开发者

PHP- Getting var from url checking with mysql

问答 作者:

So the connection has been established and here is the code. What im trying to do is get two var from the url and save them as a var. I am getting an error and the php is not working and i know the information in the url is correct and matched the database. The error is "The url is either invalid or you already have activated your account." which is what the php returns if there isnt a match so im guessing that the disconnect is between the url and var setting. Code:

if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) &&     !empty($_GET['hash'])){  
// Verify data  
$email = mysql_escape_string($_GET['email']); // Set email variable  
$hash = mysql_escape_string($_GET['hash']); // Set hash variable  

$search = mysql_query("SELECT email, hash, active FROM users WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysql_error());  
$match  = mysql_num_rows($search);  

if($match > 0){  
    // We have a match, activate the account  
    mysql_query("UPDATE users SET active='1' WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysql_error());  
    echo '<div class="statusmsg">Your account has been activated, you can now login</div>';  
}else{  
    // No match -> invalid url or account has already been activated.  
    echo开发者_开发技巧 '<div class="statusmsg">The url is either invalid or you already have activated your account.</div>';  
}  

}else{  
// Invalid approach  
echo '<div class="statusmsg">Invalid approach, please use the link that has been send to your email.</div>';  
}  
?>

URL:

http://www.aliahealthcare.com/verify.php?email='.me@email.com.'&hash='.67f7fb873eaf29526a11a9b7ac33bfac.'

It looks like the PHP is solid, so I don't think that is your issue. I couldn't help but notice, though that you have a couple of '.' in the URL. I think you need to get rid of them:

http://www.aliahealthcare.com/verify.php?email=me@email.com&hash=67f7fb873eaf29526a11a9b7ac33bfac

To be sure, try echoing out the email and hash values before using mysql_real_escape_string. I'll wager the code is fine, but I suspect the input.

code looks fine to me

i would try doing this

$sql = "SELECT email, hash, active FROM users WHERE email='".$email."' AND hash='".$hash."' AND active='0'";

echo $sql;

$search = mysql_query($sql);

check the sql that is echo'd looks ok, and try running it in phpmyadmin or via cmdline to confirm that a row does exist for those parameters

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9