I've got one table called books in my database. I've got users who are admin and not admins have boolean 0 assigned to them, so I have a function but I only want admins to be able to execute the function.
Therefore I need to check the database with their username and whether they are admins that is type==0 or not. I have to do this all in PDO statements.
$sqls =$handle->prepare("SELECT type FROM 888 WHERE 888='{$_COOKIE['888']}'");
$sqls->execute();
$row = $sqls -> fetch();
if($row['type']==0){do the function}
yet it does not show any error or anything else. Can you see and explain the problem?
This is bad. You are using a cookie (client-side) to check if a visitor has administrator rights. What's to stop anybody from just changing the cookie? Store the administrator flag value in a session (server-side) when the user logs in.
On login:
session_start();
$_SESSION['admin'] = 1; // for example
On your specific page:
session_start();
if ($_SESSION['admin'] === 1)
{
// do the function
}
And you save yourself from doing an unnecessary database query, solving your problem in the process.
Use $_SESSION instead. But ...
$mycookie = $_COOKIE['888'];
$sqls = $handle->prepare("SELECT type FROM `888` WHERE `888` = ? LIMIT 1");
$sqls->bindParam(1, $mycookie, PDO::PARAM_STR);
$row = false;
try {
$sqls->execute();
$row = $sqls->fetch();
}
catch (Exception $e) {
echo $e->getMessage();
}
if ($row) {
// may want to print_r($row) and debug...
if($row['type']==0) {
}
}