1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 10:52 am May 1, 2026

Forum Moderators: coopster

Message Too Old, No Replies

function

         

tr8er8

8:31 pm on Dec 13, 2008 (gmt 0)

10+ Year Member



hi i have a function that takes a value from a row, and converts the number to text. except im having trouble getting it to work so i came here to see if anyone can see what im doing wrong: 


function userLvl($value) {
if(!$_SESSION['logged_in'])
{
$access = FALSE;
}else {
$query = mysql_query("SELECT * FROM users WHERE userid = '$value'");
$row = mysql_fetch_array($query);
$num_rows = mysql_num_rows($query);
$value = $row['accessLvl'];
$userLvl = array(
"0" => "User", 
"1" => "Power User", 
"2" => "Moderator", 
"3" => "Admin"
);
$userLvl = array_values($userLvl);
return $userLvl[$value];
}
if($access==FALSE)
{
global $loginUrl;
header("Location: $loginUrl");
}
}

then i do: 


echo userLvl('1');

to display it

sdlas

8:37 pm on Dec 13, 2008 (gmt 0)

10+ Year Member



Mann careful
i guess your script is vulnerable for a SQL injection Exploit
filter the $value
i just done a mini pentest :D for free
sorry couldn't help with your problem

Mahabub

10:50 am on Dec 14, 2008 (gmt 0)

10+ Year Member



Dear tr8er8,

I didnt found any error on your function. please check database connectivity and post the error which you got.

also check all the values of column accessLvl in users table >=0 and <=3
Thanks
Mahabub

tr8er8

5:23 pm on Dec 14, 2008 (gmt 0)

10+ Year Member



Oops! i found the problem, in the query i needed to filter where accessLvl = '$value' not userid = '$value' :D
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 10:52 am May 1, 2026