-2

I have a signup script with email confirmation and its working almost fine. The users info is firstly sent from form to a "temp" table and when he follows the email confirmation link the info goes from "temp" table to "india" table, its final destination.

The confirmation link is a file called "confirmation.php".

Although the code is sending data from one table to the other, it is not printing the message "Obrigado, o seu registo foi validado.", portuguese for "Thanks, your registration was now validated". What am i doing wrong?

Thanks!

Confirmation.php

<?php
include_once ('config.php');

$confirm_code = $_GET["confirm_code"];

$sql1 = mysqli_query($conn, "SELECT * FROM temp WHERE confirm_code = '$confirm_code'");
$result1= mysqli_fetch_array($sql1, MYSQLI_ASSOC);

if(mysqli_num_rows($sql1) == 1) {
    $query = mysqli_query($conn, "INSERT INTO india (confirm_code, name, password, email) SELECT confirm_code, name, password, email FROM temp WHERE confirm_code = '$confirm_code'");

    if($query) {
        $del = mysqli_query($conn, "DELETE FROM temp WHERE confirm_code = '$confirm_code'");
        if($del) {
            $msg = "Obrigado, o seu registo foi validado.";
        }    
    }   
} else {
    $msg2 = "Erro no registo";
}   
$conn->close();
?>
MCMXCII
  • 1,043
  • 4
  • 13
  • 26
Triole
  • 3
  • 2
  • Please indent the php code it's unreadable like this. – Raymond Nijland Dec 15 '17 at 15:52
  • 2
    If you're using mysqli functions, you may as well [bind your parameters](http://php.net/manual/en/mysqli-stmt.bind-param.php) for security purposes instead of dumping variables haphazardly in the query. – cteski Dec 15 '17 at 15:54
  • You set two variables with the messages, but nothing prints out the values in this script. – Nigel Ren Dec 15 '17 at 15:56
  • 1
    You show part of code. Here nothing printed you only set variables. Also the variables are with different names. – Kancho Iliev Dec 15 '17 at 15:59

2 Answers2

1

You should use instead of if(mysqli_num_rows($sql1) == 1) { the result variable: if(mysqli_num_rows($result1) == 1) {.

Please also use parametrized queries like explained in How can I prevent SQL injection in PHP?

Adder
  • 5,708
  • 1
  • 28
  • 56
0

try mysqli_query($conn, "DELETE FROM temp WHERE confirm_code = '$confirm_code'");

in the if condition like this:( you missed to print i think)

if(mysqli_query($conn, "DELETE FROM temp WHERE confirm_code = '$confirm_code'"))`
{ 
  $msg = "Obrigado, o seu registo foi validado.";
 echo $msg;
}
jasinth premkumar
  • 1,430
  • 1
  • 12
  • 22
  • It would be better to echo the `$msg` out outside of the `if` statement, as the `$msg` is set to something else if the isn't a successful registration. – MCMXCII Dec 15 '17 at 15:58