Php Registration With Email Verification Help

[jgab]

Hi ,

 

i'm new to php. i'm creating a signup form with email verification (PHPmailer) everything seems to work except when the user confirm the email, their information does not save to the database , so they can't login their account. the error is with the INSERT INTO customer part. can someone help me? thanks

 

 

<?php
if (isset($_GET["passkey"]))
{
$confirm = $_GET["passkey"];
$con = mysql_connect("localhost","root");
if (!$con)
echo(mysql_error());
else
{ mysql_select_db("dbhotel",$con);
$sql = "SELECT * FROM temp WHERE ConfirmCode = '" . $confirm . "'";
$rs = mysql_query($sql,$con);
if (mysql_num_rows($rs) == 1)
{
$rows = mysql_fetch_assoc($rs);

$sql = "INSERT INTO customers(FName,LName,Title,Address,Phone,Email,Password) VALUES ('". $rows["FName"] . "','" . $rows["LName"] . "','" . $rows["Title"] . "','" . $rows["Address"] . "','" . $rows["Phone"] . "','" . $rows["Email"] . "','" . $rows["Password"]."')";
mysql_query($sql,$con);

$sql = "DELETE FROM temp WHERE ConfirmCode = '" . $confirm . "'";
mysql_query($sql,$con);
echo "Congratulations " . $rows["Title"] ." ". $rows["FName"] ." ". $rows["LName"] . ", you are now a member!";
}
else
{
echo "Sorry, we are unable to process your request at this moment. Please try again later.";
}
}
mysql_close($con);
}
else
{
echo "You do not have enough permissions to access this page.";
}
?>

Edited October 2, 2012 by PFMaBiSmAd
code in code tags please

[White_Lily]

What is the error that comes up saying?

[Christian F.]

I recommend that you read this article.

[White_Lily]

Suggestion: make sure the "pass-key" is actually visible in the url of the page, if its not - theres your problem

[MDCode]

$confirm = $_GET["passkey"];

 

Make sure you filter that with mysql_real_escape_string or it will be a security risk.

Edited October 2, 2012 by ExtremeGaming

[White_Lily]

Really security isnt really a problem atm, you cant secure something that isnt there lol