I have added in some code which checks if the user is an admin but I'm getting an error



$sql = mysql_query ("SELECT * FROM users") or die(mysql_error());;
$gordon = mysql_fetch_array ($sql);
if ($row['level']= "9"){
echo "Admin"}


( ! ) Parse error: syntax error, unexpected T_VARIABLE, expecting ',' or ';' in C:\Documents and Settings\Owner\Desktop\canberra amatuer productions\www\Canberra Amatuer Productions\echo time.php on line 103

Any help?

echo "Admin"}

Should be


echo "Admin";}

Thanks, I changed what you said but it's still coming up with the same error. Any help?

not a solution, but
if ($row['level']= "9"){
should be

if ($gordon['level']== "9"){
In your code $row['level'] will always be true.

Are you sure you are posting line 103 from your time.php file?

$sql = mysql_query ("SELECT * FROM users") or die(mysql_error());;
$gordon = mysql_fetch_array ($sql);
if ($row['level']= "9"){
echo "Admin"}

( ! ) Parse error: syntax error, unexpected T_VARIABLE, expecting ',' or ';' in C:\Documents and Settings\Owner\Desktop\canberra amatuer productions\www\Canberra Amatuer Productions\echo time.php on line 103

In addition, you have an extra semicolon after your first line above. It should look like this:

$sql = mysql_query("SELECT * FROM users") or die(mysql_error());
$gordon = mysql_fetch_array($sql);
if ($row['level'] == "9"){ echo "Admin"; }

If you're still getting an error, then it is occurring somewhere else.
Remember that the error is reported at the line where PHP can no longer recover; which is not necessarily (in fact, usually isn't) where the actual mistake is.

However, you're still only checking the first row. If the first user in your DB is an admin, this will always print "Admin"; if not, then it will never do anything.

The query is also very heavy (you're retrieving all columns from all records but only using one column from one record). If you get hundreds of users (or thousands) and you're doing this check every time a certain page (or any page) is loaded, it will be slow. You should only select what you need in your query. You could even do the entire check via mysql, and not have to process any of it in php.

If you want to know if a particular user is an admin, try something more like this:
$userid = ''; // user id to check (whatever unique column you use)

$SQL = "SELECT `id` FROM `users` WHERE `id`='$userid' AND `level`='9' LIMIT 1";
// this way, you only get a match if the user *also* has level=9.
// if you get no results, then you know that the user is _not_ level=9.

if( mysql_num_rows( mysql_query($SQL) ) === 1 ){ print "User $userid is an Admin"; }
else{ print "User $userid is a loser."; }

The unique column I am using to see if they are an admin is called level. If it is set to 1 they are a normal user if it is set to 9 they are an admin. I am not very good at sql so could you please just show me how to check that?

Also in your code Traq, what should $userid equal?

Where are you getting $row from if the array that is being fetched is stored in $gordon?

$row should be replaced with $gordon. You also need two equal signs in a comparison operator (this is true of any OOP language).

That syntax error you're gettting is because you don't have a semicolon after echo "Admin".

Also, as Adrian said:


If you want to know if a particular user is an admin, try something more like this:


"SELECT `id` FROM `users` WHERE `id`='$userid' AND `type`='9' LIMIT 1";



I suggest you do that too. Or if you're looping through all of the users, you need to use a loop.

Anyway, try this:


$sql = mysql_query ("SELECT * FROM users") or die(mysql_error());

$gordon = mysql_fetch_array ($sql);

if ($gordon['level'] == "9"){
echo "Admin";
}

The unique column I am using to see if they are an admin is called level. If it is set to 1 they are a normal user if it is set to 9 they are an admin. I am not very good at sql so could you please just show me how to check that?

Also in your code Traq, what should $userid equal?

From what I see in your code, level is not unique. There might be only one level=9 user, but any number of users could have level=1, correct?

What column do you have with a unique value for each record (e.g., your primary/unique key: id, user_id, username, etc.)?

In my code example, $userid would hold the unique id of the user you are trying to check (and the query, of course, would use the appropriate col name). You might get that value from a login form, for example, <input name="username">, or you might get it from a user function, like get_user_id($_POST['username']). Make sure you sanitize the value before you use it in your query.

sorry for the confusion - I meant to use your column name level in my post above, not type. I fixed it.

I'm a bit confused. If I want to find out if the user that is logged in is an admin should it be like - select from user where username == the login cookie and level == 9?

