{Done} Mysql query not working on php script but is working on PhpMyAdmin
-3
I have this user verification file:
<?php
session_start();
require 'db-D.php';
$email = $_GET['email'];
$code = $_GET['code'];
$sql = 'UPDATE `login_D` SET `active`= 1 WHERE email="'.$email.'" and code=''.$code.''';
$conn->query($sql) or $_SESSION['message'] = 'invalid URL' and $_SESSION['details'] = null and header('location: error.php') and die();
header('location: login.php');
?>
I send the user a mail and then use GET method to retrieve the info. The URL looks like this:
192.168.0.101/verifiy.php?email=somemail@mail.com&code=c16c0745def04703e62daa72270c9a89c113a0b208ddd0072b6f828fe1adc81b
The problem is that when I query $sql I get no errors and when I check the active value on PhpMyAdmin it is 0 not 1.
I ran the same script (with the values manually inserted) on PhpMyAdmin and the value changed.
I also looked at the log files (apache and php) and there are no errors.
I am running a LAMP server on a raspberry pi 3.
php mysql raspberry-pi3
asked Dec 24 '18 at 23:08
123abc321bca123abc321bca
15610
add a comment |
-3
I have this user verification file:
<?php
session_start();
require 'db-D.php';
$email = $_GET['email'];
$code = $_GET['code'];
$sql = 'UPDATE `login_D` SET `active`= 1 WHERE email="'.$email.'" and code=''.$code.''';
$conn->query($sql) or $_SESSION['message'] = 'invalid URL' and $_SESSION['details'] = null and header('location: error.php') and die();
header('location: login.php');
?>
I send the user a mail and then use GET method to retrieve the info. The URL looks like this:
192.168.0.101/verifiy.php?email=somemail@mail.com&code=c16c0745def04703e62daa72270c9a89c113a0b208ddd0072b6f828fe1adc81b
The problem is that when I query $sql I get no errors and when I check the active value on PhpMyAdmin it is 0 not 1.
I ran the same script (with the values manually inserted) on PhpMyAdmin and the value changed.
I also looked at the log files (apache and php) and there are no errors.
I am running a LAMP server on a raspberry pi 3.
php mysql raspberry-pi3
asked Dec 24 '18 at 23:08
123abc321bca123abc321bca
15610
4
Please read How can I prevent SQL injection in PHP?
– digijay
Dec 24 '18 at 23:14
Have you checked for any errors returned by the database when using PHP?
– SpacePhoenix
Dec 24 '18 at 23:56
why are there 2 answers from you below?
– Funk Forty Niner
Dec 25 '18 at 15:42
2
I found out the problem myself and also gave the improved program, that's why there are 2 answers below.
– 123abc321bca
Dec 26 '18 at 10:33
add a comment |
-3
-3
-3
I have this user verification file:
<?php
session_start();
require 'db-D.php';
$email = $_GET['email'];
$code = $_GET['code'];
$sql = 'UPDATE `login_D` SET `active`= 1 WHERE email="'.$email.'" and code=''.$code.''';
$conn->query($sql) or $_SESSION['message'] = 'invalid URL' and $_SESSION['details'] = null and header('location: error.php') and die();
header('location: login.php');
?>
I send the user a mail and then use GET method to retrieve the info. The URL looks like this:
192.168.0.101/verifiy.php?email=somemail@mail.com&code=c16c0745def04703e62daa72270c9a89c113a0b208ddd0072b6f828fe1adc81b
The problem is that when I query $sql I get no errors and when I check the active value on PhpMyAdmin it is 0 not 1.
I ran the same script (with the values manually inserted) on PhpMyAdmin and the value changed.
I also looked at the log files (apache and php) and there are no errors.
I am running a LAMP server on a raspberry pi 3.
php mysql raspberry-pi3
asked Dec 24 '18 at 23:08
123abc321bca123abc321bca
15610
I have this user verification file:
<?php
session_start();
require 'db-D.php';
$email = $_GET['email'];
$code = $_GET['code'];
$sql = 'UPDATE `login_D` SET `active`= 1 WHERE email="'.$email.'" and code=''.$code.''';
$conn->query($sql) or $_SESSION['message'] = 'invalid URL' and $_SESSION['details'] = null and header('location: error.php') and die();
header('location: login.php');
?>
I send the user a mail and then use GET method to retrieve the info. The URL looks like this:
192.168.0.101/verifiy.php?email=somemail@mail.com&code=c16c0745def04703e62daa72270c9a89c113a0b208ddd0072b6f828fe1adc81b
The problem is that when I query $sql I get no errors and when I check the active value on PhpMyAdmin it is 0 not 1.
