Jump to content

Recommended Posts

I am trying to pull data from SQL where the ID and activation code match the record by using the URL to request the info. The form pulls up the first record but I cannot get it to return the correct id and code.

 

URL example: www.domain.com/activate.php?id=7&ActivateCode=xajkdfjeklhwekjfhergh

 

Not sure how to write this in the php, what I have tried does not seem to pull anything other than the first record in the system.

<?php
require('edb.php'); 
$id=$_REQUEST['id'];
$ActivateCode=$_REQUEST['ActivateCode'];

$result=mysql_query("SELECT * FROM `eusers` WHERE id = '$id' & ActivateCode = '$ActivateCode'");
$test=mysql_fetch_array($result);
if (!$result) 
		{
		die("Error: Data not found..");
		}
	$FirstName=$test['FirstName'];
	$LastName=$test['LastName'];
	$State=$test['State'];
	$Username=$test['Username'];
    $Password=$test['Password'];
	$Email=$test['Email'];
	$Active=$test['Active'];
	$SecurityCode=$test['SecurityCode'];
    $AdviserCode=$test['AdviserCode'];
	$UserType=$test['UserType'];
	$ActivateCode=$test['ActivateCode'];
	
	if(isset($_POST['Submit']))
{	
	$Password_save=sha1($_POST['Password']);
	$Email_save=$_POST['Email'];
	$Active_save=$_POST['Active'];
	$SecurityCode_save=$_POST['SecurityCode'];
	$ActivateCode_save=$_POST['ActivateCode'];
			
mysql_query("UPDATE `eusers` SET Password ='$Password_save', Email ='$Email_save', Active ='$Active_save', SecurityCode ='$SecurityCode_save', ActivateCode ='$ActivateCode_save'  WHERE id ='$id'")
					or die(mysql_error("Did not Save")); 
	echo "Saved!";
	header("Location: index.php");			
}
?>
Link to comment
https://forums.phpfreaks.com/topic/281879-multiple-url-parameters/
Share on other sites

Use something like this...

<?php

$url = parse_url("www.domain.com/activate.php?id=7&ActivateCode=xajkdfjeklhwekjfhergh");
$query = $url[query];
$pair_match = explode("&",$query);
# print_r($pair_match);
$queries = array();
foreach($pair_match as $pair) {
$queries[] = explode("=",$pair);
}
print_r($queries);

?>

$queries[0] contains the first match, $queries[0][0] contains the first query, $queries[0][1] the value, and so on.

A) moving this thread to the php help forum, as it has nothing to do with Regex

 

B) one & in a query statement is a bitwise AND operator and is likely resulting in a value that matches every true value for an id and since your code assumes there will be only one row, you get the first row out of your table.

 

use the AND logic operator (or use &&) in your query statement.

 

edit: in the following code, a false $result doesn't mean that the data wasn't found, it means that the query failed due to an error.

if (!$result)
        {
        die("Error: Data not found..");
        }
Edited by mac_gyver

Try something like this, it provides some errors if data is missing or the query does not execute etc.

 

 

<?PHP

  require('edb.php');
 
  //### Assign and santize data
  $id           = isset($_GET['id']) ? (int)$_GET['id'] : FALSE ;
  $activateCode = isset($_GET['ActivateCode']) ? mysql_real_escape_string(trim($_GET['ActivateCode'])) : FALSE ;
 
  //### Check to make sure both are set
  if(empty($id)) {
    echo 'ID is empty.';
  } else if(empty($activateCode)) {
    echo 'Activate Code is empty.';
  } else {
 
    //### Find the user
    $findUserQuery = "SELECT * FROM `eusers` WHERE `id` = {$id} AND `ActivateCode` = '{$ActivateCode}'";
    $findUser      = mysql_query($findUserQuery) or die(mysql_error());
    
    //### Check if a row exists
    if(!mysql_num_rows($findUser)) {
      echo 'Error: Data Not Found.';
    } else {
    
      //### Process the data
      $user = mysql_fetch_assoc($findUser);
      
      //### Display data for usage
      echo '<pre>';
      print_r($user);
      echo '</pre>';
      
      //### Now do whatever else needs done
    
    }
    
  }

?>

 

I'd advise you move away from MySQL and move to MySQLi or PDO as soon as possible. MySQL will be removed from one of the upcoming versions of PHP.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.