Hi guys, Please could you help me. I have a problem with the if and elseif variable. When I added the $username and $password method, i can get access to the database and extract the info, but when I added the $add and $country method at the end of the addressbar, it did not print out of the echo on my php page like this: "Ok let add to the database". It keep getting access to the database and extract the info which it did not pass on if variable. Here's the code: <?php session_start(); define('DB_HOST', 'localhost'); define('DB_USER', 'mydbusername'); define('DB_PASSWORD', 'mypassword'); define('DB_DATABASE', 'mydbname'); $errmsg_arr = array(); $errflag = false; $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($var){ return mysql_real_escape_string(strip_tags($var)); } $username = clean($_GET['user']); $password = clean($_GET['pass']); $add = clean($_GET['add']); $country = clean($_GET['country']); if($username == '' && $password == ''){ // both are empty $errmsg_arr[] = 'Username or password is missing.'; $errflag = true; } if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; echo implode('<br />',$errmsg_arr); } else { $insert = array(); if(isset($_GET['user'])) { $insert[] = 'user = \'' . clean($_GET['user']) .'\''; } if(isset($_GET['pass'])) { $insert[] = 'pass = \'' . clean($_GET['pass']) . '\''; } if(isset($_GET['add'])) { $insert[] = 'add = \'' . clean($_GET['add']) . '\''; } if(isset($_GET['country'])) { $insert[] = 'country = \'' . clean($_GET['country']) . '\''; } if (count($insert)>0) { $names = implode(',',$insert); } if(isset($username) && isset($password)) { $qrytable1="SELECT id, image, name, country FROM members WHERE username='$username'"; $result1=mysql_query($qrytable1) or die('Error:<br />' . $qry . '<br />' . mysql_error()); while ($row = mysql_fetch_array($result1)) { echo "<p id='image'>"; echo $row['image'] . "</p>"; echo "<p id='name'>"; echo $row['name'] . "</p>"; echo "<p id='country'>"; echo $row['country'] . "</p>"; } } elseif(isset($add) && isset($country)) { echo "Ok let add to the database"; } } ?> PHP: What I am trying to achieve: if I input the $username and $password without include the $add, $country and whatever it goes without after the $password then get access to the db and extract the info. http://www.mysite.com/myscript?user=test&pass=test Code (markup): So, if I add the $add and $country or more methods that come after the $password, then don't get access to the database, just pass out with the if variable and print out the echo of "Ok, let add some database details". http://www.mysite.com/myscript?user=test&pass=test&add&country=whatever&whateveriadditonhereattheend Code (markup): Hope you can help me with this. Thanks in advance.
I hope this helps solve your issue. If the user/pass aren't set, the script dies. If they are, but add/country aren't set, it echo's out the table. If add/country are set, it inserts the new records (echo statement right now) <?php session_start(); define('DB_HOST', 'localhost'); define('DB_USER', 'mydbusername'); define('DB_PASSWORD', 'mypassword'); define('DB_DATABASE', 'mydbname'); if(!$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD)) { die('Failed to connect to server: ' . mysql_error()); } if(!mysql_select_db(DB_DATABASE) { die('Unable to select the database.'); } $username = filter_input(INPUT_GET, 'user', FILTER_SANITIZE_STRING); $password = filter_input(INPUT_GET, 'pass', FILTER_SANITIZE_STRING); $add = filter_input(INPUT_GET, 'add', FILTER_SANITIZE_STRING); $country = filter_input(INPUT_GET, 'country', FILTER_SANITIZE_SPECIAL_CHARS); if(empty($username) || empty($password)) { die('Username or password missing.'); } // EVERYTHING PAST THIS POINT HAS USER/PASS SET. $insert = array(); if(!empty($username)) { $insert[] = "user = '{$username}'"; } if(!empty($password)) { $insert[] = "pass = '{$password}'"; } if(!empty($add)) { $insert[] = "add = '{$add}'"; } if(!empty($country)) { $insert[] = "country = '{$country}'"; } if(count($insert) > 0) { $names = implode(',',$insert); } if(empty($add) && empty($country)) { $qrytable1 = "SELECT `image`, `name`, `country` FROM `members` WHERE `username` = '{$username}';"; $result1 = mysql_query($qrytable1) or die('Error:<br />' . $qry . '<br />' . mysql_error()); while ($row = mysql_fetch_assoc($result1)) { echo '<p id="image">'.$row['image'].'</p>'; echo '<p id="name">'.$row['name'].'</p>'; echo '<p id="country">'.$row['country'].'</p>'; } } else { echo "Ok let add to the database"; } PHP: