PHP simple activation Form MYSQL

Question

I've tweaked and broke this a million times already today! I'm basically trying to check the database for the username and activation, if user is activated show congratulations message if user is a user but there not activated show activate message if they isn't a record matching user then display invalid message. Any help on re-coding and correcting my errors would be much appreciated, I feel like I'm just going round and round in circles!

string(74) "UPDATE members SET Check_Activation='' WHERE Username='' AND Activation=''"


  
    
      
        Members Number
        :
        
          
        
      
      
        Activation Code
        :

This is the form

This is checking the database and displaying the result

enter image description here

Prix · Accepted Answer

There is no more support for mysql_* functions, they are officially deprecated, no longer maintained and will be removed in the future. You should update your code with PDO or MySQLi to ensure the functionality of your project in the future.

As you can see below at each step we have a verification to know if we were able to connect to the database, if the SQL query was OK, if the parameters you want to give are OK and we also take the opportunity to prevent injection with the prepared statement and we finally execute it.

Now notice how after we execute it, I verify how many rows were affected using $update->affected_rows to know if it was OK or not.

The affected rows, can return:

-1 indicating that the query returned an error
0 indicating no records were updated
and a number above 0, indicating how many rows were affected

Code:

$db_host = "*******";
$db_name = "*******";
$db_use = "*******";
$db_pass = "*******";

// Read the form values you just submitted
$username = $_POST['username'];
$activation_code = $_POST['activation_code'];

$con = mysqli_connect($db_host,$db_use,$db_pass,$db_name);
// Output an error message if it fails to connect
if($con->connect_error)
        die('Connect Error (' . mysqli_connect_errno() . ') '. mysqli_connect_error());

// Here we prepare your query and make sure it is alright
$sql = "UPDATE members SET Check_Activation = ? WHERE Username = ? AND Activation = ?";
if (!$update = $con->prepare($sql))
    die('Query failed: (' . $con->errno . ') ' . $con->error);

// Here we define the field types with 'sss' which means string, string, string
// and also set the fields values
if (!$update->bind_param('sss', $activation_code, $username, $activation_code))
    die('Binding parameters failed: (' . $update->errno . ') ' . $update->error);

// Now we finally execute the data to update it to the database
// and if it fails we will know
if (!$update->execute())
    die('Execute failed: (' . $update->errno . ') ' . $update->error);

if ($update->affected_rows > 0)
{
    echo "Congratulations. Your membership has been activated ...";
}
else
{
    echo ("You've entered an invalid username / activation code - please retry");
}
// And finally we close the connection
$update->close();
$con->close();

Note the interrogation signs on the query and the bind_param, s means string and i means integer, you can read more here.

PHP simple activation Form MYSQL

Answers (2)

Related Questions