0

So I'm saving user's ranks into a SQL database as enumerators. I then want to try and check their rank and compare it to a string. If the rank is equal to the string then I want to allow them access. Here is my code so far (Which doesn't work):

    $email = stripslashes($email);
    $password = stripslashes($password);
    $email = mysql_real_escape_string($email);
    $password = mysql_real_escape_string($password);
    $sql = "SELECT RANK FROM $table WHERE EMAIL = '$email' and PASSWORD = '$password'";
    $result = mysql_query($sql);

    $count = mysql_num_rows($result);

    if($count == 1){
        if($result == "OWNER") {
            header("location: panel.php");
        } else {
            $message = "Permission denied.";
        }
    } else {
        $message = "Incorrect email or password.";
    }
Improve this question
0

2 Answers 2

Reset to default
1

IMPORTANT NOTICE!

mysql_* functions are deprecated since PHP 5.5.0. It's highly recomended to use MySQLi or PDO instead.

Answering your question, you have to fetch the query result or use mysql_result()

Query

$sql = "SELECT RANK
        FROM $table
        WHERE EMAIL = '$email' and PASSWORD = '$password'
        LIMIT 1";
$result = mysql_query($sql);

Fetch the result:

$rank = mysql_fetch_array($result);
$rank = $rank['RANK'];

Or use mysql_result() instead:

$rank = mysql_result($result);
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I know their deprecated but when I tried PDO, I couldn't even get the user to successfully log in...
0

you have to mysql_fetch_assoc the $result var before you can read the table row. Also I would recmmend you to use mysqli functions. Here, try this instead of yours (without mysqli, and not tested by myself):

$email = mysql_real_escape_string(stripslashes($email));
$password = mysql_real_escape_string(stripslashes($password));
$sql = "SELECT `RANK` FROM ".$table." WHERE `EMAIL` = '".$email."' and `PASSWORD` = '".$password."'";
$result = mysql_query($sql);

$count = mysql_num_rows($result);

$result = mysql_fetch_assoc($result);

if($count == 1){
    if($result == "OWNER") {
        header("location: panel.php");
    } else {
        $message = "Permission denied.";
    }
} else {
    $message = "Incorrect email or password.";
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.