Can anyone tell me if I am going in the wright direction with this, or if there is a better way, I am trying to create a session check so that if logged in clients change the url id number
example.com?id=192
it won't show other clients contents. Its the first time having to write a cms with multiple mysql table checks so the query is probably wrong as well.

$id= mysql_real_escape_string($row['id']);
$user_id= mysql_real_escape_string($row['user_id']);
$username = mysql_real_escape_string($_SESSION['username']);

$who = mysql_query("SELECT u.id, u.username FROM users u INNER JOIN profile p WHERE username='$username' AND user_id='$id'");

$who_num_rows = mysql_num_rows($who);

if (!$username&&$id==$user_id)
	
Runn valid page content.
	
else
{
Runn error.
}

Recommended Answers

All 6 Replies

Hi,

Could you post your page entire content. May be that will help to identify the exact problem.

Sure no prob, thanks for your help..

$id = mysql_real_escape_string($row['id']);
$user_id = mysql_real_escape_string($row['user_id']);
$username = mysql_real_escape_string($_SESSION['username']);

$who = mysql_query("SELECT u.id, u.username FROM users u INNER JOIN profile p WHERE username='$username' AND user_id='$id'");

$who_num_rows = mysql_num_rows($who);

if (!$username&&$id==$user_id)

function update_model_form($id){
		$id = mysql_real_escape_string($id);
		
		sql = "SELECT p.cname, p.email, p.work_landline, p.mobile, p.door_no, p.street, p.town, p.county, p.country, 
		p.postcode, p.website, p.aimage, p.intro, p.id 
		FROM profile p INNER JOIN users u ON u.id=p.user_id 
		WHERE u.username = "' . mysql_real_escape_string($_SESSION['username']) . ' " ORDER BY cname ASC";
		
		$sql = "SELECT * FROM cescorts WHERE id = '$id'";
		$res = mysql_query($sql) or die(mysql_error());
		$row = mysql_fetch_assoc($res);
	
		?>
        <?php include 'tinymce.php'; ?>
        
        <form method="post" action="escorts.php">
          <input type="hidden" name="update_model" value="true" />
          <input type="hidden" name="id" value="<?php echo $row['id']; ?>">
          <div id="edit-model-form">
            <div class="edit-model">
              <label for="g_name">Models Name:</label>
              <input type="text" name="g_name" value="<?php echo $row['g_name']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="nationality">Nationality:</label>
              <input type="text" name="nationality" value="<?php echo $row['nationality']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="age">Age:</label>
              <input type="text" name="age" value="<?php echo $row['age']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="height">Height:</label>
              <input type="text" name="height" value="<?php echo $row['height']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="bust">Bust:</label>
              <input type="text" name="bust" value="<?php echo $row['bust']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="dress_size">Dress Size:</label>
              <input type="text" name="dress_size" value="<?php echo $row['dress_size']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="hair">Hair Colour:</label>
              <input type="text" name="hair" value="<?php echo $row['hair']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="eyes">Eye Colour:</label>
              <input type="text" name="eyes" value="<?php echo $row['eyes']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="languages">Languages:</label>
              <input type="text" name="languages" value="<?php echo $row['languages']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="availability">Availabiltiy:</label>
              <input type="text" name="availability" value="<?php echo $row['availability']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="tel">Tel:</label>
              <input type="text" name="tel" value="<?php echo $row['tel']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="email">email:</label>
              <input type="text" name="email" value="<?php echo $row['email']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="location">Location:</label>
              <input type="text" name="location" value="<?php echo $row['location']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <table width="230" border="0">
                <tr>
                  <td><label for="incall">Incall: </label></td>
                  <td><select name="incall">
                  	<option selected="selected" value="<?php echo $row['incall']; ?>"><?php echo $row['incall']; ?></option>
                    <option value="Yes"> Yes</option>
                    <option value="No"> No</option>
                    </select></td>
                </tr>
                <tr>
                  <td><label for="outcall">Outcall: </label></td>
                  <td><select name="outcall">
                    <option selected="selected" value="<?php echo $row['outcall']; ?>"><?php echo $row['outcall']; ?></option>
                    <option value="Yes"> Yes</option>
                    <option value="No"> No</option>
                    </select></td>
                </tr>
              </table>
            </div>
            <br />
            <br />
          </div>
          <div class="edit-model-rates">
            <table width="350" border="0">
              <tr>
                <td><p><b>Rates</b></p></td>
                <td><label for="r_incall">Incall: </label></td>
                <td><label for="r_outcall">Outcall: </label></td>
              </tr>
              <tr>
                <td><p>1 Hour</p></td>
                <td><input type="text" name="incall_1hr" value="<?php echo $row['incall_1hr']; ?>"></td>
                <td><input type="text" name="outcall_1hr" value="<?php echo $row['outcall_1hr']; ?>"></td>
              </tr>
              <tr>
                <td><p>90 Mins</p></td>
                <td><input type="text" name="incall_90mins" value="<?php echo $row['incall_90mins']; ?>"></td>
                <td><input type="text" name="outcall_90mins" value="<?php echo $row['outcall_90mins']; ?>"></td>
              </tr>
              <tr>
                <td><p>2 Hours</p></td>
                <td><input type="text" name="incall_2hrs" value="<?php echo $row['incall_2hrs']; ?>"></td>
                <td><input type="text" name="outcall_2hrs" value="<?php echo $row['outcall_2hrs']; ?>"></td>
              </tr>
              <tr>
                <td><p>Additional Hour</p></td>
                <td><input type="text" name="iadditional_hr" value="<?php echo $row['iadditional_hr']; ?>"></td>
                <td><input type="text" name="oadditional_hr" value="<?php echo $row['oadditional_hr']; ?>"></td>
              </tr>
              <tr>
                <td><p>Additional 30 Mins</p></td>
                <td><input type="text" name="iadditional_30mins" value="<?php echo $row['iadditional_30mins']; ?>"></td>
                <td><input type="text" name="oadditional_30mins" value="<?php echo $row['oadditional_30mins']; ?>"></td>
              </tr>
              <tr>
                <td><p>Overnight</p></td>
                <td><input type="text" name="iovernight" value="<?php echo $row['iovernight']; ?>"></td>
                <td><input type="text" name="oovernight" value="<?php echo $row['oovernight']; ?>"></td>
              </tr>
              <tr>
                <td><p>Dinner Date</p></td>
                <td><input type="text" name="dinner_date" value="<?php echo $row['dinner_date']; ?>"></td>
              </tr>
            </table>
          </div>
          
