PHP - identify user by url id

Question

I've 3 buttons to rank my users. Admin, Member and a button to ban them. So now I wanted to identify them by their "url-id" with $_GET. But when I do that I get an error:

Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING).

How can I fix that? I appreciate every help!

<?php
 include_once('connection.php');
 if (isset($_POST['ban'])) { 
  $sql = "UPDATE
          t_user_info
        SET
          user_level = 3
        WHERE 
          id = $_GET['id']";  

$query = $conn->prepare($sql);
$query ->execute(array('user_level' => $user_level));

session_unset();
session_destroy();
header('Location: /PHP/index.php?page=ban');
}
if (isset($_POST['admin_btn'])) { 
 $sql = "UPDATE
          t_user_info
        SET
          user_level  = 1
        WHERE 
          id       = $_GET['id']";  

$query = $conn->prepare($sql);
$query ->execute();
header('Location: /PHP/index.php?page=admin');

}

if (isset($_POST['member_btn'])) { 
$sql = "UPDATE
          t_user_info
        SET
          user_level  = 2
        WHERE 
          id       = $_GET['id']";   

$query = $conn->prepare($sql);
$query ->execute();
header('Location: /PHP/index.php?page=member');

}

?>

I can't see url-id in your code – Mateo Barahona Nov 04 '15 at 12:21 — Mateo Barahona, Nov 04 '15 at 12:21

Kostas Mitsarakis · Accepted Answer · 2015-11-04T12:33:29.773

Your update query had a syntax error and you were not binding the right values. Try this:

<?php
include_once('connection.php');
if (isset($_POST['ban'])) { 
    $sql = "UPDATE
            t_user_info
            SET user_level = 3
            WHERE id = :id";

    $query = $conn->prepare($sql);
    $query ->execute(array(':id'=>$_GET['id']));

    session_unset();
    session_destroy();
    header('Location: /PHP/index.php?page=ban');
    exit;
}

if (isset($_POST['admin_btn'])) { 
    $sql = "UPDATE
            t_user_info
            SET user_level  = 1
            WHERE id = :id";

    $query = $conn->prepare($sql);
    $query ->execute(array(':id'=>$_GET['id']));
    header('Location: /PHP/index.php?page=admin');
    exit;
}

if (isset($_POST['member_btn'])) { 
    $sql = "UPDATE t_user_info
            SET user_level  = 2 
            WHERE id = :id";

    $query = $conn->prepare($sql);
    $query ->execute(array(':id'=>$_GET['id']));
    header('Location: /PHP/index.php?page=member');
    exit;
}

?>

Ohh!! also made same for **user_level = 1** .... What is dude, just mention at once. — Shahzad Barkati, Nov 04 '15 at 12:31

PHP - identify user by url id

1 Answers1