0

How can i retrieve selected value of the 'level' column from the table VBmembers to set it as $level variable?

    session_start();

if (isset($_SESSION['user']))
{
    $user = $_SESSION['user'];
    $query = "SELECT level FROM VBmembers WHERE user='$user'";
    $level = queryMysql($query);
    $loggedin = TRUE;
}
else $loggedin = FALSE;

queryMysql function code

function queryMysql($query)
{
    $result = mysql_query($query) or die ('ivalid query: ' . mysql_error());
    return $result;
}
Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
Vano
  • 3
  • 3
  • [Your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Jay Blanchard Nov 20 '15 at 14:05
  • 2
    If you can, you should [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really not hard](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Nov 20 '15 at 14:05

1 Answers1

1

You need a couple of more steps, most importantly fetching the data in a usable way from the result:

$user = $_SESSION['user'];
$query = "SELECT level FROM VBmembers WHERE user='$user'";
$result = queryMysql($query);
$row = mysql_fetch_array($result);
$level = $row['level'];
$loggedin = TRUE;

As I stated in comments, your script is at risk for SQL Injection Attacks.

If you can, you should stop using mysql_* functions. These extensions have been removed in PHP 7. Learn about prepared statements for PDO and MySQLi and consider using PDO, it's really not hard.

Community
  • 1
  • 1
Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119