TheDoonker
Reputation: 9
PHP MySql - Check if value exists
Need to check if both the EMAIL_ADDRESS and ACTIVATION_CODE exist within a MySql Table, if so return "Code is valid",else "Code is NOT valid".
At present it's always returning code not valid, however I've checked the record in the table and the queried code does exist.
$email = $_POST['email'];
$acticode = $_POST['code'];
$result = mysql_query("SELECT * FROM xActivate WHERE EMAIL_ADDRESS='$email' AND ACTIVATION_CODE='$acticode' LIMIT 1");
if (mysql_fetch_row($result)) {
echo 'Code is valid';
} else {
echo 'Code is NOT valid';
}
Upvotes: 0
Views: 216
Answers (1)
CMPS
Reputation: 7769
But this code is not secure:
$email = $_POST['email'];
$acticode = $_POST['code'];
$result = mysql_query("SELECT * FROM xActivate WHERE EMAIL_ADDRESS='$email' AND ACTIVATION_CODE='$acticode' LIMIT 1");
$data = mysql_fetch_row($result);
if (mysql_num_rows($result) > 0) {
echo 'Code is valid';
} else {
echo 'Code is NOT valid';
}
To secure and prevent SQL Injection:
$email = mysql_real_escape_string($_POST['email']);
$acticode = mysql_real_escape_string($_POST['code']);
Please note:
https://www.php.net/mysql_real_escape_string
Warning
This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:
mysqli_real_escape_string() PDO::quote()
Upvotes: 3
Related Questions
- check if a value exists in my database table
- Check if value exist in Mysql Database on PHP
- Check if value exists in database?
- Check if a value exists in MySQL with php
- PHP check if value exists
- MySQL: detect if values exists in DB
- Mysql query and find if value exist
- How to check if value exists in MySQL Database in PHP?
- Check if value exist in mysql
- Check if a value exists in a column in mysql table