Multiple URL parameters

[WAMFT1]

I am trying to pull data from SQL where the ID and activation code match the record by using the URL to request the info. The form pulls up the first record but I cannot get it to return the correct id and code.

 

URL example: www.domain.com/activate.php?id=7&ActivateCode=xajkdfjeklhwekjfhergh

 

Not sure how to write this in the php, what I have tried does not seem to pull anything other than the first record in the system.

<?php
require('edb.php'); 
$id=$_REQUEST['id'];
$ActivateCode=$_REQUEST['ActivateCode'];

$result=mysql_query("SELECT * FROM `eusers` WHERE id = '$id' & ActivateCode = '$ActivateCode'");
$test=mysql_fetch_array($result);
if (!$result) 
		{
		die("Error: Data not found..");
		}
	$FirstName=$test['FirstName'];
	$LastName=$test['LastName'];
	$State=$test['State'];
	$Username=$test['Username'];
    $Password=$test['Password'];
	$Email=$test['Email'];
	$Active=$test['Active'];
	$SecurityCode=$test['SecurityCode'];
    $AdviserCode=$test['AdviserCode'];
	$UserType=$test['UserType'];
	$ActivateCode=$test['ActivateCode'];
	
	if(isset($_POST['Submit']))
{	
	$Password_save=sha1($_POST['Password']);
	$Email_save=$_POST['Email'];
	$Active_save=$_POST['Active'];
	$SecurityCode_save=$_POST['SecurityCode'];
	$ActivateCode_save=$_POST['ActivateCode'];
			
mysql_query("UPDATE `eusers` SET Password ='$Password_save', Email ='$Email_save', Active ='$Active_save', SecurityCode ='$SecurityCode_save', ActivateCode ='$ActivateCode_save'  WHERE id ='$id'")
					or die(mysql_error("Did not Save")); 
	echo "Saved!";
	header("Location: index.php");			
}
?>

[Irate]

Use something like this...

<?php

$url = parse_url("www.domain.com/activate.php?id=7&ActivateCode=xajkdfjeklhwekjfhergh");
$query = $url[query];
$pair_match = explode("&",$query);
# print_r($pair_match);
$queries = array();
foreach($pair_match as $pair) {
$queries[] = explode("=",$pair);
}
print_r($queries);

?>

$queries[0] contains the first match, $queries[0][0] contains the first query, $queries[0][1] the value, and so on.

[mac_gyver]

A) moving this thread to the php help forum, as it has nothing to do with Regex

 

B) one & in a query statement is a bitwise AND operator and is likely resulting in a value that matches every true value for an id and since your code assumes there will be only one row, you get the first row out of your table.

 

use the AND logic operator (or use &&) in your query statement.

 

edit: in the following code, a false $result doesn't mean that the data wasn't found, it means that the query failed due to an error.

if (!$result)
        {
        die("Error: Data not found..");
        }

Edited September 5, 2013 by mac_gyver

[PaulRyan]

Try something like this, it provides some errors if data is missing or the query does not execute etc.

 

 

<?PHP

  require('edb.php');
 
  //### Assign and santize data
  $id           = isset($_GET['id']) ? (int)$_GET['id'] : FALSE ;
  $activateCode = isset($_GET['ActivateCode']) ? mysql_real_escape_string(trim($_GET['ActivateCode'])) : FALSE ;
 
  //### Check to make sure both are set
  if(empty($id)) {
    echo 'ID is empty.';
  } else if(empty($activateCode)) {
    echo 'Activate Code is empty.';
  } else {
 
    //### Find the user
    $findUserQuery = "SELECT * FROM `eusers` WHERE `id` = {$id} AND `ActivateCode` = '{$ActivateCode}'";
    $findUser      = mysql_query($findUserQuery) or die(mysql_error());
    
    //### Check if a row exists
    if(!mysql_num_rows($findUser)) {
      echo 'Error: Data Not Found.';
    } else {
    
      //### Process the data
      $user = mysql_fetch_assoc($findUser);
      
      //### Display data for usage
      echo '<pre>';
      print_r($user);
      echo '</pre>';
      
      //### Now do whatever else needs done
    
    }
    
  }

?>

 

I'd advise you move away from MySQL and move to MySQLi or PDO as soon as possible. MySQL will be removed from one of the upcoming versions of PHP.