /> <div class="edit-model"> <label for="availability">Availabiltiy:</label> <input type="text" name="availability" value="<?php echo $row['availability']; ?>"> </div> <br /> <div class="edit-model"> <label for="tel">Tel:</label> <input type="text" name="tel" value="<?php echo $row['tel']; ?>"> </div> <br /> <div class="edit-model"> <label for="email">email:</label> <input type="text" name="email" value="<?php echo $row['email']; ?>"> </div> <br /> <div class="edit-model"> <label for="location">Location:</label> <input type="text" name="location" value="<?php echo $row['location']; ?>"> </div> <br /> <div class="edit-model"> <table width="230" border="0"> <tr> <td><label for="incall">Incall: </label></td> <td><select name="incall"> <option selected="selected" value="<?php echo $row['incall']; ?>"><?php echo $row['incall']; ?></option> <option value="Yes"> Yes</option> <option value="No"> No</option> </select></td> </tr> <tr> <td><label for="outcall">Outcall: </label></td> <td><select name="outcall"> <option selected="selected" value="<?php echo $row['outcall']; ?>"><?php echo $row['outcall']; ?></option> <option value="Yes"> Yes</option> <option value="No"> No</option> </select></td> </tr> </table> </div> <br /> <br /> </div> <div class="edit-model-rates"> <table width="350" border="0"> <tr> <td><p><b>Rates</b></p></td> <td><label for="r_incall">Incall: </label></td> <td><label for="r_outcall">Outcall: </label></td> </tr> <tr> <td><p>1 Hour</p></td> <td><input type="text" name="incall_1hr" value="<?php echo $row['incall_1hr']; ?>"></td> <td><input type="text" name="outcall_1hr" value="<?php echo $row['outcall_1hr']; ?>"></td> </tr> <tr> <td><p>90 Mins</p></td> <td><input type="text" name="incall_90mins" value="<?php echo $row['incall_90mins']; ?>"></td> <td><input type="text" name="outcall_90mins" value="<?php echo $row['outcall_90mins']; ?>"></td> </tr> <tr> <td><p>2 Hours</p></td> <td><input type="text" name="incall_2hrs" value="<?php echo $row['incall_2hrs']; ?>"></td> <td><input type="text" name="outcall_2hrs" value="<?php echo $row['outcall_2hrs']; ?>"></td> </tr> <tr> <td><p>Additional Hour</p></td> <td><input type="text" name="iadditional_hr" value="<?php echo $row['iadditional_hr']; ?>"></td> <td><input type="text" name="oadditional_hr" value="<?php echo $row['oadditional_hr']; ?>"></td> </tr> <tr> <td><p>Additional 30 Mins</p></td> <td><input type="text" name="iadditional_30mins" value="<?php echo $row['iadditional_30mins']; ?>"></td> <td><input type="text" name="oadditional_30mins" value="<?php echo $row['oadditional_30mins']; ?>"></td> </tr> <tr> <td><p>Overnight</p></td> <td><input type="text" name="iovernight" value="<?php echo $row['iovernight']; ?>"></td> <td><input type="text" name="oovernight" value="<?php echo $row['oovernight']; ?>"></td> </tr> <tr> <td><p>Dinner Date</p></td> <td><input type="text" name="dinner_date" value="<?php echo $row['dinner_date']; ?>"></td> </tr> </table> </div> <div id="desc"> <label for="intro">Intro:</label> <br /> <textarea name="g_desc" cols="20" rows="19" id='elm3'><?php echo $row['g_desc']; ?></textarea> </div> <input type="hidden" name="user_id" value="<?php echo $row['user_id']; ?>"><br /> <div id="edit-model-btn"><input type="submit" name="submit" value="Update Model" /></div> </form> <?php } else { die ("This is not your your account data!"); }

mbhanley0 Light Poster · Answer 2 · 2011-01-08T02:26:13+00:00

yeh I got the database setup correct and the session start at the top of each page

I get the following error,

Parse error: syntax error, unexpected T_ELSE, expecting T_FUNCTION in C:\xampp\htdocs\public_html\adultxxxzone.co.uk\members\agency\class\members_class.php on line 759

mbhanley0 Light Poster · Answer 3 · 2011-01-08T02:28:04+00:00

I noticed I did not show the full code missed a bit, soz here is the full function

