Anyone can help me pls!
This code supposed to compare between the passkey from the confirmation email and the confirm_code from the database and if the two value are identical it update "verified" row from null to 1.
Thank you and sorry for my english :/
//Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect to server");
mysql_select_db("$db_name")or die("cannot select DB");
$passkey=$_GET['passkey'];
$confirm_code=$_GET['confirm_code'];
if($confirm_code == '$passkey';){
$sql1="UPDATE $tbl_name SET verified='1' WHERE $confirm_code ='$passkey'";
echo "Confirmation code verified!!!";
}
else {
echo "Wrong Confirmation code";
}
?>
Change if($confirm_code == '$passkey';){ to if($confirm_code == "$passkey"){
Also notice the double quotes around $passkey.
Check your syntax first, maybe this is the problem here :
if($confirm_code == "$passkey"){
Are you not supposed to retrieve first the passkey from database then compare it with the one GET from URL ? Here you use GET for both of them.
You have an incorrect SQL statement
$sql1="UPDATE $tbl_name SET verified='1' WHERE $confirm_code ='$passkey'";
That $confirm_code should be confirm_codeand should correspond to the column in your table having the stored key. So you will be simply updating the record where the passed key is equal to the stored key.
Related
I am very new to coding PHP, HTML, and CSS and am just making a basic website with very basic functions that I will change and make better as I learn more about how to code these languages. My question is why my responses to a thread I have created in my forum response page does not appear when I view the forum? The code I used was not mine - I got it from
this website :www.phpgang.com/create-a-simple-forum-in-php_158.html
Everything else with this code works, no errors, and I can create a topic, view the topic, and respond to the topic but the response does not appear when I view the topic. It does however add a comment to the comment area of the forum table that shows all of the current topics. Please offer any ideas of how I can make the response display. If you have any questions on what exactly it is doing please comment.
(the code that is supposed to display and add the response to the topic)
add_answer.php:
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="greatdebate"; // Database name
$tbl_name="fanswers"; // Table name
// Connect to server and select databsae.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Get value of id that sent from hidden field
$id=$_POST['id'];
// Find highest answer number.
$sql="SELECT MAX(a_id) AS Maxa_id FROM $tbl_name WHERE question_id='$id'";
$result=mysql_query($sql);
$rows=mysql_fetch_array($result);
// add + 1 to highest answer number and keep it in variable name "$Max_id". if there no
answer yet set it = 1
if ($rows) {
$Max_id = $rows['Maxa_id']+1;
}
else {
$Max_id = 1;
}
// get values that sent from form
$a_name=$_POST['a_name'];
$a_email=$_POST['a_email'];
$a_answer=$_POST['a_answer'];
$datetime=date("d/m/y H:i:s"); // create date and time
// Insert answer
$sql2="INSERT INTO $tbl_name(question_id, a_id, a_name, a_email, a_answer,
a_datetime)VALUES('$id', '$Max_id', '$a_name', '$a_email', '$a_answer', '$datetime')";
$result2=mysql_query($sql2);
if($result2){
echo "Successful<BR>";
echo "<a href='view_topic.php?id=".$id."'>View your answer</a>";
// If added new answer, add value +1 in reply column
$tbl_name2="fquestions";
$sql3="UPDATE $tbl_name2 SET reply='$Max_id' WHERE id='$id'";
$result3=mysql_query($sql3);
}
else {
echo "ERROR";
}
// Close connection
mysql_close();
?>
Please contact me if you need to see the main_forum.php or the new_topic.php,
I am trying to update a database with the following code:
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// update data in mysql database
$sql="UPDATE $tbl_name SET FirstName='$FirstName', LastName='$LastName', >>>>Email='$Email' WHERE id='$id'";
$result = mysql_query($sql) or die(mysql_error());
// if successfully updated.
if($result){
echo "Successful";
echo "<BR>";
echo "<a href='list_records.php'>View result</a>";
}
else {
echo "ERROR";
}
?>
I get a successful message but the information was not changed. I realize this code is open to hacking and I will address that but I want to get it to work first.
If there's no error and you got zero modified rows, it must mean that you either write the same information that's already there or no rows match the condition. So either you don't have a row with the given ID, or you're writing the same value for every field that's already in the record.
Remove >>>> code in your update statement.
UPDATE $tbl_name SET FirstName='$FirstName', LastName='$LastName',
Email='$Email' WHERE id='$id'"
Also Check whether the $id is existing in the table.
I have a PHP form that should insert data into my SQL database on hostgator. However it is not adding any data but the id field keeps incrementing. I do not receive any error message when submitting the form and when i go to the database the other fields are just empty thus not displaying any data.
