Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 15 of 15
  1. #1
    Regular Coder
    Join Date
    Nov 2011
    Posts
    250
    Thanks
    8
    Thanked 4 Times in 4 Posts

    IF ELSE and SESSIONS

    I'm having another problem, I know your all surprised, lol. For some reason I can't get the 'IF' statement below to work, it shows the first 'echo' regardless of whether the username matches the session username.

    PHP Code:
    $strSql "SELECT * FROM army JOIN users ON army.email = users.email WHERE users.id='".$_GET['id']."'";
    $rs mysql_query($strSql) or die(mysql_error());
        
        
    // Loop the recordset $rs
        
    while($row mysql_fetch_array($rs))
      {

           
    // Name of the person
          
    $strName $row['regname'];
          
    $val $row['armyid'];
          
    $username $row['username'];

           
    // Create a link to person.php with the id-value in the URL
           
    $strLink "<a href = 'army.php?id=$val' target='_parent'>" $strName "</a>";
        
            
    // List link
            
    if ($_SESSION['username'] = $username)
       {
       echo 
    "<li>" $strLink " - <a href='edit.php?id=$val' target='_parent'>Edit</a></li>";
       }
       else
       {
       echo 
    "<li>" $strLink "</li>";}
            
           

          }

        
    // Close the database connection
        
    mysql_close(); 

  • #2
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,628
    Thanks
    0
    Thanked 648 Times in 638 Posts
    if ($_SESSION['username'] = $username)

    Sets $_SESSION['username'] to the value in$username and then tests if the result is a value that is considered to be true (for strings that means anything except an empty string or a string containing only a 0)

    if ($_SESSION['username'] == $username)

    compares $_SESSION['username'] to $username
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #3
    Regular Coder
    Join Date
    Nov 2011
    Posts
    250
    Thanks
    8
    Thanked 4 Times in 4 Posts
    I've changed it but still the same problem.

  • #4
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,314
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    What do you get when you dump the two variables to the screen? (Remember this is your no 1 debugging tool)
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #5
    Regular Coder
    Join Date
    Nov 2011
    Posts
    250
    Thanks
    8
    Thanked 4 Times in 4 Posts
    You mean the session? I get this

    array(2) { ["userid"]=> &string(1) "2" ["username"]=> &string(6) "Foster" }

  • #6
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,314
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    No, the two variables you are comparing.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #7
    Regular Coder
    Join Date
    Nov 2011
    Posts
    250
    Thanks
    8
    Thanked 4 Times in 4 Posts
    I'm not sure what you mean. What I'm wanting to do is show a different link if the person logged in is the person who's profile is being viewed.

  • #8
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,314
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    Quote Originally Posted by Foster View Post
    I can't get the 'IF' statement below to work

    PHP Code:
    if ($_SESSION['username'] = $username
    Quote Originally Posted by felgall View Post
    if ($_SESSION['username'] == $username)

    compares $_SESSION['username'] to $username
    Quote Originally Posted by tangoforce View Post
    What do you get when you dump the two variables to the screen? (Remember this is your no 1 debugging tool)
    Quote Originally Posted by Foster View Post
    You mean the session? I get this
    Quote Originally Posted by tangoforce View Post
    No, the two variables you are comparing.
    Quote Originally Posted by Foster View Post
    I'm not sure what you mean.
    Yes you do know what I mean. It's been the main issue all the way through this topic, your if statement that compares two variables. Why would I be interested in any other two variables outside of the if conditional?

    I've replied to you twice and got nowhere. Why is this?
    Last edited by tangoforce; 10-25-2013 at 12:31 PM.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #9
    Regular Coder
    Join Date
    Nov 2011
    Posts
    250
    Thanks
    8
    Thanked 4 Times in 4 Posts
    No I don't know what you mean, if I did then I would tell you.

  • #10
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,314
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5


    So despite quoting them twice, and telling you I am not interested in any other variables outside the if() you still don't have any idea what two values I am interested in?

    Here is a very small hint:

    $_SESSION['username']
    $username

    Now, when you dump those to the screen, what do they contain? Do this right above your if conditional so that you know what the if() is testing - like this:

    PHP Code:
    var_dump($_SESSION['username']);
    var_dump($username);

    if (
    $_SESSION['username'] == $username
    Also post your revised code as I am not convinced you've corrected your if properly after felgalls advice.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #11
    Regular Coder
    Join Date
    Nov 2011
    Posts
    250
    Thanks
    8
    Thanked 4 Times in 4 Posts
    This is the current code

    PHP Code:
    <?php
    include('include.php');
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <link href="/style.css" rel="stylesheet" type="text/css" />
    <link rel="stylesheet" type="text/css" href="/ddlevelsfiles/ddlevelsmenu-base.css" />
    <link rel="stylesheet" type="text/css" href="/ddlevelsfiles/ddlevelsmenu-topbar.css" />
    <link rel="stylesheet" type="text/css" href="/ddlevelsfiles/ddlevelsmenu-sidebar.css" />

