Check Data between website and mysql

27 views Asked by At

Im trying to recall the logged in user's userlevel from mysql for the if function that determines whether to show the admin panel or not. if anyone can help me and tell me what i was missing so i can learn from this experience, that would be great!

here is my code... it's not working :(

$loginLink = '<a class="load" href="login.php">Log In</a> &nbsp; | &nbsp; <a class="load" href="signup.php">Sign Up</a>';
if($user_ok == true) {
$query = mysqli_query($db_conx, $sql);
$row = mysqli_fetch_row($query);
$sql = "SELECT id FROM notifications WHERE username='$log_username' AND date_time > '$notescheck' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$userlevel = "SELECT userlevel FROM users WHERE username='$log_username' LIMIT 1";    
if ($userlevel == 'admin' && $userlevel == 'owner') {
    $adminPanel = '<a class="load" href="adminpanel.php">Admin Panel</a>';
}else {
    $adminPanel = '&nbsp;';
}

?>
1

There are 1 answers

1
Daan Wilmer On

You miss actually getting the return values, especially with the statement $userlevel = "<some query>"; where you forget even executing the query.

Side note: I don't know where the value of $log_username comes from, but if it's anywhere out of your control: sanitize it first or use prepared statements (which is also a good idea if they are in your control, just for good measure).