PHP Verify Script

Asked May 11 '17 at 20:35

Active May 11 '17 at 20:38

Viewed 25 times

I have setup a system whereby a user recieves an email to which they click a button and it will verify their email address. It passes the following url variables to the page:

verify.php?email=testemail@gmail.com&first_name=Test&last_name=User

When the page loads, the information is passed to the database and store, however I have a error message appear afterwards? What am I doing wrong?

PHP Script (verify.php)

<?php
include("admin/dbh.php");

$email = $_GET['email'];
$first_name = $_GET['first_name'];
$last_name = $_GET['last_name'];
$today = date("Y/m/d");
$sql = "SELECT * FROM subscribersList WHERE email=$email LIMIT 1";

$result = $conn->query($sql);
if($result -> num_rows){
    echo "<h1>This email address is already signed up to our mailing list!</h1>";
}else{
    $sql = "INSERT INTO subscribersList (first_name, last_name, email, verified, subDate) VALUES ('$first_name', '$last_name', '$email', 1, '$today')";
    $result = $conn -> query($sql);
    header("location: index.php");
}
?>

edited May 11 '17 at 20:38

DontVoteMeDown

21,122
10
69
105

asked May 11 '17 at 20:35

Matas

1

What error message? – Jen R May 11 '17 at 20:36
@JenR we should guess!!! Isn't it? – u_mulder May 11 '17 at 20:36
4

`email=$email` btw requires quotes. – u_mulder May 11 '17 at 20:37
2

[Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard May 11 '17 at 20:39
@u_mulder This fixed everything. Thank you for the help :( – Matas May 11 '17 at 20:40

PHP Verify Script

0 Answers0