//Update model function update_model_form($id){ $id = mysql_real_escape_string($row['id']); $user_id = mysql_real_escape_string($row['user_id']); $username = mysql_real_escape_string($_SESSION['username']); $who = mysql_query("SELECT u.id, u.username FROM users u INNER JOIN profile p WHERE username='$username' AND user_id='$id'"); $who_num_rows = mysql_num_rows($who); if (!$username&&$id==$user_id) $id = mysql_real_escape_string($id); $sql = "SELECT p.cname, p.email, p.work_landline, p.mobile, p.door_no, p.street, p.town, p.county, p.country, p.postcode, p.website, p.aimage, p.intro, p.id FROM profile p INNER JOIN users u ON u.id=p.user_id WHERE u.username = " . mysql_real_escape_string($_SESSION['username']) ." ORDER BY cname ASC"; $sql = "SELECT * FROM cescorts WHERE id = '$id'"; $res = mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_assoc($res); ?> <?php include 'tinymce.php'; ?> <form method="post" action="escorts.php"> <input type="hidden" name="update_model" value="true" /> <input type="hidden" name="id" value="<?php echo $row['id']; ?>"> <div id="edit-model-form"> <div class="edit-model"> <label for="g_name">Models Name:</label> <input type="text" name="g_name" value="<?php echo $row['g_name']; ?>"> </div> <br /> <div class="edit-model"> <label for="nationality">Nationality:</label> <input type="text" name="nationality" value="<?php echo $row['nationality']; ?>"> </div> <br /> <div class="edit-model"> <label for="age">Age:</label> <input type="text" name="age" value="<?php echo $row['age']; ?>"> </div> <br /> <div class="edit-model"> <label for="height">Height:</label> <input type="text" name="height" value="<?php echo $row['height']; ?>"> </div> <br /> <div class="edit-model"> <label for="bust">Bust:</label> <input type="text" name="bust" value="<?php echo $row['bust']; ?>"> </div> <br /> <div class="edit-model"> <label for="dress_size">Dress Size:</label> <input type="text" name="dress_size" value="<?php echo $row['dress_size']; ?>"> </div> <br /> <div class="edit-model"> <label for="hair">Hair Colour:</label> <input type="text" name="hair" value="<?php echo $row['hair']; ?>"> </div> <br /> <div class="edit-model"> <label for="eyes">Eye Colour:</label> <input type="text" name="eyes" value="<?php echo $row['eyes']; ?>"> </div> <br /> <div class="edit-model"> <label for="languages">Languages:</label> <input type="text" name="languages" value="<?php echo $row['languages']; ?>"> </div> <br /> <div class="edit-model"> <label for="availability">Availabiltiy:</label> <input type="text" name="availability" value="<?php echo $row['availability']; ?>"> </div> <br /> <div class="edit-model"> <label for="tel">Tel:</label> <input type="text" name="tel" value="<?php echo $row['tel']; ?>"> </div> <br /> <div class="edit-model"> <label for="email">email:</label> <input type="text" name="email" value="<?php echo $row['email']; ?>"> </div> <br /> <div class="edit-model"> <label for="location">Location:</label> <input type="text" name="location" value="<?php echo $row['location']; ?>"> </div> <br /> <div class="edit-model"> <table width="230" border="0"> <tr> <td><label for="incall">Incall: </label></td> <td><select name="incall"> <option selected="selected" value="<?php echo $row['incall']; ?>"><?php echo $row['incall']; ?></option> <option value="Yes"> Yes</option> <option value="No"> No</option> </select></td> </tr> <tr> <td><label for="outcall">Outcall: </label></td> <td><select name="outcall"> <option selected="selected" value="<?php echo $row['outcall']; ?>"><?php echo $row['outcall']; ?></option> <option value="Yes"> Yes</option> <option value="No"> No</option> </select></td> </tr> </table> </div> <br /> <br /> </div> <div class="edit-model-rates"> <table width="350" border="0"> <tr> <td><p><b>Rates</b></p></td> <td><label for="r_incall">Incall: </label></td> <td><label for="r_outcall">Outcall: </label></td> </tr> <tr> <td><p>1 Hour</p></td> <td><input type="text" name="incall_1hr" value="<?php echo $row['incall_1hr']; ?>"></td> <td><input type="text" name="outcall_1hr" value="<?php echo $row['outcall_1hr']; ?>"></td> </tr> <tr> <td><p>90 Mins</p></td> <td><input type="text" name="incall_90mins" value="<?php echo $row['incall_90mins']; ?>"></td> <td><input type="text" name="outcall_90mins" value="<?php echo $row['outcall_90mins']; ?>"></td> </tr> <tr> <td><p>2 Hours</p></td> <td><input type="text" name="incall_2hrs" value="<?php echo $row['incall_2hrs']; ?