          <div id="desc">
            <label for="intro">Intro:</label>
            <br />
            <textarea name="g_desc" cols="20" rows="19" id='elm3'><?php echo $row['g_desc']; ?></textarea>
          </div>
        	<input type="hidden" name="user_id" value="<?php echo $row['user_id']; ?>"><br />
			<div id="edit-model-btn"><input type="submit" name="submit" value="Update Model" /></div>
            </form>
		<?php
		
	}
else
{
die ("This is not your your account data!");
}

Do you have session_start() and database configurations enabled in this current page ?
and What kind of errors do u get ?

yeh I got the database setup correct and the session start at the top of each page

I get the following error,

Parse error: syntax error, unexpected T_ELSE, expecting T_FUNCTION in C:\xampp\htdocs\public_html\adultxxxzone.co.uk\members\agency\class\members_class.php on line 759

I noticed I did not show the full code missed a bit, soz here is the full function

//Update model


function update_model_form($id){
	


$id = mysql_real_escape_string($row['id']);
$user_id = mysql_real_escape_string($row['user_id']);
$username = mysql_real_escape_string($_SESSION['username']);
$who = mysql_query("SELECT u.id, u.username FROM users u INNER JOIN profile p WHERE username='$username' AND user_id='$id'");
$who_num_rows = mysql_num_rows($who);
if (!$username&&$id==$user_id)

		$id = mysql_real_escape_string($id);
		
		$sql = "SELECT p.cname, p.email, p.work_landline, p.mobile, p.door_no, p.street, p.town, p.county, p.country, 
		p.postcode, p.website, p.aimage, p.intro, p.id 
		FROM profile p INNER JOIN users u ON u.id=p.user_id 
		WHERE u.username = " . mysql_real_escape_string($_SESSION['username']) ." ORDER BY cname ASC";
		
		$sql = "SELECT * FROM cescorts WHERE id = '$id'";
		$res = mysql_query($sql) or die(mysql_error());
		$row = mysql_fetch_assoc($res);
	
