makes data $ _SESSION [] in the php variable but it still will not work in a mysql query

advertisements

I have trouble with checking a $_SESSION variable on a mysql query. What I want to do is get the details of the User logged in, but it appears that it is not working properly.

I have $user = mysql_real_escape_string($_SESSION['username']); which puts the code into a regular variable, and then I make the query to the database which is:$sql = "SELECT * FROM admin WHERE username='$user' LIMIT 1";

and to count if the user exists I use the code: $userCount = mysql_num_rows($sql); // count the output amount

This does not seem to work. I keep getting this error: "Warning: mysql_num_rows() expects parameter 1 to be resource, string given in /home/alexartl/public_html/CRM/headercode.php on line 18"

And By the way, the user account does exist and is logged in when I have been testing this Below is the full code

  // If the session vars aren't set, try to set them with a cookie
  if (!isset($_SESSION['user_id'])) {
    if (isset($_COOKIE['user_id']) && isset($_COOKIE['username'])) {
      $_SESSION['user_id'] = $_COOKIE['user_id'];
      $_SESSION['username'] = $_COOKIE['username'];
    }
  }
?>
<?php
//if the username is set
  if (isset($_SESSION['username'])) {
//making the username into a php variable
        $user = mysql_real_escape_string($_SESSION['username']);
//the query to grab the users name
        $sql = "SELECT * FROM admin WHERE username='$user' LIMIT 1";
        $userCount = mysql_num_rows($sql); // count the output amount
        if ($userCount == 1) {
        while($row = mysql_fetch_array($sql)){
//just the array that grabs all the users info
            $username = $row["username"];
            $password = $row["password"];
            $first_name = $row["first_name"];
            $last_name = $row["last_name"];
            $gender = $row["gender"];
            $birthdate = $row["birthdate"];
            $email_address = $row["email_address"];
            $city = $row["city"];
            $state = $row["state"];
            $retrieval = $row["retrieval"];
            $isAdmin = $row["isAdmin"];
            $join_date = $row["join_date"];

//if the user has "isAdmin" as "Yes", then this link to a "manage Users" page will appear
            if($isAdmin == "Yes"){
                $ifAdmin = '<li><a href="manageUsers.php">Manage Users</a></li>';
                }
            }
        }
     }
?>


I won't get into the "Don't use mysql_* commands", but don't :P

You are missing:

 $result = mysql_query($sql);  //Actually execute the query

Then use as

$userCount = mysql_num_rows($result); // count the output amount


Separately, you also don't seem to connect to, or use the database you wish to query.

$link = mysql_connect('localhost', 'user', 'pass') or die('Could not connect to mysql server.' );
mysql_select_db('databaseName');