TheDoonker
TheDoonker

Reputation: 9

PHP MySql - Check if value exists

Need to check if both the EMAIL_ADDRESS and ACTIVATION_CODE exist within a MySql Table, if so return "Code is valid",else "Code is NOT valid".

At present it's always returning code not valid, however I've checked the record in the table and the queried code does exist.

$email = $_POST['email'];
$acticode = $_POST['code'];


$result = mysql_query("SELECT * FROM xActivate WHERE EMAIL_ADDRESS='$email' AND ACTIVATION_CODE='$acticode' LIMIT 1");

 if (mysql_fetch_row($result)) {
    echo 'Code is valid';
} else {
    echo 'Code is NOT valid';
}

Upvotes: 0

Views: 216

Answers (1)

CMPS
CMPS

Reputation: 7769

But this code is not secure:

$email = $_POST['email'];
$acticode = $_POST['code'];


$result = mysql_query("SELECT * FROM xActivate WHERE EMAIL_ADDRESS='$email' AND ACTIVATION_CODE='$acticode' LIMIT 1");
$data = mysql_fetch_row($result);
 if (mysql_num_rows($result) > 0) {
    echo 'Code is valid';
} else {
    echo 'Code is NOT valid';
}

To secure and prevent SQL Injection:

$email = mysql_real_escape_string($_POST['email']);
$acticode = mysql_real_escape_string($_POST['code']);

Please note:

https://www.php.net/mysql_real_escape_string

Warning

This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:

    mysqli_real_escape_string()
    PDO::quote()

Upvotes: 3

Related Questions