		?>
        <?php include 'tinymce.php'; ?>
        
        <form method="post" action="escorts.php">
          <input type="hidden" name="update_model" value="true" />
          <input type="hidden" name="id" value="<?php echo $row['id']; ?>">
          <div id="edit-model-form">
            <div class="edit-model">
              <label for="g_name">Models Name:</label>
              <input type="text" name="g_name" value="<?php echo $row['g_name']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="nationality">Nationality:</label>
              <input type="text" name="nationality" value="<?php echo $row['nationality']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="age">Age:</label>
              <input type="text" name="age" value="<?php echo $row['age']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="height">Height:</label>
              <input type="text" name="height" value="<?php echo $row['height']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="bust">Bust:</label>
              <input type="text" name="bust" value="<?php echo $row['bust']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="dress_size">Dress Size:</label>
              <input type="text" name="dress_size" value="<?php echo $row['dress_size']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="hair">Hair Colour:</label>
              <input type="text" name="hair" value="<?php echo $row['hair']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="eyes">Eye Colour:</label>
              <input type="text" name="eyes" value="<?php echo $row['eyes']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="languages">Languages:</label>
              <input type="text" name="languages" value="<?php echo $row['languages']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="availability">Availabiltiy:</label>
              <input type="text" name="availability" value="<?php echo $row['availability']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="tel">Tel:</label>
              <input type="text" name="tel" value="<?php echo $row['tel']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="email">email:</label>
              <input type="text" name="email" value="<?php echo $row['email']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="location">Location:</label>
              <input type="text" name="location" value="<?php echo $row['location']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <table width="230" border="0">
                <tr>
                  <td><label for="incall">Incall: </label></td>
                  <td><select name="incall">
                  	<option selected="selected" value="<?php echo $row['incall']; ?>"><?php echo $row['incall']; ?></option>
                    <option value="Yes"> Yes</option>
                    <option value="No"> No</option>
                    </select></td>
                </tr>
                <tr>
                  <td><label for="outcall">Outcall: </label></td>
                  <td><select name="outcall">
                    <option selected="selected" value="<?php echo $row['outcall']; ?>"><?php echo $row['outcall']; ?></option>
                    <option value="Yes"> Yes</option>
                    <option value="No"> No</option>
                    </select></td>
                </tr>
              </table>
            </div>
            <br />
            <br />
          </div>
          <div class="edit-model-rates">
            <table width="350" border="0">
              <tr>
                <td><p><b>Rates</b></p></td>
                <td><label for="r_incall">Incall: </label></td>
                <td><label for="r_outcall">Outcall: </label></td>
              </tr>
              <tr>
                <td><p>1 Hour</p></td>
                <td><input type="text" name="incall_1hr" value="<?php echo $row['incall_1hr']; ?>"></td>
                <td><input type="text" name="outcall_1hr" value="<?php echo $row['outcall_1hr']; ?>"></td>
              </tr>
              <tr>
                <td><p>90 Mins</p></td>
                <td><input type="text" name="incall_90mins" value="<?php echo $row['incall_90mins']; ?>"></td>
                <td><input type="text" name="outcall_90mins" value="<?php echo $row['outcall_90mins']; ?>"></td>
              </tr>
              <tr>
                <td><p>2 Hours</p></td>
                <td><input type="text" name="incall_2hrs" value="<?php echo $row['incall_2hrs']; ?>"></td>
                <td><input type="text" name="outcall_2hrs" value="<?php echo $row['outcall_2hrs']; ?>"></td>
              </tr>
              <tr>
                <td><p>Additional Hour</p></td>
                <td><input type="text" name="iadditional_hr" value="<?php echo $row['iadditional_hr']; ?>"></td>
                <td><input type="text" name="oadditional_hr" value="<?php echo $row['oadditional_hr']; ?>"></td>
              </tr>
              <tr>
                <td><p>Additional 30 Mins</p></td>
                <td><input type="text" name="iadditional_30mins" value="<?php echo $row['iadditional_30mins']; ?>"></td>
                <td><input type="text" name="oadditional_30mins" value="<?php echo $row['oadditional_30mins']; ?>"></td>
              </tr>
              <tr>
                <td><p>Overnight</p></td>
                <td><input type="text" name="iovernight" value="<?php echo $row['iovernight']; ?>"></td>
                <td><input type="text" name="oovernight" value="<?php echo $row['oovernight']; ?>"></td>
              </tr>
              <tr>
                <td><p>Dinner Date</p></td>
                <td><input type="text" name="dinner_date" value="<?php echo $row['dinner_date']; ?>"></td>
              </tr>
            </table>
          </div>
          
