-1

I have a problem with this code. Apparently when I run at Localhost the code run well. But when I put it online, it only read second and last statement only.

here's the code:

        $a = $_SESSION['login_employee_no'];

        $sql = "SELECT * FROM table WHERE id='$id'";
        $result = mysqli_query($link,$sql);
        $row = mysqli_fetch_assoc($result);
        $authno = $row['authno'];
        $supervisor = $row['supervisor'];

        if ($a == $authno && $supervisor !== ""){
            echo "<script>alert('Already verified by $supervisor ;(');
            document.location='javascript:history.go(-1)'</script>";
            
        }

        else if ($authno == "") {
            echo "<script>window.location.href='workpack-add-remarks-user.php?id=$id'</script>";
        }

        else if ($authno == $a) {
            echo "<script>window.location.href='workpack-add-remarks-user.php?id=$id'</script>";
        }

        else if ($authno !== $a) {
            echo "<script>alert('Id not same ;(');
            document.location='javascript:history.go(-1)'</script>";
        }

Supposedly, when user have the same ID with $authno, it should go to the next page but it echo "id not same".

I appreciate your help.

Qaid
  • 3
  • 1
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Apr 13 '23 at 10:32

1 Answers1

0

Almost surely online you have different data, so $authno is not == $a and is not == "" Check the content of $a and $authno with var_dump() before entering in the if

Pippo
  • 2,173
  • 2
  • 3
  • 16