I ran the same script (with the values manually inserted) on PhpMyAdmin and the value changed.
I also looked at the log files (apache and php) and there are no errors.
I am running a LAMP server on a raspberry pi 3.
php mysql raspberry-pi3
php mysql raspberry-pi3
asked Dec 24 '18 at 23:08
123abc321bca123abc321bca
15610
asked Dec 24 '18 at 23:08
123abc321bca123abc321bca
15610
edited Dec 28 '18 at 19:51
123abc321bca
asked Dec 24 '18 at 23:08
123abc321bca123abc321bca
15610
asked Dec 24 '18 at 23:08
123abc321bca123abc321bca
15610
asked Dec 24 '18 at 23:08
123abc321bca123abc321bca
15610
15610
4
Please read How can I prevent SQL injection in PHP?
– digijay
Dec 24 '18 at 23:14
Have you checked for any errors returned by the database when using PHP?
– SpacePhoenix
Dec 24 '18 at 23:56
why are there 2 answers from you below?
– Funk Forty Niner
Dec 25 '18 at 15:42
2
I found out the problem myself and also gave the improved program, that's why there are 2 answers below.
– 123abc321bca
Dec 26 '18 at 10:33
add a comment |
4
Please read How can I prevent SQL injection in PHP?
– digijay
Dec 24 '18 at 23:14
Have you checked for any errors returned by the database when using PHP?
– SpacePhoenix
Dec 24 '18 at 23:56
why are there 2 answers from you below?
– Funk Forty Niner
Dec 25 '18 at 15:42
2
I found out the problem myself and also gave the improved program, that's why there are 2 answers below.
– 123abc321bca
Dec 26 '18 at 10:33
4
4
Please read How can I prevent SQL injection in PHP?
– digijay
Dec 24 '18 at 23:14
Please read How can I prevent SQL injection in PHP?
– digijay
Dec 24 '18 at 23:14
Have you checked for any errors returned by the database when using PHP?
– SpacePhoenix
Dec 24 '18 at 23:56
Have you checked for any errors returned by the database when using PHP?
– SpacePhoenix
Dec 24 '18 at 23:56
why are there 2 answers from you below?
– Funk Forty Niner
Dec 25 '18 at 15:42
why are there 2 answers from you below?
– Funk Forty Niner
Dec 25 '18 at 15:42
2
2
I found out the problem myself and also gave the improved program, that's why there are 2 answers below.
– 123abc321bca
Dec 26 '18 at 10:33
I found out the problem myself and also gave the improved program, that's why there are 2 answers below.
– 123abc321bca
Dec 26 '18 at 10:33
add a comment |
2 Answers
2
active
oldest
votes
0
I found the error:
$sql = 'UPDATE `login_D` SET `active`= 1 WHERE email="'.$email.'" and code=''.$code.''';
there were two extra backslashes on email part of the query (the backslashes were taken as text so the query was failing.
old version:
<--here-->
$sql = 'UPDATE `login_D` SET `active`= 1 WHERE email="'.$email.'" and code=''.$code.''';
answered Dec 25 '18 at 8:04
123abc321bca123abc321bca
15610
add a comment |
-1
this is the code with protection against sql injection:
<?php
session_start();
require 'db-D.php';
$email = $_GET['email'];
$code = $_GET['code'];
if ($conn->connect_errno) {
die("Connection failed: " . $conn->connect_error);
}
$sql = 'UPDATE `login_D` SET `active`= 1 WHERE email=? and code=?';
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
$_SESSION['message'] = 'invalid URL';
$_SESSION['details'] = $conn->error;
header('location: error.php');
} else {
mysqli_stmt_bind_param($stmt, "ss", $email, $code );
mysqli_stmt_execute($stmt);
$_SESSION['message'] = 'Please login to go to account';
header('location: login.php');
}
?>
answered Dec 25 '18 at 13:46
123abc321bca123abc321bca
15610
1
why are you usingreal_escape_string()and a prepared statement?
– Funk Forty Niner
Dec 25 '18 at 15:43
1
what do you mean?
– 123abc321bca
Dec 26 '18 at 10:30
2
can this not prevent sql injection?
– 123abc321bca
Dec 26 '18 at 19:18
1
The prepared statement method is better. Using bothreal_escape_string()and a prepared statement will have side effects.
