[PHP HELP] User Rank

[bodge]

Hello Devbest, I am trying to code a rank system like Habbo for example if a user rank is 3 then it shows links. Here is what I've done, but it doesn't work :S

Rank code

$rank = mysql_query("SELECT rank FROM users WHERE id = '".$_SESSION['id']."'") or die(mysql_error());

PHP code

<?php if ($rank > 3) echo "lol"; ?>

Users which have a rank id of 1 and 2 can see the echoed "lol" which I don't want them to see, I only want that for users with rank 3.

 

[Markshall]

I think you'd have to do:

<?php
$rank = mysql_result(mysql_query("SELECT `rank` FROM `users` WHERE `id` = '" . $_SESSION['id'] . "'"), 0) or die(mysql_error());
if ($rank > 3) {
    echo 'lol';
}
?>

Another thing you should do is sanitize your $_SESSION variables, you can do this in a global file and then include it into each PHP file where you will be using a database query. This is because I'm sure users can change $_SESSION data and change it to be able to do SQL injections. Either that or look into

You must be registered for see links

and specifically check out prepared statements.

I usually create a class aimed at users and create a method called getRow or something which accepts 2 parameters, the user ID and the row to fetch a value from, the method will then return the value of the row, if any.

 

[bodge]

I think you'd have to do:

<?php
$rank = mysql_result(mysql_query("SELECT `rank` FROM `users` WHERE `id` = '" . $_SESSION['id'] . "'"), 0) or die(mysql_error());
if ($rank > 3) {
    echo 'lol';
}
?>

Another thing you should do is sanitize your $_SESSION variables, you can do this in a global file and then include it into each PHP file where you will be using a database query. This is because I'm sure users can change $_SESSION data and change it to be able to do SQL injections. Either that or look into

You must be registered for see links

and specifically check out prepared statements.

I usually create a class aimed at users and create a method called getRow or something which accepts 2 parameters, the user ID and the row to fetch a value from, the method will then return the value of the row, if any.

This just showed up blank, but thanks anyway.
If it helps here's my stricture for `ranks`

ALTER TABLE  `users` CHANGE  `rank`  `rank` INT( 11 ) UNSIGNED NOT NULL DEFAULT  '1'

 

[Markshall]

This just showed up blank, but thanks anyway.
If it helps here's my stricture for `ranks`

ALTER TABLE  `users` CHANGE  `rank`  `rank` INT( 11 ) UNSIGNED NOT NULL DEFAULT  '1'

Try doing 'echo $rank;' then and see what $rank is equal to.

 

[bodge]

Try doing 'echo $rank;' then and see what $rank is equal to.

I just got

Resource id #4

 

[Ecko]

I just got

Resource id #4

You must be registered for see links

For SELECT, SHOW, DESCRIBE, EXPLAIN and other statements returning resultset, mysql_query() returns a resource on success, or FALSE on error

$row = mysql_fetch_assoc(mysql_query("SELECT `rank` FROM `users` WHERE `id` = '" . $_SESSION['id'] . "'"), 0) or die(mysql_error());
echo $row['rank'];