0

I am trying to create a program that creates random registration keys and stores it in the database.If the user/customer already has a registration code it displays that key stored in the database in a text box on click 'else' it generates a new key and stores it in the database.The problem is i am not being able to store the key in the database.My code is:

<?php

if (isset($_POST['keygen'])){
$customer_no = $_POST['customer_no'];
$result = mysql_query("SELECT * FROM customer WHERE customer_no = '$customer_no'");
$row = mysql_fetch_array($result);
$keyString = $row['key'];
if($keyString == ""){
$keyString = generateRandomString();
$query = "UPDATE 'customer' SET key ='$keyString' WHERE customer_no = '$customer_no'";
mysql_query($query);
echo $keyString;
}

else{
echo $keyString;
}   

 }

function  generateRandomString($length = 8) {

$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$randomString = '';
for ($i = 0; $i < $length; $i++) {
    $randomString .= $characters[rand(0, strlen($characters) - 1)];
}
return $randomString;
}

?>

this is my HTML:

    <div id="content" class="box2">
        <div class="login">
        <form action="" method="post" style="margin:12px;">
        <table class="nostyle">
        <tr>
        <td align="center">
        <label style="font-size:16px;"><strong>Customer ID: </strong></label>
        <select name="customer_no">
    <?php $result_customer= mysql_query('SELECT customer_no FROM customer ORDER BY customer_no'); ?>
    <?php while($row_customer= mysql_fetch_assoc($result_customer)) { ?>
    <option <?php if ($row_customer['customer_no']=='') { ?> selected="selected"<?php } ?>> <?php echo htmlspecialchars($row_customer['customer_no']); ?> </option>
    <?php } ?>
  </select>
        </td>
        </tr>
        <tr>
        <td align="center"><label style="font-size:16px;"><br /><strong>Register Key: </strong></label>
        <input type="text" id="key" class="input-text" name="key" size="20" align="middle" value = " <?=$row["key"];?>"></td>
        </tr>
        <td align="center"><br /><input type="submit" id="keygen" class="input-submit" name="keygen" value="Generate" onclick=""/>
        </td>
        </tr>
        </table>
        </form>
        </div>
     </div>

I am a newbie, and am not that sure about the code.Please help!

PeeHaa
  • 71,436
  • 58
  • 190
  • 262
stash_man
  • 319
  • 1
  • 8
  • 15
  • 4
    Read about [SQL Injection](http://en.wikipedia.org/wiki/SQL_injection) and [how to prevent it](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) before going any further. – PeeHaa Aug 23 '13 at 12:42
  • [Please, don't use `mysql_*` functions in new code](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [red box](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). **You are also wide open to [SQL injections](http://stackoverflow.com/q/60174)** – John Conde Aug 23 '13 at 12:47
  • Should use backticks round tables, not single quotes – DarkBee Aug 23 '13 at 12:54
  • What *exactly* is the problem? Is there an error message? The "key" is not properly updated? A wrong key is associated with the user and/or with the wrong user? An empty key? ... – Sylvain Leroux Aug 23 '13 at 12:57
  • @SylvainLeroux key is not stored in the database/empty key field – stash_man Aug 23 '13 at 13:02

1 Answers1

0

You first have to do mysqli_connect. Look at http://php.net. Also you should use mysqli_ functions, since mysql_ functions are deprecated for newer versions of php.

Manolo
  • 24,020
  • 20
  • 85
  • 130
  • I already have added the necessary info for database connection in configure.php. – stash_man Aug 23 '13 at 12:51
  • You can try to do an echo of your query and try to execute with phpmyadmin or mysql benchmark. You'll see if your query is correct. – Manolo Aug 23 '13 at 13:45
  • My query is correct ive checked using echo in each statement... It displays the value of the variable but I'm having problems with storing the variable in the database – stash_man Aug 23 '13 at 14:09
  • And the storage query is correct when using phpmyadmin or mysql benchmark? – Manolo Aug 23 '13 at 14:17
  • In your input field you missed "php": =$row["key"];?> . Should be Isn't it? – Manolo Aug 23 '13 at 14:39
  • Thanks i've changed it in my code and there was a problem with my `UPDATE` query, **$query = mysql_query("UPDATE customer SET `key` = '$keyString' WHERE customer_no = '$customer_no'");**I fixed it now. – stash_man Aug 28 '13 at 12:14