Home/ Questions/Q 8742247
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T11:27:57+00:00

The code below is supposed to check if there is a person in the

  • 0

The code below is supposed to check if there is a person in the database with a row in the database with the username it gets from the cookie login.And if there is it is supposed to include a page and if there isn’t a person in the database with this user_id it is supposed to echo.Here is my code so far please tell me how I would do this.I also already know before someone tells me that mySQL statements like I have it are becoming depreciated.Here is My code:

<?php
include("dbconnect.php");
mysql_select_db("maxgee_close2");
$username = $_COOKIE['maxgee_me_user']; 
$result = mysql_query("select user_id from users where username = '$username'");
$row = mysql_fetch_array($result);    
mysql_free_result($result);
$check = mysql_query("SELECT * FROM events_main WHERE user_id ='$row['user_id']'") or die(mysql_error());
if(1==1){
  if (mysql_num_rows($check)>0) 
 {
include("example.php");
 }
  else
  {
  echo "example";
  }
}

?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In the double-quoted string, your array variable $row['user_id'] is being incorrectly parsed due to the fact that you have quoted the array key without surrounding the whole thing in {}. It is permissible to omit the {} in a double-quoted string if you don’t quote the array key, but the {} adds readability.

    check = mysql_query("SELECT * FROM events_main WHERE user_id ='{$row['user_id']}'") or die(mysql_error());
//-------------------------------------------------------------^^^^^^^^^^^^^^^^^^

// Also acceptable, but not as tidy, and troublesome with multidimensional 
// or variable keys - unquoted array key
check = mysql_query("SELECT * FROM events_main WHERE user_id ='$row[user_id]'") or die(mysql_error());
//-------------------------------------------------------------^^^^^^^^^^^^^^^^^^

    As mentioned above, $_COOKIE is never considered a safe value. You must escape its values against SQL injection if you continue to use the old mysql_*() API:

    $username = mysql_real_escape_string($_COOKIE['maxgee_me_user']);
    • 0