Jump to content

Recommended Posts

I can not find the problem with this script I wrote.

 

I am trying to show a web page provided that the $_GET['reg'] is registered by the user.

 

I am trying to check that the $_GET['reg'] is registered by the user before the page with specific details is shown.

 

For some reason even if the email address equals the email address in the DB the output still shows:

<?php echo "I am sorry but this '$_GET[reg]' does not seem to be registered by you!"; ?>

 

Can anyone see where I am going wrong - there is more than one 'reg' for each email address in the DB.

 

Thanks

 

 

<?php

$email = $_POST['email'];

$sql = "SELECT reg FROM sales WHERE email='$email'";
$result = mysqli_query($cxn,$sql)
	or die ("Couldn't execute query");
$data = array(); //This way we can hold multiple results
    $i = 0; //The index of the array to add the result to

while($row = mysqli_fetch_assoc($result))
       {
	if ($row['reg'] == $_GET['reg'] )
		{ //Why use two if statements?
			$data[$i] = $row['reg'];
			$i++; //increase the array index for the next while loop	
		}			
	else 
		{
			echo "I am sorry but this '$_GET[reg]' does not seem to be registered by you!";
			exit();
		}
	} 

// THIS IS WHERE THE PAGE CONTENT IS ......................
?>

Link to comment
https://forums.phpfreaks.com/topic/215933-can-not-find-the-problem/
Share on other sites

Hi Litebearer,

 

No there are multiple 'email' but there are no rows where the 'email' and 'reg' are the exact same.

 

I have just changed the database entries so that one 'email' is only associated with one 'reg'.

 

This solved the problem so I think it must be to do with having two rows with the same 'email'.

 

Any ideas?

 

Thanks

Your logic seems to be saying...

See if there is a database record where variable_email_content AND variable_reg_content are in the record

If that is the case, adjust your query as follows

$sql = "SELECT reg FROM sales WHERE email='$email'";

then simply count the number of rows returned by your result.

if there are NO rows - say sorry

if there is 1 row - you are good to go

if there are more than 1 rows - houston we have a problem ;)

 

That works BUT,

 

If I type any name 'reg' as a variable into the link, it comes up with the information to do with that 'reg'.

 

It does not stop saying echo "I am sorry but this '$_GET[reg]' does not seem to be registered by you!"; - as it should do.

 

The code I have now is:

 

<?php
        $email = $_POST['email'];
$reg = $_GET['reg'];
$sql = "SELECT reg FROM sales WHERE email='$email' AND reg='$reg'";
$result = mysqli_query($cxn,$sql)
	or die ("Couldn't execute query");
$data = array(); //This way we can hold multiple results
    $i = 0; //The index of the array to add the result to

while($row = mysqli_fetch_assoc($result))
       {
	if ($row['reg'] == $_GET['reg'] )
		{	
			$data[$i] = $row['reg'];
			$i++; //increase the array index for the next while loop
		}			
	else 
		{
			echo "I am sorry but this '$_GET[reg]' does not seem to be registered by you!";
			exit();
		}
	} 

?>

 

The reg is just entered in the link like www.page.com/?reg=test and the $email variable is just = $_SESSION['name'];

 

I think I may be going about this problem in a complicated way.

 

If you can see the problem please say - I am thinking of other ways around the problem

 

Thanks for you help.

 

First up what is the point of checking if $row['reg'] == $_GET['reg'] ???  Of course they will be equal, MySQL would not have pulled it out any other way, so I would remove that check.

 

Here is an updated version of your code, complete with SQL Injection prevention.

 

<?php
    // Escapes the values to prevent SQL Injection, if set, else set to null
    $email = !empty($_POST['email']) ? mysqli_real_escape_string($cxn, $_POST['email']):null;
$reg = !empty($_GET['reg']) ? mysqli_real_escape_string($cxn, $_GET['reg']):null;

    if (!empty($reg) && !empty($email)) {
    	$sql = "SELECT reg FROM sales WHERE email='$email' AND reg='$reg'";
    $result = mysqli_query($cxn,$sql)
    	or die ("Couldn't execute query sales statement");

        $data = array(); //This way we can hold multiple results

    while($row = mysqli_fetch_assoc($result)) {
    	$data[] = $row['reg'];
    } 
    }else {
        echo 'Sorry, Reg and Email are required to process.';
    }

?>

 

I did not read through the entire thread, but will do that now to see if that was the problem or not. 

 

EDIT

The problem was with that if Statment. Chances are your MySQL database is setup to be Case Insensitive, meaning that it would match  A  and a as if they were equal. PHP is CaSe SeNSiTiVe on checks, thus if one character was upper case or lower case and was not that way in the database, it would fail. That would be my guess as to why your code never worked to begin with.

Ok I have tried to put that script in but it displays a blank page.

 

There is quite a bit there that I do not understand.

 

will get back shortly!

 

Well yea, you have to something with the $data array to display data or else it will be blank.

 

To save you some looking up the ? :  is the ternary operator.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.