[SOLVED] Passkey not found?

[mikebyrne]

I want this code to show an error if the passkey is not found, but at present if the passkey doesn't exist it just show a blank screen

 

<?php
include('config.php');

$passkey=$_GET['passkey'];

// Passkey that got from link
## added here
if (!isset($_GET['passkey']))

{
echo "Error here :: PASSKEY NOT FOUND ";
}
else
{

## table name
$tbl_name="temp_users";
$tbl_name2="users";

// after connecting succesfully: 
$sql1 = "SELECT * FROM $tbl_name WHERE confirm_code ='$passkey'";
$result = mysql_query($sql1) or die(mysql_error());

// while there is a result, fetch it into an array... 

while ($row = mysql_fetch_array($result))
{
$sql2="INSERT INTO $tbl_name2(name, address, address1, address2, address3, address4, county, zip, telephone, email, username, password, user)VALUES('".$row['name'] . "', '".$row['address'] . "', '".$row['address1'] . "', '".$row['address2'] . "', '".$row['address3'] . "', '".$row['address4'] . "', '".$row['county'] . "', '".$row['zip'] . "', '".$row['telephone'] . "', '".$row['email'] . "', '".$row['username'] . "', '".$row['password'] . "', 1)";
$result2=mysql_query($sql2)or die(mysql_error());
echo "Your account has been activated";
$sql3="DELETE FROM $tbl_name WHERE confirm_code = '$passkey'";
$result3=mysql_query($sql3)or die(mysql_error());
} 
}
?> 

 

 

[MadTechie]

<?php
include('config.php');

//Cleanup
#$passkey=$_GET['passkey'];
$passkey = mysql_escape_string($_GET['passkey']);

// Passkey that got from link
## added here
if (!isset($_GET['passkey']))
{
echo "Error here :: PASSKEY NOT ENTERED";
}else{
## table name
$tbl_name="temp_users";
$tbl_name2="users";

// after connecting succesfully: 
$sql1 = "SELECT * FROM $tbl_name WHERE confirm_code ='$passkey'";
$result = mysql_query($sql1) or die(mysql_error());
$found = mysql_num_rows( $result);
if($found > 0)
{
	// while there is a result, fetch it into an array... 
	while ($row = mysql_fetch_array($result))
	{
		$sql2="INSERT INTO $tbl_name2(name, address, address1, address2, address3, address4, county, zip, telephone, email, username, password, user)VALUES('".$row['name'] . "', '".$row['address'] . "', '".$row['address1'] . "', '".$row['address2'] . "', '".$row['address3'] . "', '".$row['address4'] . "', '".$row['county'] . "', '".$row['zip'] . "', '".$row['telephone'] . "', '".$row['email'] . "', '".$row['username'] . "', '".$row['password'] . "', 1)";
		$result2=mysql_query($sql2)or die(mysql_error());
		echo "Your account has been activated";
		$sql3="DELETE FROM $tbl_name WHERE confirm_code = '$passkey'";
		$result3=mysql_query($sql3)or die(mysql_error());
	}
}else{
	echo "Error here :: PASSKEY NOT FOUND ";
}
}
?>

[mikebyrne]

Thats fantastic and really has cleaned up the code!!! THANKS

 

Could you explain what these lines do?

 

$passkey = mysql_escape_string($_GET['passkey']);

 

AND

 

while ($row = mysql_fetch_array($result))

 

 

[MadTechie]

Could you explain what these lines do?

 

$passkey = mysql_escape_string($_GET['passkey']);

Okay.. this is to stop SQL Injection..

 

 

AND

 

while ($row = mysql_fetch_array($result))

this sets $row to the array of the next record, if their a no more records it returns false (which ends the loop)

 

so if you had 5 records you could do this

$row1 = mysql_fetch_array($result);
$row2 = mysql_fetch_array($result);
$row3 = mysql_fetch_array($result);
$row4 = mysql_fetch_array($result);
$row5 = mysql_fetch_array($result);

 

but

while ($row = mysql_fetch_array($result))

is better as you don't need to know the number of records

 

hope that helps

 

NB: records = rows

[mikebyrne]

Perfect!

 

Thanks for your help!

[mikebyrne]

Sorry 1 more question

 

In my scenario the user clicks on a confirmation email to activate the account. Wouldn't this part of the code never come into play???

 

// Passkey from link
if (!isset($_GET['passkey']))
{
echo "Error here :: PASSKEY NOT ENTERED";

 

 

[MadTechie]

if the URL does NOT contains

passkey=

then that code will be triggered

 

a have reviewed you code and tweaked it a little, (didn't really read it first time, i see so much code everyday lol)

 

<?php
include('config.php');

// Passkey that got from link
## added here
if (!isset($_GET['passkey']))
{
echo "Error here :: Validation Failed";
}else{
//Cleanup
$passkey = mysql_escape_string($_GET['passkey']);

## table name
$tbl_name="temp_users";
$tbl_name2="users";

// after connecting succesfully: 
$sql1 = "SELECT * FROM $tbl_name WHERE confirm_code ='$passkey'";
$result = mysql_query($sql1) or die(mysql_error());
$found = mysql_num_rows( $result);
if($found > 0)
{
	//Don't need loop as only 1 record is valid per passkey
	$row = mysql_fetch_array($result);
	$sql2="INSERT INTO $tbl_name2(name, address, address1, address2, address3, address4, county, zip, telephone, email, username, password, user)VALUES('".$row['name'] . "', '".$row['address'] . "', '".$row['address1'] . "', '".$row['address2'] . "', '".$row['address3'] . "', '".$row['address4'] . "', '".$row['county'] . "', '".$row['zip'] . "', '".$row['telephone'] . "', '".$row['email'] . "', '".$row['username'] . "', '".$row['password'] . "', 1)";
	$result2=mysql_query($sql2)or die(mysql_error());
	echo "Your account has been activated";
	$sql3="DELETE FROM $tbl_name WHERE confirm_code = '$passkey'";
	$result3=mysql_query($sql3)or die(mysql_error());
}else{
	echo "Error here :: PASSKEY NOT FOUND ";
}
}
?>

[mikebyrne]

Thats great, thaks!

 

I'm working on my login section now. I've never seen so many errors!! LOL

 

I'll work on it for a bit and look for help if im stuck

 

Again, thanks for your help