0

I am struggling with what should be a simple query and despite internet searches etc I haven't been able to find something that works. Here is my code - 

<?php require_once('../Connections/spotting.php');  
include_once ("../auth.php"); 
include_once ("../authconfig.php"); 
include_once ("../check.php"); 

$username = $check["uname"];
$query = "SELECT * FROM spotting WHERE uname='$username'";
$result = mysql_query($query) or die ('unable to run R1: ' .mysql_error());
$count = mysql_num_rows($result);

$query2 = "SELECT spots FROM authuser WHERE uname='$username'";
$result2 = mysql_query($query2) or die ('unable to run R2: ' .mysql_error());
$spotval = $result2['spots'];

echo "you have $count Records </p>" ;

if($count==$result2) 
{
   header( 'Location: http://www.mysite.co.uk/upgrade.php' ) ;
}
else {
echo "You are below your limit $result2";
}
?>

can anyone point me in the direction please?

David Cummings
  • 47
  • 8
  • 1
    ***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Jul 10 '17 at 12:34
  • 1
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Jul 10 '17 at 12:34
  • `$result2 = mysql_query($query2)` its not getting total records. You should use `$count1 = mysql_num_rows($result2);` and then `if($count == $count1)` – urfusion Jul 10 '17 at 12:35
  • Do a `print_r($result2);` to see what it contains. In addition, this looks like a place where you can do a single query with a JOIN. – Jay Blanchard Jul 10 '17 at 12:36
  • `echo "you have $count Records " ` and then `header("Location")` == "headers already sent" error. – apokryfos Jul 10 '17 at 12:37
  • 1
    [Why is "point me in the right direction" is not an actual question.](https://meta.stackexchange.com/questions/226103/are-point-me-in-the-right-direction-questions-acceptable) – Jay Blanchard Jul 10 '17 at 12:37
  • @DavidCummings you are comparing `array $result2['spots']` with `$count` as `if($count==$result2) ` this seems unfimilar to me – Pavan Baddi Jul 10 '17 at 12:37
  • What exactly is the error ? Also, as "apokryfos" mentioned, if you are going to use the `header` function then make sure not to echo anything before that. – Himal Jul 10 '17 at 12:48
  • For instance the user "David" has 3 records, his limit is 3 records. At the point the script detects David trying to input another record,e.g. the fourth record it should redirect. However at the minute its not comparing the two. If i change if($count==$result2) to if($count==3) it works as I would expect it to. – David Cummings Jul 10 '17 at 13:10
  • @DavidCummings : please check the answer I have written. – urfusion Jul 10 '17 at 13:12

3 Answers3

1

According to the code you are comparing total record of first query with the records off the second query.

You should do

//OLD code
$result2 = mysql_query($query2) or die ('unable to run R2: ' .mysql_error());
$count1 = mysql_num_rows($result2); 
if($count == $count1)

According to your comment you should do following changes

 if($count == $spotval)

and for header already sent issue. remove echo "you have $count Records </p>" ;. Because there is no need for this if you are redirecting the page.

urfusion
  • 5,528
  • 5
  • 50
  • 87
  • the value of 'spots' in the authuser table is a int(10) for instance David is allowed 10 spots in the spotting table - when he hits this limit he should be transferred to a dffierent page - does that make sense? This value for other users, lets say Urfusion is allowed 50 spots in the spotting table, once Urfusion hits that figure gained from the authuser table it should then re-direct him. – David Cummings Jul 10 '17 at 13:29
  • @DavidCummings : check the updated answer. – urfusion Jul 10 '17 at 13:38
  • Glad to know that. – urfusion Jul 10 '17 at 14:09
1

if you just want to redirect to another page try this: echo "<script>window.location.assign('goToThisPage.html');</script>"

Rence
  • 124
  • 7
  • `header( 'Location: http://www.mysite.co.uk/upgrade.php' ) ;` will work fine there is no need for changing. Issue is with the `if` condition. – urfusion Jul 10 '17 at 13:19
  • from what I can see, your `$count` is the result of `mysql_num_rows` which is an integer. Then your `$result2` is an array(which you used as `$result2['spots']`) . So if you would like to use it for an `if` condition try to get the size of the array using `sizeof()` or use the `mysql_num_rows` like this `$count2 = mysql_num_rows($results2)` then compare `if($count == $count2)` – Rence Jul 10 '17 at 13:50
  • If a warning will come up use my code for redirecting. – Rence Jul 10 '17 at 13:51
1

Try getting number of rows for second query and do the check

<?php require_once('../Connections/spotting.php');  
include_once ("../auth.php");   
include_once ("../authconfig.php"); 
include_once ("../check.php");  

$username = $check["uname"];
$query = "SELECT * FROM spotting WHERE uname='$username'";
$result = mysql_query($query) or die ('unable to run R1: ' .mysql_error());
$count = mysql_num_rows($result);

$query2 = "SELECT spots FROM authuser WHERE uname='$username'";
$result2 = mysql_query($query2) or die ('unable to run R2: ' 
.mysql_error());

$spotval = $result2['spots'];
$count2 = mysql_num_rows($result2);

echo "you have $count Records </p>" ;

if($count==$count2) 
{
   header( 'Location: http://www.mysite.co.uk/upgrade.php' ) ;
}
else {
  echo "You are below your limit $result2";
}
?>
Torrezzzz
  • 307
  • 2
  • 13
  • This will show a warning if the condition is met. something like, "Warning: Cannot modify header information - headers already sent by...". [Read more](https://stackoverflow.com/a/8028987/1189040) – Himal Jul 10 '17 at 12:52