0

Can anyone tell me if I am going in the wright direction with this, or if there is a better way, I am trying to create a session check so that if logged in clients change the url id number
example.com?id=192
it won't show other clients contents. Its the first time having to write a cms with multiple mysql table checks so the query is probably wrong as well.

$id= mysql_real_escape_string($row['id']);
$user_id= mysql_real_escape_string($row['user_id']);
$username = mysql_real_escape_string($_SESSION['username']);

$who = mysql_query("SELECT u.id, u.username FROM users u INNER JOIN profile p WHERE username='$username' AND user_id='$id'");

$who_num_rows = mysql_num_rows($who);

if (!$username&&$id==$user_id)
	
Runn valid page content.
	
else
{
Runn error.
}
2
Contributors
6
Replies
8
Views
6 Years
Discussion Span
Last Post by paulrajj
0

Hi,

Could you post your page entire content. May be that will help to identify the exact problem.

0

Sure no prob, thanks for your help..

$id = mysql_real_escape_string($row['id']);
$user_id = mysql_real_escape_string($row['user_id']);
$username = mysql_real_escape_string($_SESSION['username']);

$who = mysql_query("SELECT u.id, u.username FROM users u INNER JOIN profile p WHERE username='$username' AND user_id='$id'");

$who_num_rows = mysql_num_rows($who);

if (!$username&&$id==$user_id)

function update_model_form($id){
		$id = mysql_real_escape_string($id);
		
		sql = "SELECT p.cname, p.email, p.work_landline, p.mobile, p.door_no, p.street, p.town, p.county, p.country, 
		p.postcode, p.website, p.aimage, p.intro, p.id 
		FROM profile p INNER JOIN users u ON u.id=p.user_id 
		WHERE u.username = "' . mysql_real_escape_string($_SESSION['username']) . ' " ORDER BY cname ASC";
		
		$sql = "SELECT * FROM cescorts WHERE id = '$id'";
		$res = mysql_query($sql) or die(mysql_error());
		$row = mysql_fetch_assoc($res);
	
		?>
        <?php include 'tinymce.php'; ?>
        
        <form method="post" action="escorts.php">
          <input type="hidden" name="update_model" value="true" />
          <input type="hidden" name="id" value="<?php echo $row['id']; ?>">
          <div id="edit-model-form">
            <div class="edit-model">
              <label for="g_name">Models Name:</label>
              <input type="text" name="g_name" value="<?php echo $row['g_name']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="nationality">Nationality:</label>
              <input type="text" name="nationality" value="<?php echo $row['nationality']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="age">Age:</label>
              <input type="text" name="age" value="<?php echo $row['age']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="height">Height:</label>
              <input type="text" name="height" value="<?php echo $row['height']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="bust">Bust:</label>
              <input type="text" name="bust" value="<?php echo $row['bust']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="dress_size">Dress Size:</label>
              <input type="text" name="dress_size" value="<?php echo $row['dress_size']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="hair">Hair Colour:</label>
              <input type="text" name="hair" value="<?php echo $row['hair']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="eyes">Eye Colour:</label>
              <input type="text" name="eyes" value="<?php echo $row['eyes']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="languages">Languages:</label>
              <input type="text" name="languages" value="<?php echo $row['languages']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="availability">Availabiltiy:</label>
              <input type="text" name="availability" value="<?php echo $row['availability']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="tel">Tel:</label>
              <input type="text" name="tel" value="<?php echo $row['tel']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="email">email:</label>
              <input type="text" name="email" value="<?php echo $row['email']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="location">Location:</label>
              <input type="text" name="location" value="<?php echo $row['location']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <table width="230" border="0">
                <tr>
                  <td><label for="incall">Incall: </label></td>
                  <td><select name="incall">
                  	<option selected="selected" value="<?php echo $row['incall']; ?>"><?php echo $row['incall']; ?></option>
                    <option value="Yes"> Yes</option>
                    <option value="No"> No</option>
                    </select></td>
                </tr>
                <tr>
                  <td><label for="outcall">Outcall: </label></td>
                  <td><select name="outcall">
                    <option selected="selected" value="<?php echo $row['outcall']; ?>"><?php echo $row['outcall']; ?></option>
                    <option value="Yes"> Yes</option>
                    <option value="No"> No</option>
                    </select></td>
                </tr>
              </table>
            </div>
            <br />
            <br />
          </div>
          <div class="edit-model-rates">
            <table width="350" border="0">
              <tr>
                <td><p><b>Rates</b></p></td>
                <td><label for="r_incall">Incall: </label></td>
                <td><label for="r_outcall">Outcall: </label></td>
              </tr>
              <tr>
                <td><p>1 Hour</p></td>
                <td><input type="text" name="incall_1hr" value="<?php echo $row['incall_1hr']; ?>"></td>
                <td><input type="text" name="outcall_1hr" value="<?php echo $row['outcall_1hr']; ?>"></td>
              </tr>
              <tr>
                <td><p>90 Mins</p></td>
                <td><input type="text" name="incall_90mins" value="<?php echo $row['incall_90mins']; ?>"></td>
                <td><input type="text" name="outcall_90mins" value="<?php echo $row['outcall_90mins']; ?>"></td>
              </tr>
              <tr>
                <td><p>2 Hours</p></td>
                <td><input type="text" name="incall_2hrs" value="<?php echo $row['incall_2hrs']; ?>"></td>
                <td><input type="text" name="outcall_2hrs" value="<?php echo $row['outcall_2hrs']; ?>"></td>
              </tr>
              <tr>
                <td><p>Additional Hour</p></td>
                <td><input type="text" name="iadditional_hr" value="<?php echo $row['iadditional_hr']; ?>"></td>
                <td><input type="text" name="oadditional_hr" value="<?php echo $row['oadditional_hr']; ?>"></td>
              </tr>
              <tr>
                <td><p>Additional 30 Mins</p></td>
                <td><input type="text" name="iadditional_30mins" value="<?php echo $row['iadditional_30mins']; ?>"></td>
                <td><input type="text" name="oadditional_30mins" value="<?php echo $row['oadditional_30mins']; ?>"></td>
              </tr>
              <tr>
                <td><p>Overnight</p></td>
                <td><input type="text" name="iovernight" value="<?php echo $row['iovernight']; ?>"></td>
                <td><input type="text" name="oovernight" value="<?php echo $row['oovernight']; ?>"></td>
              </tr>
              <tr>
                <td><p>Dinner Date</p></td>
                <td><input type="text" name="dinner_date" value="<?php echo $row['dinner_date']; ?>"></td>
              </tr>
            </table>
          </div>
          
