Hi,
I have a script to fetch data from mysql into PHP.

I've logged in a user, using first and second names which are sent as session variables.
I then need to confirm he/she has admin rights, which is recorded in a field on the database.

So the PHP looks like this:
PHP Code:
<?php
session_start
();
if((!
$_SESSION["first_name"])&&(!$_SESSION["second_name"])){
header("location:login.php");
}
//DB login
    
require_once('mysql_login.php');
    
$query "SELECT * FROM cast WHERE fname='$_SESSION[first_name]' and sname='$_SESSION[second_name]'";
    
$result=mysql_query($sql) or die(mysql_error());
$newArray mysql_fetch_array($result);
$level $newArray['role'];
if (
$level=="admin")    {
echo 
"Sorry, you need to be an admin to access this page";
}
?>
...which is returning a "query was empty" message.

The variables were registered on a different login page as:
PHP Code:
$myfirstname=$_POST['myfirstname'];
$mysecondname=$_POST['mysecondname'];
$_SESSION[first_name] = $myfirstname;
$_SESSION[second_name] = $mysecondname
Hints or pointers - all appreciated!