-1

If the value of the result is 0 it has to go to 'cid_check_firstdep.php' otherways (if its 1) it has to go to 'cid_check_depwid.php'. It has to work, but i don't know why it doesn't. I've tried what i could that i think would be possible to fix it, but nono. Code:

<?php
$con = mysql_connect("localhost","root","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  header('Location: /ucp/error.php');
  }

$sql = "SELECT validated FROM users WHERE username='".($_SESSION['username'])."'";
mysql_select_db("bluecard");
mysql_query($sql,$con);

if ($sql<'1')
    {
    mysql_close($con);
    header('Location: /ucp/cid_check_firstdep.php'); 
    }
else
    {
    mysql_close($con);
    header('Location: /ucp/cid_check_depwid.php');
    }
?>

or do i have to use : 

 if ($sql=='0')

?

|||

@John Conde

<?php
if(! get_magic_quotes_gpc() )
{
   $withdraw = addslashes ($_POST['withdraw']);

}
else
{
   $withdraw = $_POST['withdraw'];

}

$con = mysql_connect("localhost","root","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  header('Location: /ucp/error.php');
  }

$__sql = "SELECT cardvalue FROM users WHERE username='".($_SESSION['username'])."'";
mysql_select_db("bluecard");
mysql_query($__sql,$con);
if ($__sql<'5000000')
    {
    header('Location: /ucp/includes/withdraw_fail.php'); 
    mysql_close($con);
    }
else
    {

    $_sql = "UPDATE users SET Bank=Bank + '$deposit' WHERE Username='".($_SESSION['username'])."'";
mysql_select_db("server");
    mysql_query($_sql,$con);
$sql = "UPDATE users SET cardvalue=cardvalue +- '$deposit', thismonth_withdraw=thismonth_withdraw + '$deposit', lastwithdraw = Now() WHERE username='".($_SESSION['username'])."'";
mysql_select_db("bluecard");
mysql_query($sql,$con);
mysql_close($con);
header('Location: /ucp/includes/withdraw_done.php');
    }
?>
Mr. Morgan
  • 53
  • 1
  • 6

2 Answers2

2

You're checking the wrong variable for your SQL result. You're using the variable containing your query instead of the variable you never assigned to capture the result of mysql_query(). You also want to use mysql_num_rows() to see how many results were returned.:

$result = mysql_query($sql,$con);

if ($result && mysql_num_rows($result) == 1) {

FYI, you shouldn't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

Zoe
  • 27,060
  • 21
  • 118
  • 148
John Conde
  • 217,595
  • 99
  • 455
  • 496
  • Hmm not really working. Instead this script is totally working : EDIT. I have put it in the post, its messing up the code in the comment. – Mr. Morgan Jun 12 '14 at 02:04
  • You didn't even use the code I posted. Why do you thnk your code would suddenly start working if you didn't fix it? – John Conde Jun 12 '14 at 02:05
  • Oh wait i dont try how many results came back, i try to see if that result, it would be always only 1 result. If its value is 0 then .. else .. – Mr. Morgan Jun 12 '14 at 02:18
0

Hi Morgan I change your code according to my knowledge. I think this will help you to work done.

If you found any match to the username "count($return_data)" will get 1.

Thanks. 

 <?php
    $con         = mysql_connect("localhost","root","password");
    $select_db   = mysql_select_db("bluecard");
    if (!$con)
      {
      die('Could not connect: ' . mysql_error());
      header('Location: /ucp/error.php');
      }

    $sql = "SELECT validated FROM users WHERE username='".($_SESSION['username'])."'";
    $query = mysql_query($sql,$con);
    $return_data = array();
    while($rows = mysql_fetch_array($query)){
        $return_data[]=$rows;   
    }

    if (count($return_data)<=1)
        {
        mysql_close($con);
        header('Location: /ucp/cid_check_firstdep.php'); 
        }
    else
        {
        mysql_close($con);
        header('Location: /ucp/cid_check_depwid.php');
        }
    ?>
Sri
  • 496
  • 1
  • 5
  • 20