Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5

Thread: Compare Result

  1. #1
    Regular Coder
    Join Date
    Jun 2002
    Posts
    109
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Compare Result

    I'm trying to have an sql query return a result. Then to compare that result to another variable, and if the result matches the variable, then to proceed, and if not to indicate an error message. I'm still new to php and sql, but believe I'm making some progress in learning this.

    Here is the code i' currently have:
    Code:
    //========================================
    //  Get Team Identity and Proceed
    //========================================
    
       $PnTeamID = pnUserGetVar("_TEAM_ID");
       $sql = "SELECT T.name, T.Team_ID FROM $TEAMS as T, $DRAFT_ORDER AS D WHERE
               D.Team_ID = T.Team_ID AND D.season = $SEASON AND D.overall_pick = $overpick";
       $result = mysql_query($sql);
       $team_id = $row[1];
       if ($team_id = $PnTeamID)
       {
          $row = mysql_fetch_row($result);
          $team_name = $row[0];
        }
        else
       {
          //FATAL ERROR, This is not your team
    	  include ("football/mots/includes/page_header.php");
    	  echo ("Sorry, You are trying to access another teams information");
    	  include ("football/mots/includes/page_footer.php");
    	  exit;
    	}
    I had thought that would work, but its still letting you access any of my teams information, when it should be restricting you to your own team. So if the PNTeamID matches the query, then to proceed, and if not, then give the error. At least thats what I think I need to do.

  • #2
    Regular Coder
    Join Date
    Mar 2004
    Posts
    115
    Thanks
    0
    Thanked 0 Times in 0 Posts
    $row = mysql_fetch_row($result);

    put this before

    $team_id = $row[1];

    then i think it will work

  • #3
    Regular Coder
    Join Date
    Jun 2002
    Posts
    109
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for getting back to me. Unfortunately, that didn't do it. Same result. You can still access any team.

    You can see what I mean here:

    http://www.freedffl.com/football/mots/online_draft.php

    Its the skipped picks. Right now, only the team "Conspiracy Theory" should be capable of entering a pick, as the user is logged with a team_id of 3. If they were to choose any other team, they should be told they don't have access.

    Anther work around is to turn the submit links into text for all teams other than your own. I'd like to eventually do both to ensure no team can enter a player for someone else.

  • #4
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,078
    Thanks
    11
    Thanked 98 Times in 96 Posts
    Sidney is right in that here,

    $result = mysql_query($sql);
    $team_id = $row[1];


    $row[1] is empty (until you call $row=mysql_fetch_row($result))

    regardless you could be checking this in your query anyway .. adding
    " AND T.Team_ID=$PnTeamID "
    to your query would do such as far as I can tell.
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)

  • #5
    Regular Coder
    Join Date
    Jun 2002
    Posts
    109
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I got it, thanks. You guys were right too, and it was easier to just add in into the query too.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •