Hi All,
I'm scratching my head a bit here. I have a form handling script that
branches dependent on whether a user has admin privileges over the
application. Here's the function that tests this:
function isAdmin($user){
global $chan;
$query = "SELECT isadmin FROM csw_user WHERE username = '" . mysql_real_escape_string($user) . "'";
// echo "<p>$query</p>\n";
$result_table = mysql_query ($query, $chan) or die ("Error: Can't retrieve the data");
if ($result_row = mysql_fetch_array ($result_table)){
$canAdminister = $result_row['isadmin'] > 0;
} else {
$canAdminister = FALSE;
}
return ($canAdminister);
}
Note the commented echoing of the query, which I uncommented during
debugging.
This function was failing with the message from die() "Error: Can't
retrieve the data". On uncommenting the echo statement, I got:
SELECT isadmin FROM csw_user WHERE username = ''
IOW, there was a blank string passed to the isAdmin function.
So I checked at a higher level and temporarily modified the code to
read:
echo "<pre>";
print_r ($_COOKIE);
echo "</pre>\n";
$canAdministrate = isAdmin($_COOKIE['username']);
This showed that $_COOKIE['username'] contained the username of the
logged-on user as I expected, yet that username was not passed to the
isAdmin function 8-/
FWIW, I've resolved the issue in that it no longer happens. I'd
forgotten to put the opening and closing html, head, and body tags and
the issue went away as soon as I did that. However, I'd appreciate
info on why as I need to run some scripts within a validated user
session where those scripts do their processing and then use the
header function to redirect the browser to an appropriate page.
TIA,
--
Geoff
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