          <div id="desc">
            <label for="intro">Intro:</label>
            <br />
            <textarea name="g_desc" cols="20" rows="19" id='elm3'><?php echo $row['g_desc']; ?></textarea>
          </div>
        	<input type="hidden" name="user_id" value="<?php echo $row['user_id']; ?>"><br />
			<div id="edit-model-btn"><input type="submit" name="submit" value="Update Model" /></div>
            </form>
		<?php
		
	}
else
{
die ("This is not your your account data!");
}
0

Do you have session_start() and database configurations enabled in this current page ?
and What kind of errors do u get ?

0

yeh I got the database setup correct and the session start at the top of each page

I get the following error,

Parse error: syntax error, unexpected T_ELSE, expecting T_FUNCTION in C:\xampp\htdocs\public_html\adultxxxzone.co.uk\members\agency\class\members_class.php on line 759

0

I noticed I did not show the full code missed a bit, soz here is the full function

//Update model


function update_model_form($id){
	


$id = mysql_real_escape_string($row['id']);
$user_id = mysql_real_escape_string($row['user_id']);
$username = mysql_real_escape_string($_SESSION['username']);
$who = mysql_query("SELECT u.id, u.username FROM users u INNER JOIN profile p WHERE username='$username' AND user_id='$id'");
$who_num_rows = mysql_num_rows($who);
if (!$username&&$id==$user_id)

		$id = mysql_real_escape_string($id);
		
		$sql = "SELECT p.cname, p.email, p.work_landline, p.mobile, p.door_no, p.street, p.town, p.county, p.country, 
		p.postcode, p.website, p.aimage, p.intro, p.id 
		FROM profile p INNER JOIN users u ON u.id=p.user_id 
		WHERE u.username = " . mysql_real_escape_string($_SESSION['username']) ." ORDER BY cname ASC";
		
		$sql = "SELECT * FROM cescorts WHERE id = '$id'";
		$res = mysql_query($sql) or die(mysql_error());
		$row = mysql_fetch_assoc($res);
	
		?>
        <?php include 'tinymce.php'; ?>
        
        <form method="post" action="escorts.php">
          <input type="hidden" name="update_model" value="true" />
          <input type="hidden" name="id" value="<?php echo $row['id']; ?>">
          <div id="edit-model-form">
            <div class="edit-model">
              <label for="g_name">Models Name:</label>
              <input type="text" name="g_name" value="<?php echo $row['g_name']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="nationality">Nationality:</label>
              <input type="text" name="nationality" value="<?php echo $row['nationality']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="age">Age:</label>
              <input type="text" name="age" value="<?php echo $row['age']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="height">Height:</label>
              <input type="text" name="height" value="<?php echo $row['height']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="bust">Bust:</label>
              <input type="text" name="bust" value="<?php echo $row['bust']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="dress_size">Dress Size:</label>
              <input type="text" name="dress_size" value="<?php echo $row['dress_size']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="hair">Hair Colour:</label>
              <input type="text" name="hair" value="<?php echo $row['hair']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="eyes">Eye Colour:</label>
              <input type="text" name="eyes" value="<?php echo $row['eyes']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="languages">Languages:</label>
              <input type="text" name="languages" value="<?php echo $row['languages']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="availability">Availabiltiy:</label>
              <input type="text" name="availability" value="<?php echo $row['availability']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="tel">Tel:</label>
              <input type="text" name="tel" value="<?php echo $row['tel']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="email">email:</label>
              <input type="text" name="email" value="<?php echo $row['email']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <label for="location">Location:</label>
              <input type="text" name="location" value="<?php echo $row['location']; ?>">
            </div>
            <br />
            <div class="edit-model">
              <table width="230" border="0">
                <tr>
                  <td><label for="incall">Incall: </label></td>
                  <td><select name="incall">
                  	<option selected="selected" value="<?php echo $row['incall']; ?>"><?php echo $row['incall']; ?></option>
                    <option value="Yes"> Yes</option>
                    <option value="No"> No</option>
                    </select></td>
                </tr>
                <tr>
                  <td><label for="outcall">Outcall: </label></td>
                  <td><select name="outcall">
                    <option selected="selected" value="<?php echo $row['outcall']; ?>"><?php echo $row['outcall']; ?></option>
                    <option value="Yes"> Yes</option>
                    <option value="No"> No</option>
                    </select></td>
                </tr>
              </table>
            </div>
            <br />
            <br />
          </div>
          <div class="edit-model-rates">
            <table width="350" border="0">
              <tr>
                <td><p><b>Rates</b></p></td>
                <td><label for="r_incall">Incall: </label></td>
                <td><label for="r_outcall">Outcall: </label></td>
              </tr>
              <tr>
                <td><p>1 Hour</p></td>
                <td><input type="text" name="incall_1hr" value="<?php echo $row['incall_1hr']; ?>"></td>
                <td><input type="text" name="outcall_1hr" value="<?php echo $row['outcall_1hr']; ?>"></td>
              </tr>
              <tr>
                <td><p>90 Mins</p></td>
                <td><input type="text" name="incall_90mins" value="<?php echo $row['incall_90mins']; ?>"></td>
                <td><input type="text" name="outcall_90mins" value="<?php echo $row['outcall_90mins']; ?>"></td>
              </tr>
              <tr>
                <td><p>2 Hours</p></td>
                <td><input type="text" name="incall_2hrs" value="<?php echo $row['incall_2hrs']; ?>"></td>
                <td><input type="text" name="outcall_2hrs" value="<?php echo $row['outcall_2hrs']; ?>"></td>
              </tr>
              <tr>
                <td><p>Additional Hour</p></td>
                <td><input type="text" name="iadditional_hr" value="<?php echo $row['iadditional_hr']; ?>"></td>
                <td><input type="text" name="oadditional_hr" value="<?php echo $row['oadditional_hr']; ?>"></td>
              </tr>
              <tr>
                <td><p>Additional 30 Mins</p></td>
                <td><input type="text" name="iadditional_30mins" value="<?php echo $row['iadditional_30mins']; ?>"></td>
                <td><input type="text" name="oadditional_30mins" value="<?php echo $row['oadditional_30mins']; ?>"></td>
              </tr>
              <tr>
                <td><p>Overnight</p></td>
                <td><input type="text" name="iovernight" value="<?php echo $row['iovernight']; ?>"></td>
                <td><input type="text" name="oovernight" value="<?php echo $row['oovernight']; ?>"></td>
              </tr>
              <tr>
                <td><p>Dinner Date</p></td>
                <td><input type="text" name="dinner_date" value="<?php echo $row['dinner_date']; ?>"></td>
              </tr>
            </table>
          </div>
          
