CODEWITHSUNDEEP
phpmysql
EthanBilly
EthanBilly

Reputation: 3

PHP and MySQL; If statement with query variables does not work

I have been having some problem getting the header() to initialize with this code. It seems that the if statement doesn't work with query variables?

In init.php the function $user_data is defined. $url is the $_GET code in the url-bar of the browser (in this case a 6 digit random code). The variables seem to work, since I tried to output them already. The problem seems to be the if statement though. I do not get an error message. The header() just does not initiate, even though I am not logged in and the url is set to public === 0 in MySQL. Where am I going wrong?

include 'core/init.php';
include 'includes/head.php';
$url = $_SERVER['QUERY_STRING'];
$url = sanitize($url);

$public_arr = mysql_query("SELECT `public` FROM `uploads` WHERE `url` = '$url' AND `active` = 1") or die(mysql_error());
$public_arr = mysql_fetch_assoc($public_arr);
$public = $public_arr['public'];

$owner_arr = mysql_query("SELECT `owner` FROM `uploads` WHERE `url` = '$url' AND `active` = 1") or die(mysql_error());
$owner_arr = mysql_fetch_assoc($owner_arr);
$owner = $owner_arr['owner'];

global $user_data;
if ($public === 0 AND $owner !== $user_data['username'] || logged_in() === false) {
    header('Location: mainpage.php');
    exit();
}

$name_arr = mysql_query("SELECT `name` FROM `uploads` WHERE `url` = '$url' AND `active` = 1") or die(mysql_error());
$name_arr = mysql_fetch_assoc($name_arr);
$name = $name_arr['name'];

Upvotes: 0

Views: 74

Answers (2)

psx
psx

Reputation: 4048

if ($public === 0 AND $owner !== $user_data['username'] || logged_in() === false)

should be

if (($public === 0 && $owner !== $user_data['username']) || logged_in() === false)

Upvotes: 0

Egg
Egg

Reputation: 1769

Assuming the variable values are as you say they are, try checking these vlaues are equal to and not identical, some times the types can vary (integers like 0 may be strings like "0").

if ($public == 0 AND $owner != $user_data['username'] || logged_in() === false) {
    header('Location: mainpage.php');
    exit();
}

As @jay-blanchard says, you should be using MySQLi functions instead of mysql_* for many reasons - the main that they're not supported as standard in PHP any more!

Upvotes: 1

Related Questions