ansaurus

Question

Account activation PHP

Answer 1

+2 A:

Change $_GET['key'] == true to $_GET['key'] == "true"
You do before this if, a successful mysql_connect(...) or mysql_pconnect(...) ?
Change mysql_affected_rows($result); to mysql_num_rows($result);. Affected you can use for DELETE or UPDATE SQL statements.
Before you second if was opened, add before you second mysql_result(...), mysql_free_result($result); to free memory allocated to previous result.
if($result) change to if(mysql_affected_rows($result));. You can do that here.
After the header(...); function call's add a return 0; or exit(0); depends on your complete code logic.
You are using $key variable in SQL statements, to get your code more secure on SQL Injection attacks get change $key = $_GET['p']; to $key = mysql_real_escape_string($_GET['p']);
I think your location in header() functions fails. In header() url address should be full like: http://www.example.com/somewhere/index.php
And check your $_GET['p'] variable exists!! If this not exist and if $_GET['key'] exists, you find all activated users. Then i think the setting user_key to '' is nessesary if you have user_activated marker.

Svisstack 2010-06-09 23:54:59

Already tried with and without quotes. The MySQL connection is fine.

YouBook 2010-06-09 23:56:02

I know but this may don't work in future versions of php engine.

Svisstack 2010-06-09 23:56:50

$_GET['key'] == true is actually evaluating if $_GET['key'] has any value..so you can call your script with key=false and it will still pass the validation..Although this doesn't solve the problem, its just a warning ;)

Gonçalo Queirós 2010-06-10 00:00:45

@Gonçalo Queirós: But that can be evaluated as that: convert to bool $_GET['key'] and compare values. That may be unpredicted result if $_GET['key'] == 0(int).

Svisstack 2010-06-10 00:02:25

I updated it to your 3rd option, it says this: **You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'sql' at line 1**

YouBook 2010-06-10 00:03:37

@Wayne: Sorry but in 3rd and in before statmets I don't modify your query and this is mysql error.

Svisstack 2010-06-10 00:06:04

Don't use `addslashes()`; it can quote text wrong for MySQL. Use `mysql_real_escape_string()`.

staticsan 2010-06-10 03:03:51

@staticsan: i know, but i can't find this function by the search form on php.net, thanks

Svisstack 2010-06-10 10:03:32

http://au2.php.net/manual/en/function.mysql-real-escape-string.php

staticsan 2010-06-10 23:55:58

Answer 2

A:

you shouldnt be using:

if(mysql_affected_rows($result) > 0)

You should be using mysql_num_rows()

Sabeen Malik 2010-06-09 23:59:48

Answer 3

A:

Your problem is:

$result = mysql_query($sql) or die(mysql_error());

"or" makes your statement boolean so $result gets a True instead of value returned by mysql_query()

echo 'Hello' or die('bye'); // outputs nothing, because result is True not 'Hello'

3 or die() == True; // true
3 or die() != 3; // true

OR is the same as || and it is operator of logical statement.

This will work:

$result = mysql_query($sql);
if(!$result) die(mysql_error());

The same mistake was made a few hours ago: link

Cases where OR can be used:

defined('FOO') or
    define('FOO', 'BAR');

mysql_connect(...) or die(...);

mysql_select_db( .... ) or die(...);

mysql_query('UPDATE ...') or die(...);

if(FOO or BAR) { ... }

Skirmantas 2010-06-10 00:02:53

But if first value in OR expression is true, next is not executed then if mysql_query result a variable is not a false this die() not execute never. This is good. This syntax is use everywhere and everywhere woking good.

Svisstack 2010-06-10 00:07:25

At least don't be so ignorant and test even things you don't like.

Skirmantas 2010-06-10 00:18:26

I have always used "or" in this way and it is never problematic.

mathepic 2010-06-10 00:24:48

`BOOL or die()` will `die()` if `BOOL` is false.

Alexsander Akers 2010-06-10 00:39:57

ansaurus

tags:

views:

answers:

Account activation PHP

related questions