          <div id="desc">
            <label for="intro">Intro:</label>
            <br />
            <textarea name="g_desc" cols="20" rows="19" id='elm3'><?php echo $row['g_desc']; ?></textarea>
          </div>
        	<input type="hidden" name="user_id" value="<?php echo $row['user_id']; ?>"><br />
			<div id="edit-model-btn"><input type="submit" name="submit" value="Update Model" /></div>
            </form>
		<?php
		
	}
	
	function update_model($p) {
		$id = mysql_real_escape_string($p['id']);
		$g_name = mysql_real_escape_string($p['g_name']);
		$nationality = mysql_real_escape_string($p['nationality']);
		$age = mysql_real_escape_string($p['age']);
		$height = mysql_real_escape_string($p['height']);
		$bust = mysql_real_escape_string($p['bust']);
		$dress_size = mysql_real_escape_string($p['dress_size']);
		$hair = mysql_real_escape_string($p['hair']);
		$eyes = mysql_real_escape_string($p['eyes']);
		$languages = mysql_real_escape_string($p['languages']);
		$availability = mysql_real_escape_string($p['availability']);
		$tel = mysql_real_escape_string($p['tel']);
		$email = mysql_real_escape_string($p['email']);
		$location = mysql_real_escape_string($p['location']);
		$incall = mysql_real_escape_string($p['incall']);
		$outcall = mysql_real_escape_string($p['outcall']);
		$incall_1hr = mysql_real_escape_string($p['incall_1hr']);
		$incall_90mins = mysql_real_escape_string($p['incall_90mins']);
		$incall_2hrs = mysql_real_escape_string($p['incall_2hrs']);
		$outcall_1hr = mysql_real_escape_string($p['outcall_1hr']);
		$outcall_90mins = mysql_real_escape_string($p['outcall_90mins']);
		$outcall_2hrs = mysql_real_escape_string($p['outcall_2hrs']);
		$iadditional_hr = mysql_real_escape_string($p['iadditional_hr']);
		$oadditional_hr = mysql_real_escape_string($p['oadditional_hr']);
		$iadditional_30mins = mysql_real_escape_string($p['iadditional_30mins']);
		$oadditional_30mins = mysql_real_escape_string($p['oadditional_30mins']);
		$dinner_date = mysql_real_escape_string($p['dinner_date']);
		$iovernight = mysql_real_escape_string($p['iovernight']);
		$oovernight = mysql_real_escape_string($p['oovernight']);
		$g_desc = mysql_real_escape_string($p['g_desc']);
		$user_id = mysql_real_escape_string($p['user_id']);

		if(!$g_name):
		
			if(!g_name):
				echo "<p>Model name is required</p>";
			endif;
		
			echo '<p><a href="edit-escort.php?id=' . $id . '">Try Again</a></p>';
		
		else:
			$sql = "UPDATE cescorts SET id ='$id', g_name ='$g_name', nationality ='$nationality', age ='$age', height ='$height', 
			bust ='$bust', dress_size ='$dress_size', hair ='$hair', eyes ='$eyes', languages ='$languages', availability ='$availability', 
			tel ='$tel', email ='$email', location ='$location', incall ='$incall', outcall ='$outcall', incall_1hr ='$incall_1hr', 
			incall_90mins ='$incall_90mins', incall_2hrs ='$incall_2hrs', outcall_1hr ='$outcall_1hr', outcall_90mins ='$outcall_90mins', 
			outcall_2hrs ='$outcall_2hrs', iadditional_hr ='$iadditional_hr', oadditional_hr ='$oadditional_hr', 
			iadditional_30mins ='$iadditional_30mins', oadditional_30mins ='$oadditional_30mins', dinner_date ='$dinner_date', 
			iovernight ='$iovernight', oovernight ='$oovernight', g_desc ='$g_desc', 
			user_id ='$user_id' WHERE id ='$id' ";
			$res = mysql_query($sql) or die(mysql_error());
			echo "Updated Successfully! <a href='escorts.php'>Continue</a>";
		endif;
	}

else

{

die ("This is not your your account data!");

}

Hi,

It seems you messed up with the if else conditions outside the function. Remove the else part after the line no 231. or try to rearrange the if else parts.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.