[SittingonDucks]

Greetings. My name is Beau, and I'm fairly new to these boards.
I am quite new to PHP and mySQL. I am trying to check if the session's user is an admin.
Surely there is a better way to do this.
Here is a snippet of the code that I think has incorrect logic:

			$conn = mysql_connect("$host", "$username", "$my_gateway")or die("Connection failed. If you received this error it is the webhost's fault, not yours. Please retry. <a href = 'index.php'> Home </a>"); 
			mysql_select_db("$db")or die("Connection failed. If you received this error, it is mySQL's fault, not yours. Please retry. <a href = 'index.php'> Home </a> ");
			$sql = 
			"SELECT * FROM PREREG
			WHERE admin=1 
			AND emaad='$user1'"; 
			$result = mysql_query($sql, $conn); 
			if($result) { 
				echo "You are an admin!"; 
			} 

Alright. So, there are two central properties I am attempting to verify.
1) admin. If the user is an admin, the property will be manually set by the owner of the database to 1. Otherwise it remains 0.
2) emaad. This is the email that was registered into the session.

Now I'm attempting to find the row inside the table that contains the registered email and check if admin=1. If so, echo 'You are an admin!'.

I did not receive an error. I just get the elements originally inside the page.
My registered user is however an admin, and I do not get this

echo

message.

$user1 is defined as

 $_SESSION['input_use']; 

.
Any help?
Thanks in advance.

[Duckington]

Your $result variable doesn't hold a true/false result of the query, it holds a reference to a resource id. So whatever the query is, assuming it doesn't fail, it will return this resource id and will therefore pass your:

if($result)

Test.

A simple way to achieve what you're trying to do, is:

$result = mysql_query($sql, $conn);
$count = mysql_num_rows($result);
if($count > 0)
{
echo "You are an admin!";
}

Which returns the number of rows selected by your query. So if there is a record with that username and where admin=1, it'll return at least 1 row. If not, it'll return 0.

[SittingonDucks]

Thank you. Your help was appreciated. :]

[SittingonDucks]

EDIT:
Disregard that.
Now I have an error..

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/a1342013/public_html/workdesk.php on line 35

[Duckington]

Probably a problem with your query then. DO:

$result = mysql_query($sql, $conn) or die('Error: ' . mysql_error());

And see what error message you get.

[SittingonDucks]

Thanks Duckington, it gave me an error now. So from what I'm seeing, it doesn't allow email syntax (@example.com).

rror: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@gmail.com' at line 3

Sorry if I seem a bit clueless .

[Dormilich]

what does the SQL string look like?

(I know that you don’t have this problem with Prepared Statements)

[SittingonDucks]

^I have already shown this in the first post, but here it is again:

			$sql = 
			"SELECT * FROM PREREG
			WHERE admin=1 
			AND emaad='$user1'"; 

[Dormilich]

I meant the string with $user1 replaced

[SittingonDucks]

Oh haha. Excuse me.

Well, it depends on the user. Mine is: [email protected] That is what I registered with. So as I said, I guess it doesn't support @email.com

[JackOfAllTrades]

Take was Duckington gave you:

$result = mysql_query($sql, $conn) or die('Error: ' . mysql_error());

and change it to this:

$result = mysql_query($sql, $conn) or die('Query ' . $sql . ' failed; Error: ' . mysql_error());

So you can see what exactly you're passing as a query to SQL server.

PHP/MySQL Debugging 101. If a query is failing, and you're building the query yourself from variables, figure out what it is you're sending the SQL server!

[SittingonDucks]

*Facepalm*
Thank you JackOfAllTrades!
I realized that I typed in the wrong form. For some idiotic reason I typed 'emaad' instead of 'emailadd' for the column in the mySQL base.

Also thank you to all who contributed to this thread, you guys are awesome.

[SOLVED]