Going insane with something simple

[knobby2k]

Hi guys,

 

I am going nuts with this!

 

It HAS to be something dead simple but I can't seem to see what is staring me in the face.

 

Basically I have made a registration form and when complete you are emailed a link to click on.

When you click on the link you go to a new page. The page takes the email address and the verification code from the URL via _GET. The database is then queried for a match of the email address AND the verification code, if there is a relevant record then success is displayed otherwise unsuccessful is displayed.

 

Code:

$email = strip_tags(htmlentities($_GET['email']));
$code = strip_tags(htmlentities($_GET['code']));

// confirm the variables hold the correct data
echo "email: $email and code: $code";

$query = "SELECT * from userdb WHERE email='$email' AND code ='$code'";

if (mysql_query($query))
{	
echo	"success";
}
else
{
echo "unsuccessful";
}						

 

My problem is this query is always returning 'success'... even when the code and/or email does not match what is in my database?

 

What am i missing?

 

Thanks

[jcbones]

You should be checking mysql_num_rows(), as even an unsuccessful (returned 0 rows) query will return a result resource.

[PFMaBiSmAd]

if (mysql_query($query))

 

^^^ That's testing if the query executed without any ERRORS (i.e. a connection problem, a syntax error, a miss typed table/column name.)

 

That doesn't test if the query matched any rows or not. See - mysql_num_rows

[knobby2k]

Excellent, i'll give that a go.

 

Cheers lads