Jump to content

Multiple URL parameters


Recommended Posts

I am trying to pull data from SQL where the ID and activation code match the record by using the URL to request the info. The form pulls up the first record but I cannot get it to return the correct id and code.


URL example: www.domain.com/activate.php?id=7&ActivateCode=xajkdfjeklhwekjfhergh


Not sure how to write this in the php, what I have tried does not seem to pull anything other than the first record in the system.


$result=mysql_query("SELECT * FROM `eusers` WHERE id = '$id' & ActivateCode = '$ActivateCode'");
if (!$result) 
		die("Error: Data not found..");
mysql_query("UPDATE `eusers` SET Password ='$Password_save', Email ='$Email_save', Active ='$Active_save', SecurityCode ='$SecurityCode_save', ActivateCode ='$ActivateCode_save'  WHERE id ='$id'")
					or die(mysql_error("Did not Save")); 
	echo "Saved!";
	header("Location: index.php");			
Link to comment
Share on other sites

Use something like this...


$url = parse_url("www.domain.com/activate.php?id=7&ActivateCode=xajkdfjeklhwekjfhergh");
$query = $url[query];
$pair_match = explode("&",$query);
# print_r($pair_match);
$queries = array();
foreach($pair_match as $pair) {
$queries[] = explode("=",$pair);


$queries[0] contains the first match, $queries[0][0] contains the first query, $queries[0][1] the value, and so on.

Link to comment
Share on other sites

A) moving this thread to the php help forum, as it has nothing to do with Regex


B) one & in a query statement is a bitwise AND operator and is likely resulting in a value that matches every true value for an id and since your code assumes there will be only one row, you get the first row out of your table.


use the AND logic operator (or use &&) in your query statement.


edit: in the following code, a false $result doesn't mean that the data wasn't found, it means that the query failed due to an error.

if (!$result)
        die("Error: Data not found..");
Edited by mac_gyver
Link to comment
Share on other sites

Try something like this, it provides some errors if data is missing or the query does not execute etc.




  //### Assign and santize data
  $id           = isset($_GET['id']) ? (int)$_GET['id'] : FALSE ;
  $activateCode = isset($_GET['ActivateCode']) ? mysql_real_escape_string(trim($_GET['ActivateCode'])) : FALSE ;
  //### Check to make sure both are set
  if(empty($id)) {
    echo 'ID is empty.';
  } else if(empty($activateCode)) {
    echo 'Activate Code is empty.';
  } else {
    //### Find the user
    $findUserQuery = "SELECT * FROM `eusers` WHERE `id` = {$id} AND `ActivateCode` = '{$ActivateCode}'";
    $findUser      = mysql_query($findUserQuery) or die(mysql_error());
    //### Check if a row exists
    if(!mysql_num_rows($findUser)) {
      echo 'Error: Data Not Found.';
    } else {
      //### Process the data
      $user = mysql_fetch_assoc($findUser);
      //### Display data for usage
      echo '<pre>';
      echo '</pre>';
      //### Now do whatever else needs done



I'd advise you move away from MySQL and move to MySQLi or PDO as soon as possible. MySQL will be removed from one of the upcoming versions of PHP.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.