    <script type="text/javascript" src="/ddlevelsfiles/ddlevelsmenu.js"></script>

    <title>Imperial Archive</title>

    </head>

    <body>
    <?php
             
    // Connect to database server
        
    mysql_connect("imperialarchivecom.ipagemysql.com""foster","babyzack11") or die (mysql_error ());

        
    // Select database
        
    mysql_select_db("imperialarchive") or die(mysql_error());

        
    // Get data from the database depending on the value of the id in the URL
        
    $strSql "SELECT * FROM army JOIN users ON army.email = users.email WHERE users.id='".$_GET['id']."'";
    $rs mysql_query($strSql) or die(mysql_error());
        
        
    // Loop the recordset $rs
        
    var_dump($_SESSION['username']);
        
    var_dump($username); 
        while(
    $row mysql_fetch_array($rs))
      {

           
    // Name of the person
          
    $strName $row['regname'];
          
    $val $row['armyid'];
          
    $username $row['username'];

           
    // Create a link to person.php with the id-value in the URL
           
    $strLink "<a href = 'army.php?id=$val' target='_parent'>" $strName "</a>";
        
            
    // List link
            
    if ($_SESSION['username'] == $username)
       {
       echo 
    "<li>" $strLink " - <a href='edit.php?id=$val' target='_parent'>Edit</a></li>";
       }
       else
       {
       echo 
    "<li>" $strLink "</li>";}
            
           

          }

        
    // Close the database connection
        
    mysql_close();
        
    ?>
    </body>
    </html>
    And the outcome of dumping the variables

    string(5) "Ivory" string(5) "Ivory"
    This is the same regardless of which user profile is being viewed.

  • #12
    Regular Coder
    Join Date
    Nov 2011
    Posts
    250
    Thanks
    8
    Thanked 4 Times in 4 Posts
    Fixed it, for some reason it didn't like me using $username. I assume I am using it elsewhere, changed it to $uname and all is working as it should.

  • #13
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,314
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    Quote Originally Posted by tangoforce View Post
    Do this right above your if conditional so that you know what the if() is testing - like this:

    PHP Code:
    var_dump($_SESSION['username']);
    var_dump($username);

    if (
    $_SESSION['username'] == $username
    Quote Originally Posted by Foster View Post
    This is the current code

    PHP Code:
    <?php
    include('include.php');

        
    var_dump($_SESSION['username']);
        
    var_dump($username); 
        while(
    $row mysql_fetch_array($rs))
      {

           
    // Name of the person
          
    $strName $row['regname'];
          
    $val $row['armyid'];
          
    $username $row['username'];

           
    // Create a link to person.php with the id-value in the URL
           
    $strLink "<a href = 'army.php?id=$val' target='_parent'>" $strName "</a>";
        
            
    // List link
            
    if ($_SESSION['username'] == $username)
    I see yet again you ignored what I said I said right above the if, you skipped several lines further above it before your result set loop. I even gave you code you just needed to copy and paste but you still ignored that You are beyond being helped

    You mention changing the $username to $uname has solved this and that $username is always Ivory. You've also dumped it before even setting it in your result set loop and it's set as Ivory. This indicates that something somewhere else is setting the variable. From the code you've shown there is nothing that would do that so it must be something in your included file.

    One other thing, your SQL is unprotected and vulnerable to injection. I doubt you'll take note of that advice though
    Last edited by tangoforce; 10-25-2013 at 03:14 PM.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #14
    Regular Coder
    Join Date
    Nov 2011
    Posts
    250
    Thanks
    8
    Thanked 4 Times in 4 Posts
    Quote Originally Posted by tangoforce View Post
    I see yet again you ignored what I said I said right above the if, you skipped several lines further above it before your result set loop. I even gave you code you just needed to copy and paste but you still ignored that You are beyond being helped
    I ran the code both where you told me and where I put it in the code, I did that to see if it made a difference.

    Quote Originally Posted by tangoforce View Post
    You mention changing the $username to $uname has solved this and that $username is always Ivory. You've also dumped it before even setting it in your result set loop and it's set as Ivory. This indicates that something somewhere else is setting the variable. From the code you've shown there is nothing that would do that so it must be something in your included file.
    You're right it is being set in my included file.

    Quote Originally Posted by tangoforce View Post
    One other thing, your SQL is unprotected and vulnerable to injection. I doubt you'll take note of that advice though
    Can you offer me any advice on how to make it more secure? A link would suffice as I'm sure you're a busy man.

  • #15
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,314
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    lookup the mysql_real_escape_string() function on php.net - thats a bare minimum security wise.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •