...
PDA

Compare Result

Switch17
03-20-2004, 03:41 PM
I'm trying to have an sql query return a result. Then to compare that result to another variable, and if the result matches the variable, then to proceed, and if not to indicate an error message. I'm still new to php and sql, but believe I'm making some progress in learning this.

Here is the code i' currently have: //========================================
// Get Team Identity and Proceed
//========================================

$PnTeamID = pnUserGetVar("_TEAM_ID");
$sql = "SELECT T.name, T.Team_ID FROM $TEAMS as T, $DRAFT_ORDER AS D WHERE
D.Team_ID = T.Team_ID AND D.season = $SEASON AND D.overall_pick = $overpick";
$result = mysql_query($sql);
$team_id = $row[1];
if ($team_id = $PnTeamID)
{
$row = mysql_fetch_row($result);
$team_name = $row[0];
}
else
{
//FATAL ERROR, This is not your team
include ("football/mots/includes/page_header.php");
echo ("Sorry, You are trying to access another teams information");
include ("football/mots/includes/page_footer.php");
exit;
}

I had thought that would work, but its still letting you access any of my teams information, when it should be restricting you to your own team. So if the PNTeamID matches the query, then to proceed, and if not, then give the error. At least thats what I think I need to do.
sidney
03-20-2004, 05:06 PM
$row = mysql_fetch_row($result);

put this before

$team_id = $row[1];

then i think it will work
Switch17
03-20-2004, 05:54 PM
Thanks for getting back to me. Unfortunately, that didn't do it. Same result. You can still access any team.

You can see what I mean here:

http://www.freedffl.com/football/mots/online_draft.php

Its the skipped picks. Right now, only the team "Conspiracy Theory" should be capable of entering a pick, as the user is logged with a team_id of 3. If they were to choose any other team, they should be told they don't have access.

Anther work around is to turn the submit links into text for all teams other than your own. I'd like to eventually do both to ensure no team can enter a player for someone else.
firepages
03-21-2004, 01:54 AM
Sidney is right in that here,

$result = mysql_query($sql);
$team_id = $row[1];


$row[1] is empty (until you call $row=mysql_fetch_row($result))

regardless you could be checking this in your query anyway .. adding
" AND T.Team_ID=$PnTeamID "
to your query would do such as far as I can tell.
Switch17
03-21-2004, 01:53 PM
I got it, thanks. You guys were right too, and it was easier to just add in into the query too.

EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum