3

I am trying to implement a Admin Level/User role into my website, I am fairly new to PHP so still trying to figure a few things out.

I have this SQL query:

$sqlUserLevel = $user_home->runQuery("SELECT * FROM po_users");
$sqlUserLevel->execute();
$loggedInUserRole = $sqlUserLevel->fetch(PDO::FETCH_ASSOC);

and this PHP if statement:

if($loggedInUserRole['userRole'] == "Admin"){
    include 'file.php';
  }else{
  //dont show.
}

But the content is still showing to everyone not just "Admin" users can someone point me in the right direction...

Improve this question
3
  • 1
    please note that youre fetching all the rows from your users table Commented Nov 16, 2016 at 9:01
  • 1
    AS the above comments suggests, you need a where clause $sqlUserLevel = $user_home->runQuery("SELECT * FROM po_users WHERE user_id = $currentUserID"); Commented Nov 16, 2016 at 9:12
  • Thanks both, this has helped a lot. Commented Nov 16, 2016 at 9:16

1 Answer 1

Reset to default
1

I think your query may be wrong , My opinion is please try to select the user role from op_user rather than * . What happens here you first record always looking and the if condition never gonna true. so that's why you getting this issue . Please have a try. This may help you.

Please change this as what you want. 

 $sqlUserLevel = $user_home->runQuery("SELECT userRole FROM po_users where uid='".$myUid."'");
    $sqlUserLevel->execute();
    $loggedInUserRole = $sqlUserLevel->fetch(PDO::FETCH_ASSOC);


    if($loggedInUserRole['userRole'] == "Admin"){
        include 'file.php';
      }else{
      //dont show.
    }

Please have a try this may help you.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

But please do not use that query. There should never be a variable directly in a query (good rule of thumb). Granted, if the variable is pulled directly from other hardcoded values, or taken directly from another query, it might be okay, but as a general rule, always use prepared queries.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.