|
Posted by Andy Pieters on 10/21/70 11:15
On Thursday 05 May 2005 10:10, Anasta wrote:
> Why doesnt this work, it shows the username but not the balance of the
> users money.here is the mysql table:
>
> <?php session_start();
> include("connect.php");
> $uname=$_SESSION['username'];
> $user_balance=mysql_query($sql);
> $sql = "Select FROM users ,user_balance WHERE user_id =$uname";
> $result = mysql_query();
>
> ?>
> <?php echo $uname;?><br>
> <?php echo $user_balance;?>
Hi Anasta
In your code, when you issue the mysql_query command the first time, the
variable $sql is still empty.
You should rewrite your script like this:
<?php
session_start();
require('connect.php');
$uname=mysql_escape_string($_SESSION['username'];
$sql= "SELECT *
FROM `users`, `user_balance`
WHERE `user_id`='$uname';";
$result=mysql_query($sql) or die('Database Error');
if(is_resource($result))
if(mysql_num_rows($result>0))
{
$data=mysql_fetch_assoc($result);
mysql_free_result($result);
$user_balance=$data['user_balance'];
$found=true;
}
if(!(isset($found))
echo "Sorry, I could not find a record for user id $uname";
else
{
echo "User: $uname<br>
Balance: $user_balance<br>";
}
?>
Notes:
* just because it comes from SESSION doesn't mean that it cannot be spoofed.
That's why you should escape uname before including it in a query.
* in mysql commands, it is better to explicitally specify the resource link
identifier you obtained when you opened the connection
($link=mysql_connect(...))
* if you include a critical script, better use 'require' because it will cause
php to stop parsing the page if it cannot find the script.
With kind regards
Andy
--
Registered Linux User Number 379093
-- --BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT/O/>E$ d-(---)>+ s:(+)>: a--(-)>? C++++$(+++) UL++++>++++$ P-(+)>++
L+++>++++$ E---(-)@ W+++>+++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++)
PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+)
e>++++$@ h++(*) r-->++ y--()>++++
-- ---END GEEK CODE BLOCK------
--
Check out these few php utilities that I released
under the GPL2 and that are meant for use with a
php cli binary:
http://www.vlaamse-kern.com/sas/
--
--
Navigation:
[Reply to this message]
|