Jump to content

[SOLVED] update mystery???

pgrevents

By pgrevents
in MySQL Help

 Share

Recommended Posts

pgrevents Member

pgrevents

Posted
Posted

Hi again hit a stumbling block for some reason my mysql wont update.

 

It is an email activation code and I know that the variables are getting passed as there is an if statement verifying that there is a result based on variables passed here is the php code

 

<?php
// Grab url get
$accode = $_GET['code'];
$em = $_GET['email'];
$un = $_GET['username'];

//CONNECTION
include('../always/comms/data.php');
mysql_connect($dbhost, $dbuser, $dbpass) or die                      ('Error connecting to database');

$dbname = 'iam_user';
mysql_select_db($dbname);


$query = "SELECT * FROM activation WHERE ac = '$accode' AND email = '$em' "; 
$loginres = mysql_query($query);
$numrows = mysql_num_rows($loginres);
if ($numrows > 0)
{

mysql_query("UPDATE user_name SET active = 'yes' WHERE iamlink = '$accode' AND username = '$un' AND email = '$em' ");
mysql_query("UPDATE activtion SET activated = 'yes' WHERE ac = '$accode' AND email = '$em'");
header('Location:../registration/?reg=choose');
}
else
{

  header('Location:../registration/?reg=wrongcode');
}


?>

 

Any suggestions?

 

thanks for your help :)

Link to comment
https://forums.phpfreaks.com/topic/159626-solved-update-mystery/
Share on other sites
kevinkorb Member

kevinkorb

Posted
Posted

Try this and see if it helps you out.

 

<code>

<?php

// Grab url get

$accode = $_GET['code'];

$em = $_GET['email'];

$un = $_GET['username'];

 

//CONNECTION

include('../always/comms/data.php');

mysql_connect($dbhost, $dbuser, $dbpass) or die                      ('Error connecting to database');

 

$dbname = 'iam_user';

mysql_select_db($dbname);

 

 

$query = "SELECT * FROM activation WHERE ac = '$accode' AND email = '$em' ";

$loginres = mysql_query($query);

$numrows = mysql_num_rows($loginres);

if ($numrows > 0)

{

 

$result =mysql_query("UPDATE user_name SET active = 'yes' WHERE iamlink = '$accode' AND username = '$un' AND email = '$em' ");

echo mysql_affected_rows($result)." Affected rows for $accode - $un - $em";

$result = mysql_query("UPDATE activtion SET activated = 'yes' WHERE ac = '$accode' AND email = '$em'");

echo mysql_affected_rows($result)." Affected rows for Activation $accode - $em";

//header('Location:../registration/?reg=choose');

}

else

{

 

//header('Location:../registration/?reg=wrongcode');

}

 

 

?>

</code>

pgrevents Member

pgrevents

Posted
  • Author
Posted

Sure

 

What is happening is users who have signed up get an activation email they click on the link and the link brings them to this page.

 

Now the script grabs the data from the url and then checks if it is an actual actual code. That is where the first SELECT query is used. If there is a code then i want it to update the user_name and set active to yes (plays part of the login script) and sets activation table to yes so if a user trys to activate again then the user is taken to a page that says already activated etc (not done that part yet)

 

So I am trying to update 2 tables :)

kevinkorb Member

kevinkorb

Posted
Posted

Another thing you need to look out for is escaping your data.  Since you're getting data from the user $_GET etc.

 

Escape that using...

 

$accode = mysql_real_escape_data($_GET['code']);

$em = mysql_real_escape_data($_GET['email']);

$un = mysql_real_escape_data($_GET['username']);

 

Then they can't use 'SQL Injection'

pgrevents Member

pgrevents

Posted
  • Author
Posted

i used your code and got a print out of the variables i am trying to pass

 

output;

Affected rows for 37e48acbb43dda0568b8867381227f12 - testusername - testemail

Affected rows for Activation 37e48acbb43dda0568b8867381227f12 - testemail

 

ps i am not a programmer by any sorts just trying to do what i can :)

kevinkorb Member

kevinkorb

Posted
Posted

It is saying that it's not updating your rows.  Check your user_name table to make sure that it has those values.

 

SELECT * FROM  user_name  WHERE iamlink = '37e48acbb43dda0568b8867381227f12' AND username = 'testusername' AND email = 'testemail'

 

When you run this, do you get any rows back?

pgrevents Member

pgrevents

Posted
  • Author
Posted

see i thought that but its in an if statement that checks to see if there is a row with those details there. i have tested it with values in the table and values that arent in the table and the if statement works which leads me to think that the details in the update are correct

gnawz Regular Member

gnawz

Posted
Posted

try putting variables lie you did on the select

 

$loginres = mysql_query($query);
$numrows = mysql_num_rows($loginres);

 

else, tell us what error(s) you get.

If it is a blank page,

 

check if your form(s) and code have the same variables, ie $_GET or $_POST and/or your database table names

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.