Referal link for registering

[Goose87]

Hi,

I have a register script which works fine, but I want to add a referal

 

I started doing this with

 

..../register.php?ref=4284    where the number equates to the refer's ID.

 

I then have:

 

if(isset($_GET['ref'])) {
$ref_id = $_GET['ref']; 
}

$result=@mysql_query("SELECT * FROM users where id='$ref_id'");
$r=@mysql_fetch_array($result);
$ref_quantity=$r['ref_quantity'];
$resultx=@mysql_query("SELECT * FROM users where id='$ref_id'");

if(mysql_num_rows($resultx)==1){

$ref_quantity=$ref_quantity+1;
$result2=@mysql_query("UPDATE users set ref_quantity='$ref_quantity' WHERE id='$ref_id'");
}

 

This part of code is placed within the the part where is checks if the user has entered all of the parts:

 

username, password, email.

 

It then checks that the email and username aren't already used, and if they arent, it implements the code above this.

 

Any help would be appreciated. thanks a lot.

[PHP_PhREEEk]

From a security standpoint, you're an injection waiting to happen. Never use a GET or POST variable straight into a MySQL query... ever. You might think that checking the db for a match is good enough, but injected evil code interacts with the SELECT operation long before you compare the results. If your expected variable will always be numeric, we can do this:

 

<?php
if ( !ereg( "^[0-9]{4}$", $_GET['ref'] ) ) {
    // hack attempt
    header("location: http://www.fbi.gov");
}
$ref_id = $_GET['ref'];

// rest of your code

?>

 

This tells PHP to reject any $_GET['ref'] value that isn't EXACTLY 4 numbers, starting from the beginning of the string to the end of it. Now you can safely use it in a query.

 

PhREEEk