i am trying to grant access to certain parts of my site by using user flags, and have run into a problem. even though that some of the flags are true it still errors. here is the code $query = mysql_query("SELECT * FROM bts_users WHERE username = '$_SESSION[username]'", $l) or die(mysql_error()); while ($result = mysql_fetch_array($query)) { $user_flag = $result[f1]; $admin_flag = $result[f2]; $writer_blog_flag = $result[f3]; $writer_picks_flag = $result[f4]; $writer_eyeforeye_flag = $result[f5]; } $status = $_SESSION['status']; if (!$status || $status != "Administrator" || $status != "Writer" || $status != "Moderator" || $user_flag != "true" || $admin_flag != "true" || $writer_blog_flag != "true" || $writer_picks_flag != "true" || $writer_eyeforeye_flag != "true") { $e = "Error: You don't have access to this page... you will now be redirected."; } PHP:
Your convention may confuse some coders, as you typically use a variable called $query inside of mysql_query, $result from that, and $row from a fetch. A couple of things: 1) What did you do for error debugging, did you check the output of $_SESSION[username] to make sure its correct (btw I think you're supposed to '".$_SESSION['username']."' , not include it in the string like that otherwise you're literally telling it to find a username starting with $_SESS...) 2) does the variable $l exists (Was there a connection made of that name before?) 3) you repetitively do not put quotes around your bracket value. For example $result[f1] means find a result that has a key that matches the value of a constant f1, it needs to be $result['f1'] if your field name was f1. You at least did it correctly with $_SESSION['status']. 4) Try putting each condition in ( ) , meaning ((!$status) || ($status != "Administrator") || ($status != "Writer") ... and so forth it falls back to old school math's "order of operations".
i don't think $result[f1] means a constant, as far as i have experienced it can be written with or without quotes (meaning an array key index). your comparisons of strings and booleans (!= 'true' vs !== true or === true) are ambiguous, correct them by referring to http://www.php.net/manual/en/types.comparisons.php. for example, i doubt very much that if you were to var_dump($user_flag) you would be returned the result (string) "true". instead you should get (bool)true. so be careful how you compare. and use !== instead, cuts down on all the confusion, i think!
Turn on error_reporting(E_ALL); and watch the errors pile up from missing constants where you've forgotten to put single quotes...