0

Working with the Facebook PHP SDK. I have the same .php tag in two different files, in one it works but in the other it returns nothing. Any idea? I have the same config.php file included in both.

include("config.php");
include("fbconnect.php");

if (!isset($_SESSION['user']))
{
    $valor_voto = mysql_query("select voto from $mes_id where email=$email");
    $row = mysql_fetch_array($valor_voto);
    $valor = $row['voto'];

    if ($valor == 1)
    {
        echo '<img class="icon" src="/images/greencheck.png">';
    }
    else
    {
        echo '<img class="icon" src="/images/check.png">';
    }
}
else
{
    echo '<img class="icon" src="/images/check.png">';
}

Looks to me that $email is what fails because if I input the email manually it will return any of the 2 spectated values.

Thanks for the time.

$email comes from fbconnect.php:

if ($user)
{
    try
    {
        // Proceed knowing you have a logged in user who's authenticated.
        $user_profile = $facebook->api('/me');

        //Connecting to the database. You would need to make the required changes in the common.php file
        //In the common.php file you would need to add your Hostname, username, password and database name!
        mysqlc();

        $name     = GetSQLValueString($user_profile['name'], "text");
        $email    = GetSQLValueString($user_profile['email'], "text");
        $gender   = GetSQLValueString($user_profile['gender'], "text");
        $bio      = GetSQLValueString($user_profile['bio'], "text");
        $hometown = GetSQLValueString($user_hometown['hometown'], "text");
        $query    = sprintf("SELECT * FROM newmember WHERE email = %s", $email);
        $res      = mysql_query($query) or die('Query failed: ' . mysql_error() . "<br/>\n$sql");

        if ( mysql_num_rows($res) == 0 )
        {
            $iquery = sprintf("INSERT INTO newmember values('',%s,%s,%s,%s,'yes',%s)", $name, $email, $gender, $bio, $hometown);
            $ires   = mysql_query($iquery) or die('Query failed: ' . mysql_error() . "<br/>\n$sql");

            $_SESSION['user'] = $user_profile['email'];
            $_SESSION['id'] = $user_profile['id'];

        }
        else
        {
            $row = mysql_fetch_array($res);
            $_SESSION['user'] = $row['email'];
            $_SESSION['id'] = $user_profile['id'];
        }
    }
    catch (FacebookApiException $e)
    {
        error_log($e);
        $user = NULL;
    }
}
Improve this question
2
  • please note that the mysql_xx() functions are considered obsolete and are being deprecated by PHP. The php manual pages for all these functions includes a big red box saying not to use them, and to switch to either the mysqli_xx() functions or the PDO library. I strongly recommend making this change if at all possible. Commented Oct 26, 2012 at 21:27
  • @Maerlyn i added the source for $email. Thx for the time, i'm taking in consideration the new methods suggested on the php manual. Commented Oct 27, 2012 at 15:28

2 Answers 2

Reset to default
1

I assume the email column is a string, so you need to put the value in quotes. You should also escape it to prevent SQL injection attacks from Facebook.

$valor_voto=mysql_query("select voto from $mes_id where email='".mysql_real_escape_string($email)."'");

It would be even better to use mysqli or PDO, rather than the deprecated mysql extensions, and then you can use a prepared statement rather than substution and escaping.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Solved, i had the condition 

if(!isset($_SESSION['user']))

but i wasn't giving the condition

if(isset($_SESSION['user']))

so i wasn't able to retrive any info.

Thanks for the time.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.