Im having a issue with my code i am working on. I am trying to get a include loaded depending on the status of the user (if they paid and if they have a invalid email. The NULL value is being pulled form the database however it only sends to the entermail.php
Here is my code does anyone see whats wrong?
function is_premium() {
$premium_query = mysql_query("SELECT 'authLevel' FROM 'users' WHERE 'fbID' ='".$userId."'");
$premium = mysql_query($premium_query);
if ($premium=='1') {
return true;
} else {
return false;
}
}
function valid_email() {
$validemail_query = mysql_query("SELECT 'parentEmailOne' FROM 'users' WHERE 'fbID' ='".$userId."'");
$validemail = mysql_query($validemail_query);
if ($validemail != 'NULL') {
return true;
} else {
return false;
}
}
if (!empty($session) && is_premium() && valid_email()) {
include 'indexPremium';
} else if (!empty($session) && valid_email()) {
include 'entermail.php';
} else if (!empty($session)) {
include 'indexLoggedIn.php';
}else{
include 'indexNotLogged.php';
}
You're not actually storing the string "NULL" in the database are you? Null is not the same as string "NULL" -- perhaps you want something like:
if (empty($validemail)) {
return false;
} else {
return true;
}
Or shorter:
return !empty($validemail);
Your functions are not using any parameters. And please use parametrized queries or escaping.
Try this in the validemail function:
if (!is_null($validemail)) {
return true;
} else {
return false;
}
Your functions reference a $userId variable which is neither passed in as a parameter not declared as global. Recommend you declare it as a parameter and pass it in, .e.g
function is_premium($userId) {
}
Your code is probably vulnerable to SQL Injection.
There are several small things I notice, which can add up to a non-working code. Let me copy one of your functions and work from there:
function valid_email() {
$validemail_query = mysql_query("SELECT 'parentEmailOne' FROM 'users' WHERE 'fbID' ='".$userId."'");
$validemail = mysql_query($validemail_query);
if ($validemail != 'NULL') {
return true;
} else {
return false;
}
}
The first thing you do is do a query, but you're not selecting field from the database, but rather a value (please not that '' mean values and `` is a field). This would be a better query:
"SELECT `parentEmailOne` FROM `users` WHERE `fbID` = '" . $userID . "'"
Furthermore, you're using a query twice, which is not the right way to fetch the results. Please use mysql_fetch_array to fetch the answer to an array:
$validemail = mysql_fetch_array($validemail_query);
Then returning would be:
return !empty($validemail['parentEmailOne']);
Furthermore, please have $userID as input for your function (like others mentioned already), since right now it will always be NULL (empty). (I mean like this: function valid_email($userID), you then call it like valid_email(10) for user with id 10.
Small update: You might want to check your if-else-statements, where you repeat a lot of function calls and checks. If you do it like this, you're only executing each function ones but do get the same results.
if(!empty($session))
{
if(valid_email())
{
if(is_premium())
include 'indexPremium';
else
include 'entermail.php';
}
else
include 'indexLoggedIn.php';
} else
include 'indexNotLogged.php';
This also leads me to believe that there might be an error in your checks, since you want people to go to entermail.php when there is no valid email. (If I made no mistakes, the above if-else-statements is what your code will generate for includes, but you might want the following.)
if(!empty($session))
{
if(valid_email())
{
if(is_premium())
include 'indexPremium';
else
include 'indexLoggedIn.php';
}
else
include 'entermail.php';
} else
include 'indexNotLogged.php';