– Funk Forty Niner
Dec 26 '18 at 19:19
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53918260%2fdone-mysql-query-not-working-on-php-script-but-is-working-on-phpmyadmin%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
0
I found the error:
$sql = 'UPDATE `login_D` SET `active`= 1 WHERE email="'.$email.'" and code=''.$code.''';
there were two extra backslashes on email part of the query (the backslashes were taken as text so the query was failing.
old version:
<--here-->
$sql = 'UPDATE `login_D` SET `active`= 1 WHERE email="'.$email.'" and code=''.$code.''';
answered Dec 25 '18 at 8:04
123abc321bca123abc321bca
15610
add a comment |
0
I found the error:
$sql = 'UPDATE `login_D` SET `active`= 1 WHERE email="'.$email.'" and code=''.$code.''';
there were two extra backslashes on email part of the query (the backslashes were taken as text so the query was failing.
old version:
<--here-->
$sql = 'UPDATE `login_D` SET `active`= 1 WHERE email="'.$email.'" and code=''.$code.''';
answered Dec 25 '18 at 8:04
123abc321bca123abc321bca
15610
add a comment |
0
0
0
I found the error:
$sql = 'UPDATE `login_D` SET `active`= 1 WHERE email="'.$email.'" and code=''.$code.''';
there were two extra backslashes on email part of the query (the backslashes were taken as text so the query was failing.
old version:
<--here-->
$sql = 'UPDATE `login_D` SET `active`= 1 WHERE email="'.$email.'" and code=''.$code.''';
answered Dec 25 '18 at 8:04
123abc321bca123abc321bca
15610
I found the error:
$sql = 'UPDATE `login_D` SET `active`= 1 WHERE email="'.$email.'" and code=''.$code.''';
there were two extra backslashes on email part of the query (the backslashes were taken as text so the query was failing.
old version:
<--here-->
$sql = 'UPDATE `login_D` SET `active`= 1 WHERE email="'.$email.'" and code=''.$code.''';
answered Dec 25 '18 at 8:04
123abc321bca123abc321bca
15610
answered Dec 25 '18 at 8:04
123abc321bca123abc321bca
15610
answered Dec 25 '18 at 8:04
123abc321bca123abc321bca
15610
answered Dec 25 '18 at 8:04
123abc321bca123abc321bca
15610
15610
add a comment |
add a comment |
-1
this is the code with protection against sql injection:
<?php
session_start();
require 'db-D.php';
$email = $_GET['email'];
$code = $_GET['code'];
if ($conn->connect_errno) {
die("Connection failed: " . $conn->connect_error);
}
$sql = 'UPDATE `login_D` SET `active`= 1 WHERE email=? and code=?';
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
$_SESSION['message'] = 'invalid URL';
$_SESSION['details'] = $conn->error;
header('location: error.php');
} else {
mysqli_stmt_bind_param($stmt, "ss", $email, $code );
mysqli_stmt_execute($stmt);
$_SESSION['message'] = 'Please login to go to account';
header('location: login.php');
}
?>
answered Dec 25 '18 at 13:46
123abc321bca123abc321bca
15610
1
why are you usingreal_escape_string()and a prepared statement?
– Funk Forty Niner
Dec 25 '18 at 15:43
1
what do you mean?
– 123abc321bca
Dec 26 '18 at 10:30
2
can this not prevent sql injection?
– 123abc321bca
Dec 26 '18 at 19:18
1
The prepared statement method is better. Using bothreal_escape_string()and a prepared statement will have side effects.
– Funk Forty Niner
Dec 26 '18 at 19:19
add a comment |
-1
this is the code with protection against sql injection:
<?php
session_start();
require 'db-D.php';
$email = $_GET['email'];
$code = $_GET['code'];
if ($conn->connect_errno) {
die("Connection failed: " . $conn->connect_error);
}
$sql = 'UPDATE `login_D` SET `active`= 1 WHERE email=? and code=?';
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
$_SESSION['message'] = 'invalid URL';
$_SESSION['details'] = $conn->error;
header('location: error.php');
} else {
mysqli_stmt_bind_param($stmt, "ss", $email, $code );
mysqli_stmt_execute($stmt);
$_SESSION['message'] = 'Please login to go to account';
header('location: login.php');
}
?>
answered Dec 25 '18 at 13:46
123abc321bca123abc321bca
15610
1
why are you usingreal_escape_string()and a prepared statement?
– Funk Forty Niner
Dec 25 '18 at 15:43
1
what do you mean?
– 123abc321bca
Dec 26 '18 at 10:30
2
can this not prevent sql injection?