Could someone please just explain to me really simply what I have to do. Also Traq there can be more than one user who's level == 9.
Also if I wanted to use the code with $userid I would have to find out what the user who is logged in's id is. so would the code look like - select id where username== the logincookie?

I don't know how your login system is set up, so I can't answer that question. If the username is unique (only one user can have any given username), then yes, you can use that.


$username = ''; // <--- put username here
$SQL = "SELECT `id` FROM `users` WHERE `username`='$username' AND `level`='9'";
if( mysql_num_rows( mysql_query( $SQL ) ) === 1 ){
/* $username _is_ an admin.
Do Admin-related stuff. */
}else{
/* $username is _not_ an admin.
He can't do admin-related stuff. */
}

Could someone please just explain to me really simply what I have to do. Also Traq there can be more than one user who's level == 9.


A better question would be what are you trying to do? From the looks of your code, you're either trying to print out a list of users and flag which ones have level = 9, or you're selecting a specific user, determining if they have level = 9, and you're doing it wrong.

After a user logs in to the members area, if they have are an admin ( levels ==9) I would like it to display welcome admin

A better approach would be to determine that during the login, and then your scripts could refer to it whenever needed.

Thanks for the suggesting traq, I will do that after i've gotten the actual script to work.


$username1 = '$username';
$SQL = "SELECT `id` FROM `users` WHERE `username`='$username1' AND `level`='9'";
if( mysql_num_rows( mysql_query( $SQL ) ) === 1 ){
echo "Welcome Admin";


}else{
echo "Welcome";
}

Something in there is causing this error

( ! ) Parse error: syntax error, unexpected T_VARIABLE, expecting ',' or ';' in C:\Documents and Settings\Owner\Desktop\canberra amatuer productions\www\Canberra Amatuer Productions\echo time.php on line 104

where is line 104? post the dozen or so lines before that.

also, is the user's username literally "$username" ? or is $username a variable that holds the actual username?

seems like -everyone- is quoting their variables lately...???

<?php

mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("keyboard_test") or die(mysql_error());


if(isset($_COOKIE['ID_my_site']))
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{


if ($pass != $info['password'])
{ header("Location: login.php");
}


else
{

$links = "link2.php";
}
}
}
else


{
header("Location: login.php");
}








?>

<?php


if (isset ($_POST['submit']))
{







$comment = mysql_escape_string (trim (nl2br($_POST['comment'])));

// makes sure they filled it in
if(!$_POST['comment']) {
die('You didn\'t enter a comment.');

}

$date = date("d/m/y");
$cheese = "$comment <br /><hr /> ";
$guoc = "<b>$username</b>";



$sql = mysql_query ("INSERT INTO comments (id,comments,name,date,ip) VALUES ('0','".$cheese."','".$guoc."','".$date."','" . $_SERVER['REMOTE_ADDR']."')");







echo '<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><center>Your comment has been entered successfully!</center>';
echo '<center><form method="post" action="echo time.php">';
echo '<input type="submit" value="Click me" name="name"> <br />';
echo '</form>';
echo '</center>';

}

else
{


?>


<html>
<head>



</head>
<body>
<?php include("$links");
echo "Hey <b> $username</b>"


$username1 = '$username';
$SQL = "SELECT `id` FROM `users` WHERE `username`='$username1' AND `level`='9'";
if( mysql_num_rows( mysql_query( $SQL ) ) === 1 ){
echo "Welcome Admin";


}else{
echo "Welcome";
}


?>
<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br />
<p><b><u>COMMENTS</u></b></p>





<?php

// POST data wasnt entered, so display the comments and comment form
// view comments from database
$sql = mysql_query ("SELECT * FROM comments ORDER BY date DESC") or die(mysql_error());;
while ($row = mysql_fetch_array ($sql)) {
?>
<table border="0" cellspacing="0" cellpadding="4" width="500">
<tr>
<td>
<?php
echo $row['name'].'<br />';
?>
</td>
<td>
<?php
echo $row['date'].'<br />';
?>
</td> </tr>
</table><br />
<?php
echo $row['comments'].'<br />';




}



echo '<br /><br />
<form action="echo time.php" method="post">
Comments:<br />
<textarea name="comment" cols="40" rows="7"></textarea>
<input type="submit" value="Submit" name="submit">
</form>';
}
?>
<body style="background-color:lightgreen">
</body>
</html>


Thats the entire code. And $username is the name of the variable that holds the username

this line (101):
echo "Hey <b> $username</b>" has no ending semicolon.

And if $username is a variable, don't quote it
$username // works
"$username" // works (but no reason to do it like this)
'$username' // don't works : /