1

I'm currently attempting to create an email activation system which generates a unique code when a user signs up, sends them an email containing a URL which contains the code as a parameter.

My sql table contains two added fields, 1 field to hold the value of each unique code and a boolean field which is false if the account is not active and true if the account is active.

My current code reads: 

$code = mysqli_real_escape_string($conn, $_GET['code']);

which grabs the code from the URL and stores it as a variable, 

$check = mysqli_query("SELECT * FROM core_customer_information WHERE activation_code='$code' AND activated='1' "); 

        if ( mysqli_num_rows($check) == 1) 
        {
            die ('The account has already been activated'); 
        }
        else 
        {
            $activate = mysqli_query("UPDATE core_customer_information SET activated='1' WHERE activation_code='$code'");
            if ( $conn->query($activate) === TRUE ) 
            {
                echo ('Your account has know been activated <br>'); 
                echo $code; 
            }
            else 
            {
                die ('Account not activated ' . $conn->error); 
            }
        }

$check checks if the account has already been activated and $activate is SUPPOSED to update the boolean field on my table to true (1).

The problem i'm having is that my update query isn't doing that. I've testing the actual query in phpmyadmin to check if that works, which it does, so i'm pretty stuck on fixing the problem and would appreciate if someone could help me out.

Zanshin13
  • 980
  • 4
  • 19
  • 39
Axel
  • 35
  • 1
  • 1
  • 7
  • `mysqli_query()` need two parameter first your connection then query. No need of this line `if ( $conn->query($activate)`. Just use `if (mysqli_query($conn,"UPDATE core_customer_information SET activated='1' WHERE activation_code='$code'")) { ` – Saty Mar 29 '16 at 08:55

3 Answers3

2
$check = mysqli_query("SELECT * FROM...");

Just that the first parameter should be a connection resource :)

 $check = mysqli_query($conn,"SELECT * FROM...");

Also go through How can I prevent SQL injection in PHP?

Also, you're trying to execute the Update query twice.

  $activate = mysqli_query("UPDATE ...");
            if ( $conn->query($activate) === TRUE ) 
            {

That should either be

  if(mysqli_query($conn,"UPDATE ..."))
  {

OR

if($conn->query("UPDATE ...")) 
 {
Community
  • 1
  • 1
Hanky Panky
  • 46,730
  • 8
  • 72
  • 95
  • Agree with you but what about this line `if ( $conn->query($activate)` – Saty Mar 29 '16 at 08:58
  • That one is fine but the control never reaches there because the very first query fails to execute and control doesn't get to `if` block. Actually that's not really fine either, that code is trying to execute the query twice, first time wrongly and second time right – Hanky Panky Mar 29 '16 at 09:00
  • After applying your changes when control goes into `if ( $conn->query($activate)`. This condition always false. It will always goes to else even after update into database – Saty Mar 29 '16 at 09:06
  • Nope. `Returns FALSE on failure. For successful SELECT, SHOW, DESCRIBE or EXPLAIN queries mysqli_query() will return a mysqli_result object. For other successful queries mysqli_query() will return TRUE. ` So in this case it will return TRUE hence the check is valid – Hanky Panky Mar 29 '16 at 09:07
  • I m ok with `mysqli_query()` But in am talking about `$conn->query($activate)` part of code – Saty Mar 29 '16 at 09:11
  • You're right. `$conn->query($activate)` is fine but `$activate` is not fine. They can just make `$activate` the query itself and not result of a query – Hanky Panky Mar 29 '16 at 09:12
  • Please add last comment into your answer!! – Saty Mar 29 '16 at 09:14
0

Your $check and $activation variable both needs a connection variable ($con) to be passed with your query parameter. Like this :

$check = mysqli_query($conn, "SELECT * FROM core_customer_information WHERE activation_code='$code' AND activated='1' "); 

$activate = mysqli_query($conn, "UPDATE core_customer_information SET activated='1' WHERE activation_code='$code'");
Nehal
  • 1,542
  • 4
  • 17
  • 30
0

There maybe problems in these lines, please check. 

$check = mysqli_query("SELECT * FROM core_customer_information WHERE activation_code='$code' AND activated='1' ");

The syntax for mysqli_query is - 

mysqli_query($con,"SELECT * FROM Table");

Same for the mysqli_query of update.

Why use object-oriented mysqli in procedural? I mean the (-> sign) Then there's the '===', may not be valid

if ( $conn->query($activate) === TRUE )
Hasan Peeal
  • 90
  • 9