– 123abc321bca
Dec 26 '18 at 19:18
1
The prepared statement method is better. Using bothreal_escape_string()and a prepared statement will have side effects.
– Funk Forty Niner
Dec 26 '18 at 19:19
add a comment |
-1
-1
-1
this is the code with protection against sql injection:
<?php
session_start();
require 'db-D.php';
$email = $_GET['email'];
$code = $_GET['code'];
if ($conn->connect_errno) {
die("Connection failed: " . $conn->connect_error);
}
$sql = 'UPDATE `login_D` SET `active`= 1 WHERE email=? and code=?';
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
$_SESSION['message'] = 'invalid URL';
$_SESSION['details'] = $conn->error;
header('location: error.php');
} else {
mysqli_stmt_bind_param($stmt, "ss", $email, $code );
mysqli_stmt_execute($stmt);
$_SESSION['message'] = 'Please login to go to account';
header('location: login.php');
}
?>
answered Dec 25 '18 at 13:46
123abc321bca123abc321bca
15610
this is the code with protection against sql injection:
<?php
session_start();
require 'db-D.php';
$email = $_GET['email'];
$code = $_GET['code'];
if ($conn->connect_errno) {
die("Connection failed: " . $conn->connect_error);
}
$sql = 'UPDATE `login_D` SET `active`= 1 WHERE email=? and code=?';
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
$_SESSION['message'] = 'invalid URL';
$_SESSION['details'] = $conn->error;
header('location: error.php');
} else {
mysqli_stmt_bind_param($stmt, "ss", $email, $code );
mysqli_stmt_execute($stmt);
$_SESSION['message'] = 'Please login to go to account';
header('location: login.php');
}
?>
answered Dec 25 '18 at 13:46
123abc321bca123abc321bca
15610
edited Dec 28 '18 at 7:18
answered Dec 25 '18 at 13:46
123abc321bca123abc321bca
15610
answered Dec 25 '18 at 13:46
123abc321bca123abc321bca
15610
answered Dec 25 '18 at 13:46
123abc321bca123abc321bca
15610
15610
1
why are you usingreal_escape_string()and a prepared statement?
– Funk Forty Niner
Dec 25 '18 at 15:43
1
what do you mean?
– 123abc321bca
Dec 26 '18 at 10:30
2
can this not prevent sql injection?
– 123abc321bca
Dec 26 '18 at 19:18
1
The prepared statement method is better. Using bothreal_escape_string()and a prepared statement will have side effects.
– Funk Forty Niner
Dec 26 '18 at 19:19
add a comment |
1
why are you usingreal_escape_string()and a prepared statement?
– Funk Forty Niner
Dec 25 '18 at 15:43
1
what do you mean?
– 123abc321bca
Dec 26 '18 at 10:30
2
can this not prevent sql injection?
– 123abc321bca
Dec 26 '18 at 19:18
1
The prepared statement method is better. Using bothreal_escape_string()and a prepared statement will have side effects.
– Funk Forty Niner
Dec 26 '18 at 19:19
1
1
why are you using
real_escape_string() and a prepared statement?– Funk Forty Niner
Dec 25 '18 at 15:43
why are you using
real_escape_string() and a prepared statement?– Funk Forty Niner
Dec 25 '18 at 15:43
1
1
what do you mean?
– 123abc321bca
Dec 26 '18 at 10:30
what do you mean?
– 123abc321bca
Dec 26 '18 at 10:30
2
2
can this not prevent sql injection?
– 123abc321bca
Dec 26 '18 at 19:18
can this not prevent sql injection?
– 123abc321bca
Dec 26 '18 at 19:18
1
1
The prepared statement method is better. Using both
real_escape_string() and a prepared statement will have side effects.– Funk Forty Niner
Dec 26 '18 at 19:19
The prepared statement method is better. Using both
real_escape_string() and a prepared statement will have side effects.– Funk Forty Niner
Dec 26 '18 at 19:19
add a comment |
draft saved
draft discarded
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53918260%2fdone-mysql-query-not-working-on-php-script-but-is-working-on-phpmyadmin%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
4
Please read How can I prevent SQL injection in PHP?
– digijay
Dec 24 '18 at 23:14
Have you checked for any errors returned by the database when using PHP?
– SpacePhoenix
Dec 24 '18 at 23:56
why are there 2 answers from you below?
– Funk Forty Niner
Dec 25 '18 at 15:42
2
I found out the problem myself and also gave the improved program, that's why there are 2 answers below.
– 123abc321bca
Dec 26 '18 at 10:33