1

I'm currently attempting to create an email activation system which generates a unique code when a user signs up, sends them an email containing a URL which contains the code as a parameter.

My sql table contains two added fields, 1 field to hold the value of each unique code and a boolean field which is false if the account is not active and true if the account is active.

My current code reads: 

$code = mysqli_real_escape_string($conn, $_GET['code']);

which grabs the code from the URL and stores it as a variable, 

$check = mysqli_query("SELECT * FROM core_customer_information WHERE activation_code='$code' AND activated='1' "); 

        if ( mysqli_num_rows($check) == 1) 
        {
            die ('The account has already been activated'); 
        }
        else 
        {
            $activate = mysqli_query("UPDATE core_customer_information SET activated='1' WHERE activation_code='$code'");
            if ( $conn->query($activate) === TRUE ) 
            {
                echo ('Your account has know been activated <br>'); 
                echo $code; 
            }
            else 
            {
                die ('Account not activated ' . $conn->error); 
            }
        }

$check checks if the account has already been activated and $activate is SUPPOSED to update the boolean field on my table to true (1).

The problem i'm having is that my update query isn't doing that. I've testing the actual query in phpmyadmin to check if that works, which it does, so i'm pretty stuck on fixing the problem and would appreciate if someone could help me out.

Improve this question
1
  • mysqli_query() need two parameter first your connection then query. No need of this line if ( $conn->query($activate). Just use if (mysqli_query($conn,"UPDATE core_customer_information SET activated='1' WHERE activation_code='$code'")) { Commented Mar 29, 2016 at 8:55

3 Answers 3

Reset to default
2 
$check = mysqli_query("SELECT * FROM...");

Just that the first parameter should be a connection resource :)

 $check = mysqli_query($conn,"SELECT * FROM...");

Also go through How can I prevent SQL injection in PHP?

Also, you're trying to execute the Update query twice.

  $activate = mysqli_query("UPDATE ...");
            if ( $conn->query($activate) === TRUE ) 
            {

That should either be

  if(mysqli_query($conn,"UPDATE ..."))
  {

OR

if($conn->query("UPDATE ...")) 
 {
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Agree with you but what about this line if ( $conn->query($activate)
That one is fine but the control never reaches there because the very first query fails to execute and control doesn't get to if block. Actually that's not really fine either, that code is trying to execute the query twice, first time wrongly and second time right
After applying your changes when control goes into if ( $conn->query($activate). This condition always false. It will always goes to else even after update into database
Nope. Returns FALSE on failure. For successful SELECT, SHOW, DESCRIBE or EXPLAIN queries mysqli_query() will return a mysqli_result object. For other successful queries mysqli_query() will return TRUE. So in this case it will return TRUE hence the check is valid
I m ok with mysqli_query() But in am talking about $conn->query($activate) part of code
|
0

Your $check and $activation variable both needs a connection variable ($con) to be passed with your query parameter. Like this :

$check = mysqli_query($conn, "SELECT * FROM core_customer_information WHERE activation_code='$code' AND activated='1' "); 

$activate = mysqli_query($conn, "UPDATE core_customer_information SET activated='1' WHERE activation_code='$code'");
Improve this answer

Comments

0

There maybe problems in these lines, please check. 

$check = mysqli_query("SELECT * FROM core_customer_information WHERE activation_code='$code' AND activated='1' ");

The syntax for mysqli_query is - 

mysqli_query($con,"SELECT * FROM Table");

Same for the mysqli_query of update.

Why use object-oriented mysqli in procedural? I mean the (-> sign) Then there's the '===', may not be valid

if ( $conn->query($activate) === TRUE )
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.