homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum


 8:31 pm on Dec 13, 2008 (gmt 0)

hi i have a function that takes a value from a row, and converts the number to text. except im having trouble getting it to work so i came here to see if anyone can see what im doing wrong:

function userLvl($value) {
$access = FALSE;
}else {
$query = mysql_query("SELECT * FROM users WHERE userid = '$value'");
$row = mysql_fetch_array($query);
$num_rows = mysql_num_rows($query);
$value = $row['accessLvl'];

$userLvl = array(
"0" => "User",
"1" => "Power User",
"2" => "Moderator",
"3" => "Admin"

$userLvl = array_values($userLvl);
return $userLvl[$value];
global $loginUrl;
header("Location: $loginUrl");

then i do:

echo userLvl('1');

to display it



 8:37 pm on Dec 13, 2008 (gmt 0)

Mann careful
i guess your script is vulnerable for a SQL injection Exploit
filter the $value
i just done a mini pentest :D for free
sorry couldn't help with your problem


 10:50 am on Dec 14, 2008 (gmt 0)

Dear tr8er8,

I didnt found any error on your function. please check database connectivity and post the error which you got.

also check all the values of column accessLvl in users table >=0 and <=3


 5:23 pm on Dec 14, 2008 (gmt 0)

Oops! i found the problem, in the query i needed to filter where accessLvl = '$value' not userid = '$value' :D

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved