mysql_query update

Question

I have a script which runs when a user hits the 'reject' button on some terms. When it runs it should revoke the access rights to the particular area, for some reason the script doesn't work- as in it doesn't update the MYSQL DB nor do I get die error.

$username =  $_SESSION["USER"]["Username"]; 

mysql_connect("x", "y", "z") or die(mysql_error()); 
mysql_select_db("database") or die(mysql_error()); 
mysql_query("UPDATE `users` SET `SeceretArea`='Unauth' WHERE `Username`='$username'") or die(mysql_error());

Answer 1

ANSWER UPDATED TO SUM UP DEBUGGING PROCESS.

If there is no error, then there are three possibilities as to why the database entry isn't happening:

• There is no entry in your table where the USERNAME column is equal to $database.
• There is no value being passed to $database.
• There is a value being passed to $database, but that value isn't being replaced into the query.

From my personal experience, mysql_query() doesn't necessarily substitute variable values in before executing the query. Create the query string first into a variable, then pass it to mysql_query(). Your current setup doesn't replace $username with its value. What you can do is this:

...
$sql = "UPDATE `users` SET `SeceretArea`='Unauth' WHERE `Username`='$username'";
mysql_query($sql) or die(mysql_error());

Apart from that, check your table to make sure that there is a row with the value you want in USERNAME. var_dump() your $username to see if it's the value that you intended.

Also, you really should consider switching to either mysqli or PDO. If you don't want to migrate to an object module, you can use mysqli's procedural functions.