Jump to content

SQL Query help?

RaythMistwalker

By RaythMistwalker
in PHP Coding Help

Recommended Posts

RaythMistwalker Regular Member

RaythMistwalker

Posted
Posted 

If ($_GET['CODE'] == '2') {
    $MemId = $_GET['memid'];
    $CurrentGroupQry = "SELECT * FROM ".MEMBER_PROFILE_TABLE." WHERE user_id='".$MemId."'";
    $CurrentGroupRes = mysql_query($CurrentGroupQry, $db);
    $CurrentGroup = mysql_result($CurrentGroupRes, 0, 'Group');
    If ($CurrentGroup == '4') {
        $UpdateQuery = "UPDATE ".MEMBER_PROFILE_TABLE." SET Group='3' WHERE user_id='".$MemId."';";
        $UpdateRes = mysql_query($UpdateQuery, $db);
        If (!$UpdateRes) { die('Error: Please contact administrator!'); }
        Echo "Congratulations. You are now fully Registered. Click <a href='./index.php?act=login&CODED=0'>Here</a> to Login.<br><br>";
    }
    Else {
        Echo "Your Account is already completely Registered.<br><br>";
    }
}

 

For some reason The script keepts dying and when I check the mysql database I notice that the $UpdateQuery query doesn't actually go through and when I try type it in manually I get a syntax error. Can anyone see that error??

 

MEMBER_PROFILE_TABLE is a constant containing a table name.

 

Address for this is index.php?CODE=2&memid=X

Link to comment
https://forums.phpfreaks.com/topic/249877-sql-query-help/
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

Well, you should echo the query to the page to see exactly what it is. We can only guess at what the result is since we don't know the values of "MEMBER_PROFILE_TABLE" or "$MemId". BUt, you are doing this the hard way. You only need ONE query based upon your current logic.

 

Simply run the UPDATE query with an additional parameter on the WHERE clause for 'Group'=4, then check the result of the updated rows to determine the correct response. Also, NEVER use "*" in your select queries unless you actually need all the columns. And NEVER EVER use user input directly in a database query without sanitizing it first.

 

if ($_GET['CODE'] == '2')
{
    $user_id = intval($_GET['memid']); //make the value safe for DB query
    $query = "UPDATE ".MEMBER_PROFILE_TABLE."
              SET `Group` = '3'
              WHERE user_id='{$user_id}'
                AND `Group` = '4'";
    $result = mysql_query($query);

    if(!$result)
    {
        //Only for debugging purposes
        echo "Query: $query<br>Error: " . mysql_error();
    }
    elseif(!mysql_affected_rows())
    {
        echo "Your Account is already completely Registered.<br><br>";
    }
    else
    {
        echo "Congratulations. You are now fully Registered. Click <a href='./index.php?act=login&CODED=0'>Here</a> to Login.<br><br>";
    }
}

 

Link to comment
https://forums.phpfreaks.com/topic/249877-sql-query-help/#findComment-1282540
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.