>"></td> <td><input type="text" name="outcall_2hrs" value="<?php echo $row['outcall_2hrs']; ?>"></td> </tr> <tr> <td><p>Additional Hour</p></td> <td><input type="text" name="iadditional_hr" value="<?php echo $row['iadditional_hr']; ?>"></td> <td><input type="text" name="oadditional_hr" value="<?php echo $row['oadditional_hr']; ?>"></td> </tr> <tr> <td><p>Additional 30 Mins</p></td> <td><input type="text" name="iadditional_30mins" value="<?php echo $row['iadditional_30mins']; ?>"></td> <td><input type="text" name="oadditional_30mins" value="<?php echo $row['oadditional_30mins']; ?>"></td> </tr> <tr> <td><p>Overnight</p></td> <td><input type="text" name="iovernight" value="<?php echo $row['iovernight']; ?>"></td> <td><input type="text" name="oovernight" value="<?php echo $row['oovernight']; ?>"></td> </tr> <tr> <td><p>Dinner Date</p></td> <td><input type="text" name="dinner_date" value="<?php echo $row['dinner_date']; ?>"></td> </tr> </table> </div> <div id="desc"> <label for="intro">Intro:</label> <br /> <textarea name="g_desc" cols="20" rows="19" id='elm3'><?php echo $row['g_desc']; ?></textarea> </div> <input type="hidden" name="user_id" value="<?php echo $row['user_id']; ?>"><br /> <div id="edit-model-btn"><input type="submit" name="submit" value="Update Model" /></div> </form> <?php } function update_model($p) { $id = mysql_real_escape_string($p['id']); $g_name = mysql_real_escape_string($p['g_name']); $nationality = mysql_real_escape_string($p['nationality']); $age = mysql_real_escape_string($p['age']); $height = mysql_real_escape_string($p['height']); $bust = mysql_real_escape_string($p['bust']); $dress_size = mysql_real_escape_string($p['dress_size']); $hair = mysql_real_escape_string($p['hair']); $eyes = mysql_real_escape_string($p['eyes']); $languages = mysql_real_escape_string($p['languages']); $availability = mysql_real_escape_string($p['availability']); $tel = mysql_real_escape_string($p['tel']); $email = mysql_real_escape_string($p['email']); $location = mysql_real_escape_string($p['location']); $incall = mysql_real_escape_string($p['incall']); $outcall = mysql_real_escape_string($p['outcall']); $incall_1hr = mysql_real_escape_string($p['incall_1hr']); $incall_90mins = mysql_real_escape_string($p['incall_90mins']); $incall_2hrs = mysql_real_escape_string($p['incall_2hrs']); $outcall_1hr = mysql_real_escape_string($p['outcall_1hr']); $outcall_90mins = mysql_real_escape_string($p['outcall_90mins']); $outcall_2hrs = mysql_real_escape_string($p['outcall_2hrs']); $iadditional_hr = mysql_real_escape_string($p['iadditional_hr']); $oadditional_hr = mysql_real_escape_string($p['oadditional_hr']); $iadditional_30mins = mysql_real_escape_string($p['iadditional_30mins']); $oadditional_30mins = mysql_real_escape_string($p['oadditional_30mins']); $dinner_date = mysql_real_escape_string($p['dinner_date']); $iovernight = mysql_real_escape_string($p['iovernight']); $oovernight = mysql_real_escape_string($p['oovernight']); $g_desc = mysql_real_escape_string($p['g_desc']); $user_id = mysql_real_escape_string($p['user_id']); if(!$g_name): if(!g_name): echo "<p>Model name is required</p>"; endif; echo '<p><a href="edit-escort.php?id=' . $id . '">Try Again</a></p>'; else: $sql = "UPDATE cescorts SET id ='$id', g_name ='$g_name', nationality ='$nationality', age ='$age', height ='$height', bust ='$bust', dress_size ='$dress_size', hair ='$hair', eyes ='$eyes', languages ='$languages', availability ='$availability', tel ='$tel', email ='$email', location ='$location', incall ='$incall', outcall ='$outcall', incall_1hr ='$incall_1hr', incall_90mins ='$incall_90mins', incall_2hrs ='$incall_2hrs', outcall_1hr ='$outcall_1hr', outcall_90mins ='$outcall_90mins', outcall_2hrs ='$outcall_2hrs', iadditional_hr ='$iadditional_hr', oadditional_hr ='$oadditional_hr', iadditional_30mins ='$iadditional_30mins', oadditional_30mins ='$oadditional_30mins', dinner_date ='$dinner_date', iovernight ='$iovernight', oovernight ='$oovernight', g_desc ='$g_desc', user_id ='$user_id' WHERE id ='$id' "; $res = mysql_query($sql) or die(mysql_error()); echo "Updated Successfully! <a href='escorts.php'>Continue</a>"; endif; } else { die ("This is not your your account data!"); }

paulrajj6 Junior Poster · Answer 4 · 2011-01-08T02:44:59+00:00

Hi,

It seems you messed up with the if else conditions outside the function. Remove the else part after the line no 231. or try to rearrange the if else parts.