0

I'm trying to make a function that checks the user level.

function run_admin($userid, $username){

    global $dbcon;

    $stmt = $dbcon->prepare("SELECT userid, username, admin FROM user WHERE userid = ?");

    $stmt->bind_param('isi',$userid, $username, $admin);
    $userid = $_SESSION['userID'];

    $stmt->execute();
    $stmt->bind_result($userid,$username,$admin);

    $stmt->fetch();

   //if($admin >= 1){ echo $userid . " is admin!"; }
   // above prints "1 is admin!";

}

if(run_admin("1", "Mikkel") == "1")){ 
   echo "It's working, you are admin"; 
}

I've included the file with the $dbcon and it is working on another page. The global is a idea from another question, mysqli/mysql query inside function not working but I can't get it working.

I'd like to use the function to check if session logged in userID and username .

The admin row returns with integers.

I'm not really good at mysqli prepared statements, still learning but this I don't know where to read about.

Could anyone help or guide me in the right direction.

Community
  • 1
  • 1
  • Wouldn't you like get an error message or something? You have bound too many unused parameters. Read up on PDO before getting too entangled with mysqli. – mario Jan 01 '15 at 13:09
  • Oh sorry. It should be bind_param('i', $userid) with userid as it in the where clause. It is working I just pasted to much from test. –  Jan 01 '15 at 14:36
  • omg it's working .. I just read from another q that I could use; ini_set('error_reporting', E_ALL); to see error messages. –  Jan 01 '15 at 15:02

2 Answers2

0

The problem may be in this statements : 

$stmt = $dbcon->prepare("SELECT userid, username, admin FROM user WHERE userid = ?");

$stmt->bind_param('isi',$userid, $username, $admin);

In the first statement, in your query there is only one ? for the userid, so in the second statement you need to bind only one value. So the statement will be :

$stmt->bind_param('i',$userid);
tejashsoni111
  • 1,405
  • 1
  • 18
  • 34
  • Thanks, I know. Look at my comment to the Q. I pasted too much from my tests .. :( Nothing is wrong with the query, my question is how to make the function work proberly :-) –  Jan 01 '15 at 14:39
0

Here's how I'd compact your code:

function is_admin($userid) {
    return
        db("SELECT admin FROM user WHERE userid = ?", $userid)
        ->admin;
}

if (is_admin("1")) { 
   echo "It's working, you are admin"; 
}

This is using a simple db()/PDO wrapper. It's probably unsuitable for you. But just pick any database abstraction scheme. - While of course you could choose to keep the long-winded mysqli instead. (Yikes!)

The important point is returning the admin column. Your excerpt didn't do that. Which is why the if failed to work.

Also avoid == "1" in comparisons. Your database already returns a boolean or integer. And PHP is perfectly apt to evaluate it in boolean context even if it came back as string.

mario
  • 144,265
  • 20
  • 237
  • 291
  • Very nice comment. Thanks :-) but learning how mysqli works are more important for me, than using a shortcut .. at least at the begininng :) –  Jan 01 '15 at 16:22
  • Learning things in detail is obviously a good thing. Mysqli however is a waste of time, and quite often a newcomer trap IMO. Nobody is using it for new projects. The PHP community at large has settled on PDO. – mario Jan 01 '15 at 16:35