Can not find the problem

[unistake]

I can not find the problem with this script I wrote.

 

I am trying to show a web page provided that the $_GET['reg'] is registered by the user.

 

I am trying to check that the $_GET['reg'] is registered by the user before the page with specific details is shown.

 

For some reason even if the email address equals the email address in the DB the output still shows:

<?php echo "I am sorry but this '$_GET[reg]' does not seem to be registered by you!"; ?>

 

Can anyone see where I am going wrong - there is more than one 'reg' for each email address in the DB.

 

Thanks

 

 

<?php

$email = $_POST['email'];

$sql = "SELECT reg FROM sales WHERE email='$email'";
$result = mysqli_query($cxn,$sql)
	or die ("Couldn't execute query");
$data = array(); //This way we can hold multiple results
    $i = 0; //The index of the array to add the result to

while($row = mysqli_fetch_assoc($result))
       {
	if ($row['reg'] == $_GET['reg'] )
		{ //Why use two if statements?
			$data[$i] = $row['reg'];
			$i++; //increase the array index for the next while loop	
		}			
	else 
		{
			echo "I am sorry but this '$_GET[reg]' does not seem to be registered by you!";
			exit();
		}
	} 

// THIS IS WHERE THE PAGE CONTENT IS ......................
?>

[litebearer]

where are you setting the value of the $_GET['reg']?

[unistake]

in the link such as www.website.com/index.php?reg=test

[litebearer]

do a simple test of variable values...

echo $_GET['reg'] . "<br>:;
echo $_POST['email'];

and see what values are there

[unistake]

Just tested them. Both the values are exactly what they should be and are the same as in the database.

 

I think my actual php format is somehow wrong.

[litebearer]

Are there multiple occurences of matching email/reg in the database?

ie. several records have the exact same email AND reg

[unistake]

Hi Litebearer,

 

No there are multiple 'email' but there are no rows where the 'email' and 'reg' are the exact same.

 

I have just changed the database entries so that one 'email' is only associated with one 'reg'.

 

This solved the problem so I think it must be to do with having two rows with the same 'email'.

 

Any ideas?

 

Thanks

[litebearer]

Your logic seems to be saying...

See if there is a database record where variable_email_content AND variable_reg_content are in the record

If that is the case, adjust your query as follows

$sql = "SELECT reg FROM sales WHERE email='$email'";

then simply count the number of rows returned by your result.

if there are NO rows - say sorry

if there is 1 row - you are good to go

if there are more than 1 rows - houston we have a problem

 

[unistake]

yeah that seems to be it!

 

Do you know how houston can correct this problem, they are usually good at this sorta stuff!

[litebearer]

Oops, left a piece out...

$email = $_POST['email'];
$reg = $_GET['reg'];
$sql = "SELECT reg FROM sales WHERE email='$email' AND reg='$reg'";

[unistake]

That works BUT,

 

If I type any name 'reg' as a variable into the link, it comes up with the information to do with that 'reg'.

 

It does not stop saying echo "I am sorry but this '$_GET[reg]' does not seem to be registered by you!"; - as it should do.

 

The code I have now is:

 

<?php
        $email = $_POST['email'];
$reg = $_GET['reg'];
$sql = "SELECT reg FROM sales WHERE email='$email' AND reg='$reg'";
$result = mysqli_query($cxn,$sql)
	or die ("Couldn't execute query");
$data = array(); //This way we can hold multiple results
    $i = 0; //The index of the array to add the result to

while($row = mysqli_fetch_assoc($result))
       {
	if ($row['reg'] == $_GET['reg'] )
		{	
			$data[$i] = $row['reg'];
			$i++; //increase the array index for the next while loop
		}			
	else 
		{
			echo "I am sorry but this '$_GET[reg]' does not seem to be registered by you!";
			exit();
		}
	} 

?>

 

[litebearer]

can you post the code that sets the reg and email variables (entire code)

[unistake]

The reg is just entered in the link like www.page.com/?reg=test and the $email variable is just = $_SESSION['name'];

 

I think I may be going about this problem in a complicated way.

 

If you can see the problem please say - I am thinking of other ways around the problem

 

Thanks for you help.

 

[premiso]

First up what is the point of checking if $row['reg'] == $_GET['reg'] ???  Of course they will be equal, MySQL would not have pulled it out any other way, so I would remove that check.

 

Here is an updated version of your code, complete with SQL Injection prevention.

 

<?php
    // Escapes the values to prevent SQL Injection, if set, else set to null
    $email = !empty($_POST['email']) ? mysqli_real_escape_string($cxn, $_POST['email']):null;
$reg = !empty($_GET['reg']) ? mysqli_real_escape_string($cxn, $_GET['reg']):null;

    if (!empty($reg) && !empty($email)) {
    	$sql = "SELECT reg FROM sales WHERE email='$email' AND reg='$reg'";
    $result = mysqli_query($cxn,$sql)
    	or die ("Couldn't execute query sales statement");

        $data = array(); //This way we can hold multiple results

    while($row = mysqli_fetch_assoc($result)) {
    	$data[] = $row['reg'];
    } 
    }else {
        echo 'Sorry, Reg and Email are required to process.';
    }

?>

 

I did not read through the entire thread, but will do that now to see if that was the problem or not. 

 

EDIT

The problem was with that if Statment. Chances are your MySQL database is setup to be Case Insensitive, meaning that it would match  A  and a as if they were equal. PHP is CaSe SeNSiTiVe on checks, thus if one character was upper case or lower case and was not that way in the database, it would fail. That would be my guess as to why your code never worked to begin with.

[unistake]

Ok I have tried to put that script in but it displays a blank page.

 

There is quite a bit there that I do not understand.

 

will get back shortly!

[premiso]

Ok I have tried to put that script in but it displays a blank page.

 

There is quite a bit there that I do not understand.

 

will get back shortly!

 

Well yea, you have to something with the $data array to display data or else it will be blank.

 

To save you some looking up the ? :  is the ternary operator.