          <div id="desc">
            <label for="intro">Intro:</label>
            <br />
            <textarea name="g_desc" cols="20" rows="19" id='elm3'><?php echo $row['g_desc']; ?></textarea>
          </div>
        	<input type="hidden" name="user_id" value="<?php echo $row['user_id']; ?>"><br />
			<div id="edit-model-btn"><input type="submit" name="submit" value="Update Model" /></div>
            </form>
		<?php
		
	}
	
	function update_model($p) {
		$id = mysql_real_escape_string($p['id']);
		$g_name = mysql_real_escape_string($p['g_name']);
		$nationality = mysql_real_escape_string($p['nationality']);
		$age = mysql_real_escape_string($p['age']);
		$height = mysql_real_escape_string($p['height']);
		$bust = mysql_real_escape_string($p['bust']);
		$dress_size = mysql_real_escape_string($p['dress_size']);
		$hair = mysql_real_escape_string($p['hair']);
		$eyes = mysql_real_escape_string($p['eyes']);
		$languages = mysql_real_escape_string($p['languages']);
		$availability = mysql_real_escape_string($p['availability']);
		$tel = mysql_real_escape_string($p['tel']);
		$email = mysql_real_escape_string($p['email']);
		$location = mysql_real_escape_string($p['location']);
		$incall = mysql_real_escape_string($p['incall']);
		$outcall = mysql_real_escape_string($p['outcall']);
		$incall_1hr = mysql_real_escape_string($p['incall_1hr']);
		$incall_90mins = mysql_real_escape_string($p['incall_90mins']);
		$incall_2hrs = mysql_real_escape_string($p['incall_2hrs']);
		$outcall_1hr = mysql_real_escape_string($p['outcall_1hr']);
		$outcall_90mins = mysql_real_escape_string($p['outcall_90mins']);
		$outcall_2hrs = mysql_real_escape_string($p['outcall_2hrs']);
		$iadditional_hr = mysql_real_escape_string($p['iadditional_hr']);
		$oadditional_hr = mysql_real_escape_string($p['oadditional_hr']);
		$iadditional_30mins = mysql_real_escape_string($p['iadditional_30mins']);
		$oadditional_30mins = mysql_real_escape_string($p['oadditional_30mins']);
		$dinner_date = mysql_real_escape_string($p['dinner_date']);
		$iovernight = mysql_real_escape_string($p['iovernight']);
		$oovernight = mysql_real_escape_string($p['oovernight']);
		$g_desc = mysql_real_escape_string($p['g_desc']);
		$user_id = mysql_real_escape_string($p['user_id']);

		if(!$g_name):
		
			if(!g_name):
				echo "<p>Model name is required</p>";
			endif;
		
			echo '<p><a href="edit-escort.php?id=' . $id . '">Try Again</a></p>';
		
		else:
			$sql = "UPDATE cescorts SET id ='$id', g_name ='$g_name', nationality ='$nationality', age ='$age', height ='$height', 
			bust ='$bust', dress_size ='$dress_size', hair ='$hair', eyes ='$eyes', languages ='$languages', availability ='$availability', 
			tel ='$tel', email ='$email', location ='$location', incall ='$incall', outcall ='$outcall', incall_1hr ='$incall_1hr', 
			incall_90mins ='$incall_90mins', incall_2hrs ='$incall_2hrs', outcall_1hr ='$outcall_1hr', outcall_90mins ='$outcall_90mins', 
			outcall_2hrs ='$outcall_2hrs', iadditional_hr ='$iadditional_hr', oadditional_hr ='$oadditional_hr', 
			iadditional_30mins ='$iadditional_30mins', oadditional_30mins ='$oadditional_30mins', dinner_date ='$dinner_date', 
			iovernight ='$iovernight', oovernight ='$oovernight', g_desc ='$g_desc', 
			user_id ='$user_id' WHERE id ='$id' ";
			$res = mysql_query($sql) or die(mysql_error());
			echo "Updated Successfully! <a href='escorts.php'>Continue</a>";
		endif;
	}

else

{

die ("This is not your your account data!");

}
0

Hi,

It seems you messed up with the if else conditions outside the function. Remove the else part after the line no 231. or try to rearrange the if else parts.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.