"; echo "DEBUG Parameter id: ". $id . "
"; echo "DEBUG Parameter course: ". $course . "
"; } // Steve is faculty member and therefore can view any student grades // Otherwise, logged in user can only access their grades if (strcmp($_COOKIE['user_name'],"steve")==0 || strcmp($_COOKIE['user_name'],$id)==0) { $db_handle = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname) or die ('Error connecting to mysql'); // If course code is not empty, then add that as query if (empty($course)) { $query = "SELECT * FROM coursegrades WHERE studentid = '$id' ORDER BY coursecode, studentid"; } else { $query = "SELECT * FROM coursegrades WHERE studentid = '$id' AND coursecode = '$course' ORDER BY studentid"; } if ($debugattack) { echo "DEBUG Query: ". $query . "
"; } // Run query $result = mysqli_query($db_handle, $query); // No current grades if (!$result || mysqli_num_rows($result) < 1) { echo "

You have no grades at the moment.

"; // Show grades } else { echo "

The grades are:

"; echo ""; } mysqli_close($db_handle); } else { echo "

You can only view your own grades.

"; } echo "

View grades

"; echo "

Go home

"; echo "

Logout

"; } else { header("Location: index.php"); } siteFooter(); ?>