Hi Jamier

that code has syntax error. try this

<div id="user_box">
<?php
if($id>0) {
echo 'Logged in as '. $rowAccount['username'];
echo '<input type="button" name="Button" value="Logout" onclick="document.location.href=\'logout.php\'"/>';
}
?>
</div>

if youd $id variable and $rowAccount["username"] are populated, then this should work.

Hi there Jamier101,
[EDIT:] Yes Anyango well spotted! I hadn't noticed that! Do I feel stoopid now or what ;)

$query = sprintf("SELECT * FROM users WHERE username='$id'");
$result = @mysql_query($query);<-- Remove the @ from here!
$rowAccount = @mysql_fetch_array($result);<-- Remove the @ from here!

If your writing a script, surely you would like to know the error's that are being flagged in your code, and as you have error_reporting set to E_ALL E_STRICT I guess as you want to, then it seems kinda contradictory to suppress error messages from the sql functions like you are.

I would recommend this:-

$query = "SELECT * FROM `users` WHERE `username` = '".$id."' ";
$result = mysql_query($query) or die("Query error:".mysql_error());
$rowAccount = mysql_fetch_array($result) or die("Fetch Array Error:".mysql_error());

I don't think as printf() is needed here, it's being called unnecessarily as there is nothing being formatted.

The whilst you do your development work you can trap error's, BUT when going to your live server (after all the bugs have been worked out) you can remove the or die(Mysql_error()) part of that statement/directive.

And being a purist, session_start() should be declared as the FIRST thing after the call to that parser is made so that the session connection can be made to PHPSESSID that is in the cookie list in your browser, and if you are doing this on other pages you need to declare session_start() on each of these pages purely for this reason...

Lastly:-

elseif($id()) {
exit;
}

I have no idea what your trying to achieve there at all, there is no need to have that there at all, alternatively you can have it as the else clause and just have a brief message and then a redirect perhaps? Just a thought for you!

Cheers,
MRb

How did I miss

if($id>0)

?

You know its time to give up and go to the pub when you've got a headache, the laptop hard drive is making a strange clicking sounds that signals failure is around the corner, you've ran out of milk for tea and you miss something as simple as

if($id>0)

!

Thanks for the help guys, I'd like to think that I'm getting better at my PHP :) At least I've been of some use in the CSS section with solving the problems over there, lol.

TTFN I'm off to the pub :)

^^^
Lol, been there done that, and thanks for reminding me about the milk!

Don't forget that we were all learners at some point or other, so don't worry about making mistakes, this is HOW we learn, I make mistakes all the time, I usually blame it on the brand of coffee that I have chosen!

Good luck, and have a nice pint!

Cheers,
MRb

I sure will :)

I just ran the script through and I seem that I get nothing if I use the if($id>0)and if I remove that second and display it as below I get a Fatal Array Error.

<?php { 
echo 'Logged in as '. $rowAccount['username']; 
echo '<input type="button" name="Button" value="Logout" onclick="document.location.href=\'logout.php\'"/>'; 
} 
?> 

PS. I amended the top script:

<?php

//error_reporting(E_ALL|E_STRICT);

require_once("Connections/connection.php");

session_start();

$tbl_name="users";

//include("includes/security.php");

$id = $_SESSION['id'];

$query = "SELECT * FROM `users` WHERE `username` = '".$id."' "; 
$result = mysql_query($query) or die("Query error:".mysql_error()); 
$rowAccount = mysql_fetch_array($result) or die("Fetch Array Error:".mysql_error());

?>

use

if($id!="") to support alphanumeric session ids, if($id>0) will work only for a numeric id

Hi all,

if($id>0)

This is dependant on $_SESSION['id']; being a numerical value, and since your not asking the db to return any row count, this wouldn't be the best approach to have, though anyango's suggestion would do the trick, I think a good way to do this would be like:-

if(isset($_SESSION['id']) && !empty($_SESSION['id'])){
your code
}
else{
//the $_SESSION['id'] wasn't located in the DB, redirect back login...
]

By doing this, your having the error handler there, and your checking to see if it is set (as PHPSESSID is active whenever you have session_start() at the top of your page) and crucially, your checking that the key has a value, which if it has been set (and not corrupted) it should do.

I would suggest you do a print_r on the returned array from the query to see if is actually returning the result as your expecting, then at least you know as the query is functional, personally I would put the Mysql_fetch_array() into a while loop so that it will make the code a bit better to read, and you can then pop the LIMIT 1 clause into the sql, but that is ONLY if you know that 1 result will be returned, the use of the while loop is just a matter of preference...

Cheers,
MRb

It appears that if I take out

or die("Fetch Array Error:".mysql_error())

then everything works fine, do you know why this would be?

I have modified the code to read as below and since then everything seems to be working okay (fingers crossed).

Top of page

<?php

//error_reporting(E_ALL|E_STRICT);

require_once("Connections/connection.php"); // Connection to the server

session_start();

$tbl_name="users"; // Define the table name

//include("includes/security.php"); //Link to the security file

$id = $_SESSION['id'];

////////////////////////////////////////////////////////////////////////////////////
$query = "SELECT * FROM `users` WHERE `username` = '".$id."' "; 
$result = mysql_query($query) or die("Query error:".mysql_error()); 
$rowAccount = mysql_fetch_array($result);
////////////////////////////////////////////////////////////////////////////////////

?>

Section found within the div tags

<div id="user_box">
<?php 
//if($id!=""){ 
//echo 'Logged in as: '. $rowAccount['username']; 
//echo '<input type="button" name="Button" value="Logout" onclick="document.location.href=\'logout.php\'"/>'; 
//}

if(isset($_SESSION['id']) && !empty($_SESSION['id'])){
echo 'Logged in as '. $rowAccount['username']; 
echo '<input type="button" name="Button" value="Logout" onclick="document.location.href=\'logout.php\'"/>'; 
}
?> 
</div>

Do you think it would be possible to make the elseif statement something along the lines of:

elseif{
//redirected from the logoff script after the button being clicked
echo 'You are now logged out'
}

It appears that if I take out or die("Fetch Array Error:".mysql_error()) then everything works fine, do you know why this would be?

Not sure if it is even allowed, i certainly never used mysql_error on mysql_fetch_array(). I have seen it being used only on connect and select db and execute query statements.

Taking out that from fetch_array line was good i think