User Approval by email showing outputs but not updating records in database

Question

I am currently working on a project where I need to get a user to sign up and then an email is sent to the website administrator's email with an approval link (containing the php page below, user email and sha512). When the approval link is clicked, it's meant to Update the table with the corresponding email and change isApproved to 1, but it does nothing other than printing the echos.

I tried changing the SQL commands, adding the ` around the names, looking it up on w3schools, stackoverflow and other forums and found nothing.

<?php
    $hash = $_GET['h'];
    $email = $_GET['e'];

    if($hash == hash('sha512', 'ACCEPT')){
    $host = "redacted";
    $dbUsername = "redacted";
    $dbPassword = "redacted";
    $dbname = "redacted";
    //create connection
    $conn = mysqli_connect($host, $dbUsername, $dbPassword, $dbname);
    if (mysqli_connect_error()) 
    {
        die('Connect Error('. mysqli_connect_errno().')'.mysqli_connect_error());
    } 
    else 
    {
        $sql = "UPDATE `User` SET `isApproved`='1' WHERE `User`.`email`=$email";
        echo("approved");
    }
?>

All I see when opening the website is "approved", which is what i expected, but the records in the database remain unchanged.

score 3 · Accepted Answer · edited Jun 20 '20 at 09:12

3

That's because you are not running the query statement.

$sql = "UPDATE `User` SET `isApproved`='1' WHERE `User`.`email`=$email"; is a query which you wrote but did not executed it. You need to execute it using mysqli_query() method passing in the connection and query in parameters mysqli_query($conn, $sql);. You can read more about this here.

Updated Code:

   <?php
        $hash = $_GET['h'];
        $email = $_GET['e'];
    
        if($hash == hash('sha512', 'ACCEPT')){
        $host = "redacted";
        $dbUsername = "redacted";
        $dbPassword = "redacted";
        $dbname = "redacted";
        //create connection
        $conn = mysqli_connect($host, $dbUsername, $dbPassword, $dbname);
        if (mysqli_connect_error()) 
        {
            die('Connect Error('. mysqli_connect_errno().')'.mysqli_connect_error());
        } 
        else 
        {
            $sql = "UPDATE `User` SET `isApproved`='1' WHERE `User`.`email`=$email";
            mysqli_query($conn, $sql); // <------- Run SQL Query 
            echo("approved");
        }
    ?>

edited Jun 20 '20 at 09:12

Community

1
1

answered May 27 '19 at 16:03

Javapocalypse

2,223
17
23

Can you share your table structure? – Javapocalypse May 27 '19 at 16:10
1

The code is working fine. The problem is in the query probably. Try executing the following query. $sql = "UPDATE User SET isApproved=1 WHERE User.email=$email;"; – Javapocalypse May 27 '19 at 16:30
still nothing :/ – Jelon51 May 27 '19 at 16:36
I wonder why it is not executing. Give this a try $sql = "UPDATE User SET isApproved=1 WHERE email=$email;"; – Javapocalypse May 27 '19 at 16:37
Unfortunately, still nothing, everything executes except for the actual dabatase change – Jelon51 May 27 '19 at 16:41
This works, it 's just the fact that you have to select the user using the primary key, not just any table data. – Jelon51 May 27 '19 at 20:51
Cool! Glad it worked. Rejecting edit since there is nothing to change about the code but the query, since earlier there was no row present with the given condition. Happy coding :) – Javapocalypse May 27 '19 at 20:57

kbin0505 · Answer 2 · 2019-05-27T16:12:41.120

0

I think you didn't run execute command.

    $conn = mysqli_connect($host, $dbUsername, $dbPassword, $dbname);
    ....
    $sql = "UPDATE `User` SET `isApproved`='1' WHERE `User`.`email`=$email";
    $stmt = mysqli_prepare($conn, $sql);
    mysqli_stmt_execute($stmt);

edited May 27 '19 at 16:12

answered May 27 '19 at 15:59

kbin0505

170
1
11

Warning: mysqli_execute() expects parameter 1 to be mysqli_stmt – Jelon51 May 27 '19 at 16:01
Still says it expects stmt as param 1 – Jelon51 May 27 '19 at 16:08

User Approval by email showing outputs but not updating records in database

2 Answers2

Updated Code: