Hey! I can't figure out why this part of my script won't work. Any help is appreciated. $_SESSION['alliancename'] = $_POST['alliancename']; $_SESSION['plan'] = $_POST['plan']; $_SESSION['activationcode'] = $_POST['activationcode']; $activatesql = "SELECT * FROM activationcodes WHERE code={$_SESSION['activationcode']}"; $activatequery = mysql_query($activatesql); $activatenum = mysql_num_rows($activatequery); if ($activatenum == 0){ echo "Invalid Activation Code"; unset($_SESSION['alliancename'],$_SESSION['plan'],$_SESSION['activationcode']); exit; } $activate = mysql_fetch_assoc($activatequery); if ($activate['used'] != 0){ echo "Code has already been used!"; unset($_SESSION['alliancename'],$_SESSION['plan'],$_SESSION['activationcode']); exit; } PHP: Error that is coming up is: Thanks!
Still doesn't work. Same error. I don't know why...I'm using a similar script, and that one works. function admincheck($username,$password){ $sql = "SELECT * from members WHERE username='$username' AND password='$password' AND admin=1"; $query = mysql_query($sql); $num = mysql_num_rows($query); return $num; } PHP:
$activationcode = $_SESSION['activationcode']; $activatesql = mysql_query("SELECT * FROM activationcodes WHERE code='$activationcode'"); mysql_num_rows($activatesql); PHP: Try to use $var instead of SESSION ..
Changed the code to: $_SESSION['alliancename'] = $_POST['alliancename']; $_SESSION['plan'] = $_POST['plan']; $_SESSION['activationcode'] = $_POST['activationcode']; $activationcode = $_SESSION['activationcode']; $activatesql = "SELECT * FROM activationcodes WHERE code='$activationcode'"; $activatequery = mysql_query($activatesql); $activatenum = mysql_num_rows($activatesql); if ($activatenum == 0){ echo "Invalid Activation Code"; unset($_SESSION['alliancename'],$_SESSION['plan'],$_SESSION['activationcode']); exit; } $activate = mysql_fetch_assoc($activatequery); if ($activate['used'] != 0){ echo "Code has already been used!"; unset($_SESSION['alliancename'],$_SESSION['plan'],$_SESSION['activationcode']); exit; } PHP: Still doesn't work. Same error.
Hey, if you'd give the entire code it might be easier. However, with that code I caught a lot of things you did that you just shouldn't be doing. This code has Remote Injection written all over it. Here is a version of it that should work. I'd still like to see the full code for a complete correction. $_SESSION['alliancename'] = $_POST['alliancename']; $_SESSION['plan'] = $_POST['plan']; // You need to make sure this crap is filtered. At the least, the one being executed in a query. // This tid-bit will redirect if string has anything besides A-Z a-z and 0-9. // You could also just use mysql_real_escape_string(htmlentities(preg_replace("/\\\\/","",$_POST['activationcode']))) while (preg_match("/[^A-Za-z0-9]/",$_POST['activationcode'])) { echo "<meta http-equiv=\"refresh\" content=\"0;URL=http://site.com\" />"; } $_SESSION['activationcode'] = $_POST['activationcode']; $query = mysql_query("SELECT * FROM activationcodes WHERE code = '".$_SESSION['activationcode']."';"); if (!$query) { echo "Invalid Activation Code"; unset($_SESSION['alliancename'],$_SESSION['plan'],$_SESSION['activationcode']); exit(); } else { $activate = mysql_fetch_assoc($query); if ($activate['used'] != NULL) { echo "Code has already been used!"; unset($_SESSION['alliancename'],$_SESSION['plan'],$_SESSION['activationcode']); exit(); } else { // Some sort of error here } } PHP:
I think it's to do with you curly braces and the overall SQL statement. Try this: $_SESSION['alliancename'] = $_POST['alliancename']; $_SESSION['plan'] = $_POST['plan']; $_SESSION['activationcode'] = $_POST['activationcode']; $activation_code = $_SESSION['activationcode']; $activatesql = "SELECT * FROM activationcodes WHERE code='$activation_code'"; $activatequery = mysql_query($activatesql); $activatenum = mysql_num_rows($activatequery); // ... Keep the rest the same PHP: Hope that helps
It still doesn't work, and I receive the same error. Thanks for trying. I hadn't gotten around to implementing the regex yet as I'm just in the pre-planning phases where I try to get a skeleton up of the site first. Thanks!
Try doing this right before doing the query: die($activatesql); Then you can check whether the sql you actually send to MySQL is ok or not.
It does seem ok. Try building the query like this: $activatequery = mysql_query($activatesql); if (!$activatequery) { die('Invalid query: ' . mysql_error()); } Code (markup): That will give us more to work on if the query is failing.
It's not the curly braces, that is a completely legit method of sending/getting global values to/from a(n) SQL query. -------------- Anyways, the error this qualityfirst got was an error telling him that a NULL or NOT value was received. To deal with this you use the NULL or NOT operators and or statement. if ($value == NULL) {} if (!$value) {} I'm sure you can figure it out qualityfirst. If you do need more help you can send me your entire script if necessary. I do this stuff for a living.
$sql = "SELECT * from members WHERE username='$username' AND password='$password' AND admin=1"; PHP: * is really slow, use count(id) instead of * (or whatever a column name is.) Dan.