CODEWITHSUNDEEP
phpmysqlvalidationpost
Zac Brown
Zac Brown

Reputation: 6063

Posting variable returns invalid

I am using a simple PHP script for the activation part of one of my applications. The applications posts one variable to the page (http://validate.zbrowntechnology.info/WebLock.php?method=validate). The variable is the serial number, posted as 'Serial'. Each time I post to this page, it returns Invalid. Here is the code:

<?php

$serial = $_POST['Serial'];
$method = $_GET['method'];

$con = mysql_connect("HOSTHERE", "USERHERE", "PASSHERE");
if(!$con) {
  die('Unable to connect to MySQL:  ' . mysql_error());
}


if($method == "validate") {

  mysql_select_db("zach_WebLock", $con);

  $query = "SELECT Key, Status FROM Validation WHERE Key='".mysql_real_escape_string($serial)."'";
  $result = mysql_query($query);
  if(mysql_num_rows($result) > 0) {
    echo "Valid";
  } else {
    echo "Invalid";
  }
} else {
  echo "Unkown Method";
}
?>

Here Is The Error From PHP,

PHP Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given

Upvotes: 0

Views: 114

Answers (6)

gregjor
gregjor

Reputation: 22912

Right after the query use mysql_error() to see what happened. And Key is a bad choice for a column name because it's a reserved word in SQL. You can enclose it in `` to tell MySQL it's an identifier. Do some more debugging like this:

...
if (!mysql_select_db("zach_WebLock", $con)) die('mysql_select_db failed');

$query = "SELECT `Key`, Status FROM Validation WHERE `Key`='".mysql_real_escape_string($serial)."'";
print "query=$query<br>\n";
$result = mysql_query($query, $con);
print "error=" . mysql_error($con);
...

Upvotes: 3

Winis
Winis

Reputation: 23

Try echoing $serial:

echo $serial;

And is it what you typed in form?

Upvotes: 0

Brad Mace
Brad Mace

Reputation: 27886

You're missing a closing parenthesis on this line:

if(mysql_num_rows($result) > 0 {

Is that missing in your code or just your question?

You may also want to add

if (!$result) {
    print mysql_error();
}

after your query

Upvotes: 1

codaddict
codaddict

Reputation: 454950

It could be a typo but you are missing a closing parenthesis here:

if(mysql_num_rows($result) > 0 {
                              ^

And you might have turned off you error reporting, in which case you get a blank page.

Upvotes: 0

cambraca
cambraca

Reputation: 27839

What happens if at the last line you add this?

else echo 'Unknown method';

What may be happening is that $_POST and $_GET are not getting populated, this is a setting in php.ini, if I remember correctly (search for "superglobals" in the php docs).

edit: also, you have a very bad security risk there, google "sql injection". Basically the problem is that you could get any SQL directly into your database, and if the php user has enough permissions it could mean that anyone can, for example, delete all the data from your Validation table. You should at least do something like this:

$query = "SELECT Key, Status FROM Validation WHERE Key='".addslashes($serial)."'";

Upvotes: 0

svk
svk

Reputation: 4553

Try Like This
$query = "SELECT Key, Status FROM Validation WHERE Key='".$serial."'";

Upvotes: 0

Related Questions