0

I'm selecting data from my database, and still its saying I'm in the game. When I'm not, for which I check for.

Any clue how to solve this problem?

        $moneda = (CMS == 'uber' ? $users->GetUserVar(USER_ID, moneda) : $myrow[moneda]);
        $isonline = mysql_query("SELECT `online` FROM `users` WHERE `username` = ".$_POST['Naam']."");
        $error = array();
        if($isonline == 1)
                $error[] = "De ander moet uit het hotel gaan voordat je belpixels kunt overschrijven.";
Improve this question
6
  • 3
    Your code is vurnerable to SQL injections. Please fix that problem first. See here Commented Nov 12, 2012 at 17:54
  • $isonline is getting the result set from your query - that will only be false if the SQL query fails. You need to get the output of the query with something like mysql_fetch_array first. Commented Nov 12, 2012 at 17:55
  • So how is the best way to secure it, I dont get the clue at the "see here" page. Commented Nov 12, 2012 at 17:55
  • 2
    Not an answer to your question, but you should work on moving away from mysql_*, as they are being deprecitated by PHP. php.net/manual/en/… php.net/manual/en/mysqlinfo.api.choosing.php Commented Nov 12, 2012 at 17:56
  • Use prepared statements by using PDO or mysqli. Commented Nov 12, 2012 at 17:56

2 Answers 2

Reset to default
1 
$isonline = mysql_query("SELECT `online` FROM `users` WHERE `username` =".$_POST['Naam']."");

$isonline is not your answer..dude it contains the result object, not the result.

$row=mysql_fetch_assoc($isonline);
if($row['online']==1){}

and use of mysql_query is long deprecated, switch to PDO

and

$isonline = mysql_query("SELECT online FROM ..

sql you never put quotations around column names...get rid of the ones around username too.and get one around the username value this one here:

$isonline = mysql_query("SELECT online FROM users WHERE username ='".$_POST['Naam']."'");
Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

This ain't working for me let me show you the whole code, maybe you can do something about it:
<?php $isonline = mysql_query("SELECT online` FROM users WHERE username = ".$_POST['Naam'].""); $row=mysql_fetch_assoc($isonline); if($row['online']==1) { $error[] = "De ander moet uit het hotel gaan voordat je belpixels kunt overschrijven."; } $error = array(); if($myrow['online'] == 1) $error[] = "Je moet uit het hotel gaan voordat je endif; ?> `
get rid of '' around the online
dude,... no quots around column names... and quotations around values or data,... always always
and u need a sql book not stackoverflow... get a good mysql book
|
0

mysql_query never returns a single user record; it returns a PHP resource, even if you know the SQL query will only ever return a single record.

In other words: $isonline is not the right name for that variable. Call it something like $online_query_results, then call

$user_record = mysql_fetch_array($online_query_results);

This will return the first (and in this case only) result row. Then, instead of testing $isonline, test

$user_record['online']
Improve this answer

3 Comments

This isn't working either. It should return an error if the user is in the game, which it still doesn't when in the database online is set to 1.
Can you put a logging statement into this code to see what is actually being returned from your db_query statement or from mysql_fetch_array? for example: 'printr($user_record)'? (Never use printr on a database record result on a live site; the output will include your database username and password). If the changes suggested aren't working, the most likely reason is because your database query is returning a nil or empty object.
Please post the actual query string you're using now. Does it work if you use this query string? --> SELECT online FROM {users} WHERE username = {$_POST['Naam']}

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.