I am pulling my hair and cant figure out what the problem is. Can someone please help me
Thanks
<?php
$host="localhost"; // Host name
$username="xxxxxx"; // Mysql username
$password="xxxxxx"; // Mysql password
$db_name="rob1124_inventory"; // Database name
$tbl_name="data"; // Table name
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Get values from form
$qty=$_POST['qty'];
$product=$_POST['product'];
$price=$_POST['price'];
$totalprice=$_POST['totalprice'];
$seller=$_POST['seller'];
$city=$_POST['city'];
// Insert data into mysql
$sql="INSERT INTO $tbl_name(qty, product, price, totalprice, seller,city)
VALUES('$qty', '$product', '$price', '$totalprice', '$seller', '$city')";
$result=mysql_query($sql);
// if successfully insert data into database, displays message "Successful".
if($result){
echo "Successful";
echo "<BR>";
echo "<a href='insert.php'>Back to main page</a>";
}
else {
echo "ERROR";
}
?>
<?php
// close connection
mysql_close();
?>
Change to utf-8 from all varchar fields of your table and
try to get mysql_error().
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
mysql_query("set names 'utf8'");
//You codes....
// Insert data into mysql
$sql="INSERT INTO $tbl_name(qty, product, price, totalprice, seller,city)
VALUES('$qty', '$product', '$price', '$totalprice', '$seller', '$city')";
$result=mysql_query($sql) or die(mysql_error());
//Your codes...
Since the id is incrementing atleast the form and the DB connect, it tries to enter data.
One usually occurring error is that the data types in the databases columns don't match with the type of data recieved. Like trying to insert chars into ints etc. Or the length of the data is to large for the assigned size in the database. Check to see that the types are correct and try again.
But still, those that are correct should be inserted. Hard to tell without knowing more about the database design.
i know this is a beginner's question .I am working on a bloodbank database project with html,php and mysql. Here as an administrator,i am trying to send messages to users.At first i am trying to see if the user with the username is present in the database.if he is present i am inserting the username and messages into the table called usermessages But i am not able to insert the data.i am getting the message "message sent successfully",but in reality it is not getting updated in the database.So here is my code,i can assure all that no spelling mistake is present in database or in phpcode.
<?php
session_start();
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="bloodbank"; // Database name
$tbl_name="users"; // Table name
$tblname="usermessages";
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and messages is sent from form
$username=$_POST['username'];
$sql="SELECT * FROM $tbl_name WHERE username='$username'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
if($count==1)
{
$mysql="INSERT INTO tblname(username, messages)
VALUES
('$_POST[username]','$_POST[messages]')";
echo "Message Sent Successfully";
}
else
{
echo "No user with that username found in the database";
}
?>
Try to execute the query
$mysql="INSERT INTO $tblname(username, messages)
VALUES ('$_POST[username]','$_POST[messages]')";
$return = mysql_query($my_sql);
echo "Message Sent Successfully";
You just forgotted to execute this insert query
And my advice is dont use mysql_* functions as they are depricated,use either mysqli_* functions or PDO Statements,and while you are playing with the post variables try to escape them like
mysql_real_escape_string($_POST['messages']);
Your query is good but you haven't executed it. Use mysql_query to execute your query.
Second please be careful about sql injection. Your code is shouting that come and hack me.
http://jsfiddle.net/Fd9wx/
I made this to help solve my problem
so I have some php code and html code that should send sql Query's to the database upon the html table I have created like to set up new databases but then I fill out my form and click run it does not want to work for me. I did some google research and got nothing back now before you say "use PDO and This is no longer supported" PDO is hard for me to use because I dont understand some of it I will use it later on but not now, also I did make this script here from hand so dont say "contact script dev" if some one could point me in right direction to solving my problem or just way to make my sql errors show in my script? like the line what to remove and all
here is main part of my script
$tablename=$_POST['tablename'];
$value=$_POST['value'];
$type=$_POST['type'];
$length=$_POST['length'];
$collation=$_POST['collation'];
$attributes=$_POST['attributes'];
$null=$_POST['null'];
$extra=$_POST['extra'];
// Insert data into mysql
$sql="CREATE TABLE `a7972613_db`.`$tablename` (
`field1` $type( $length ) $null $extra
) ENGINE = MYISAM";
$result=mysql_query($sql);
// if successfully insert data into database, displays message "Successful".
if($result){
echo "Successful";
}
else {
echo "Please Go Back And Check Your Errors!";
}
thats my main part
The problem with your code is you have not selected the database.
$host = "xxxxx";
$database = "xxxxx";
$user = "xxxx";
$password = "xxxxx";
// Connect to server and select database.
mysql_connect("$host", "$user", "$password")or die("cannot connect");
Use below code for selecting database
// Connect to server and select database.
$conn = mysql_connect("$host", "$user", "$password")or die("cannot connect");
mysql_select_db($database,$conn);
and another problem is when your query fails, you have hardcoded the error,but use below code for checking where is the problem in your query
$result=mysql_query($sql) or die(mysql_error());
Change your query to
$result = mysql_query($sql) or die("Error with $sql: " . mysql_error());
with mysql_error(), you will see what your problem is.
You can dump your $sql string in order to see, whether it is correct
echo $sql;