Jump to content

SQL Query help?

RaythMistwalker

By RaythMistwalker
in PHP Coding Help

 Share

Recommended Posts

RaythMistwalker Regular Member

RaythMistwalker

Posted
Posted 

If ($_GET['CODE'] == '2') {
    $MemId = $_GET['memid'];
    $CurrentGroupQry = "SELECT * FROM ".MEMBER_PROFILE_TABLE." WHERE user_id='".$MemId."'";
    $CurrentGroupRes = mysql_query($CurrentGroupQry, $db);
    $CurrentGroup = mysql_result($CurrentGroupRes, 0, 'Group');
    If ($CurrentGroup == '4') {
        $UpdateQuery = "UPDATE ".MEMBER_PROFILE_TABLE." SET Group='3' WHERE user_id='".$MemId."';";
        $UpdateRes = mysql_query($UpdateQuery, $db);
        If (!$UpdateRes) { die('Error: Please contact administrator!'); }
        Echo "Congratulations. You are now fully Registered. Click <a href='./index.php?act=login&CODED=0'>Here</a> to Login.<br><br>";
    }
    Else {
        Echo "Your Account is already completely Registered.<br><br>";
    }
}

 

For some reason The script keepts dying and when I check the mysql database I notice that the $UpdateQuery query doesn't actually go through and when I try type it in manually I get a syntax error. Can anyone see that error??

 

MEMBER_PROFILE_TABLE is a constant containing a table name.

 

Address for this is index.php?CODE=2&memid=X

Link to comment
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

Well, you should echo the query to the page to see exactly what it is. We can only guess at what the result is since we don't know the values of "MEMBER_PROFILE_TABLE" or "$MemId". BUt, you are doing this the hard way. You only need ONE query based upon your current logic.

 

Simply run the UPDATE query with an additional parameter on the WHERE clause for 'Group'=4, then check the result of the updated rows to determine the correct response. Also, NEVER use "*" in your select queries unless you actually need all the columns. And NEVER EVER use user input directly in a database query without sanitizing it first.

 

if ($_GET['CODE'] == '2')
{
    $user_id = intval($_GET['memid']); //make the value safe for DB query
    $query = "UPDATE ".MEMBER_PROFILE_TABLE."
              SET `Group` = '3'
              WHERE user_id='{$user_id}'
                AND `Group` = '4'";
    $result = mysql_query($query);

    if(!$result)
    {
        //Only for debugging purposes
        echo "Query: $query<br>Error: " . mysql_error();
    }
    elseif(!mysql_affected_rows())
    {
        echo "Your Account is already completely Registered.<br><br>";
    }
    else
    {
        echo "Congratulations. You are now fully Registered. Click <a href='./index.php?act=login&CODED=0'>Here</a> to Login.<br><br>";
    }
}

 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.