same here Spotify for the win, I use it all day everyday. I do not have 1 mp3 on my comp or my iPhone all i have is spotify. I only pay for my music, I use Sirus/XM in my car and my Spotify everywhere else.

what i do is create a field in my user table called permission.

i then use something like

<?php
if ($row['permission'] == "admin"{
echo "content for admin here"
}else{
echo "you do not have permission to see this content"
die();
}
?>

ok,

1) dont really care to much about the indenting and what not as its only a test script, when i implement it on the site it will be different.

2) not really sure why its such a bad thing to use the code like that. please explain. thanks.

3) any idea about the issue on hand that im having?

OK I got it working, thank you guys, I did how ever run into a new issue on a different page.

I have a image upload script. I am running into a similar problem, it will not update the database with the filename. The image is uploading just fine, changing size and name just fine but it just will not update the DB.

Here is the new code:

<?php 
session_start();
include('functions.php');
$id = protect($_GET['id']);
print_r($_SESSION);
?>
<form action="<?php echo $_server['php-self'];  ?>" method="post" enctype="multipart/form-data" id="something" class="uniForm">
        <input name="new_image" id="new_image" size="30" type="file" class="fileUpload" />
        <button name="submit" type="submit" class="submitButton">Upload Image</button>
</form>
<?php
        if(isset($_POST['submit'])){
			//check if user is logged in
			if (!isset($_SESSION['user_id']) && $_SESSION['user_id'] != $user_id){
    			echo "<center>You must be logged in to see this page!</center>";
			}else{
			if ($_SESSION['permission'] != permissions::artist){
				echo"<center>You do not have proper permission to view this page.</center>";
          if (isset ($_FILES['new_image'])){
			  $imagename = $_FILES['new_image']['name'];
			  $ext = substr(strrchr($imagename, '.'), 1);
			  $newname = md5($imagename).".".$ext;
              $source = $_FILES['new_image']['tmp_name'];
              $target = "images/artists_images/".$newname;
              move_uploaded_file($source, $target);
 
              $imagepath = $imagename;
              $save = "images/artists_images/" . $newname; //This is the new file you saving
              $file = "images/artists_images/" . $newname; //This is the original file
 
              list($width, $height) = getimagesize($file) ; 
 
              $modwidth = 300; 
 
              $diff = $width / $modwidth;
 
              $modheight = $height / $diff; 
              $tn = imagecreatetruecolor($modwidth, $modheight) ; 
              $image = imagecreatefromjpeg($file) ; 
              imagecopyresampled($tn, $image, 0, 0, 0, 0, $modwidth, $modheight, $width, $height) ; 
 
              imagejpeg($tn, $save, 100) ; 
			  $query = "UPDATE artists SET profile_pic= ".$newname." WHERE user_id = ".$_SESSION['user_id']."";
			  $result = mysql_query($query);

				// if successfully updated.
				if($result){
					echo "Your Image: <img src='images/artists_images/".$newname."'><br>";
						}

					else {
						echo "ERROR with $query";
					}
		  	}}
          }
        }
?>

</body>
</html>

OK, I tried as a prepared statement, same thing. This is what my code looks like now.

<?php
session_start();
include('functions.php');
$id = protect($_GET['id']);
/*$query = sprintf("SELECT * FROM artists WHERE user_id = %d",$id);
$res = mysql_query($query);
$row_a = mysql_fetch_assoc($res);
$totalRows_a = mysql_num_rows($res);*/
//Check to see if the form has been submitted
		if(isset($_POST['submit']) && !empty($_POST['submit'])){
			
			//protect and then add the posted data to variables
			$user_id = protect($_POST['user_id']);
			$genre = protect($_POST['genre']);
			$city = protect($_POST['city']);
			$state = protect($_POST['state']);
			$bio = protect($_POST['bio']);
			$disco = protect($_POST['disco']);
			$fb_www = protect($_POST['fb_www']);
			$twitt_www = protect($_POST['twitt_www']);
			$www = protect($_POST['www']);

//check what is in the session (debug only)
print_r($_SESSION);
echo "<br>";
			var_dump($id);echo "<br>";
			var_dump($_SESSION['user_id']);echo "<br>";
			var_dump($_SESSION['user_id'] != $user_id);echo "<br>";
			var_dump($_SESSION['permission'] != permissions::artist);
 //end debug
 			
			//check if user is logged in
			if (!isset($_SESSION['user_id']) && $_SESSION['user_id'] != $user_id){
    			echo "<center>You must be logged in to see this page!</center>";
			}else{
			if ($_SESSION['permission'] != permissions::artist){
				echo"<center>You do not have proper permission to view this page.</center>";
			}else{
			//check to see if any of the boxes were not filled in
				if(!$genre){
				//if any weren't display the error message
				echo "<center>You need to select a genre!</center>";
			}else{
				if(!$bio){
				//if any weren't display the error message
				echo "<center>You need to fill our your biography</center>";
			}else{
				if(!$city){
				//if any weren't display the error message
				echo "<center>You need to enter a city!</center>";
			}else{
				if(!$state){
				//if any weren't display the error message
				echo "<center>You need to enter a state!</center>";
			}else{
				
				//if all were filled in continue checking
				
									//select all rows from our artist table where the user_id is a match.
									//$row = mysql_fetch_row($res);
					            	//$num = (int) $row[0];
									$query = "UPDATE artists SET genre= $genre, bio= $bio, city= $city,state= $state,disco= $disco,fb_www= $fb_www,twitt_www= $twitt_www,www= $www, WHERE user_id = $id.";
									mysql_query($query);
	if (!$query)
{
    // Don't do this in a production environment, instead log somewhere.
    die ("SQL query $query failed: " . mysql_error());
}

}
	//header("Location: edit_profile.php?id=$user_id");
						}
					}
				}
			}
		}
	}

?>

i keep remming out more and more to just try and get the bare minimal in there.