CODEWITHSUNDEEP
phpsql
bill
bill

Reputation: 1

problem with email activation script

Anyone want to take a shot at why this email activation doesn't work? Basically, I'm sending two url query variables that store the activationkey and email as stings. I'm extracting them as a list() and using them as db queries. All the db objects are functioning fine when tested, but when I run the script from the email, it prints out the echoed statement: "the account is now active..." but when I check the database, it had not updated those things I told it to i.e. activationkey, status, and userid.

Here's the strange part: when I have just one user in the database the code performs as it should. But as soon as I try adding another user it doesn't update the new records as instructed. So my question then: why does this code only work when there's one user in the database and doesn't when there's more then one? It doesn't make any sense. Would really appreciate the help here.

include $_SERVER['DOCUMENT_ROOT']. '/video_dating/includes/Database.php';
list($queryString,$email) = explode('&', $_SERVER['QUERY_STRING']);

print_r($email);
$dbname = new Database();
$dbname->Query('select activationkey, id, email from users');
$userinfo = $dbname->Getdata();
foreach ($userinfo as $users)
{

    if ($queryString == $users['activationkey'])
    {
    $dbname->Query("update users set activationkey='', status='activated', userid='1' where email='$email'");
    echo "Thank you for registering. Your account is now active. Please login any time.";

   }
   else 
      echo "Sorry, your account was not activated.";
}

Upvotes: 0

Views: 311

Answers (2)

GWW
GWW

Reputation: 44131

I don't know the structure of your database but I assume userid is an auto increment key. I am guessing the problem is userid='1' this part of your code where you always assume the user's id is 1.

You could also simplify your code quite a bit by just querying for the activation key directly.

ie. 

$dbname->Query('select activationkey, id, email from users WHERE activationkey="'.$queryString.'" and email = "'.$email.'"');

Furthermore, you should really make sure you are escaping your queryString and email to prevent database injection attacks. You could use mysql_real_escape_string or the alternative based on your database class.

Upvotes: 2

Dr.Molle
Dr.Molle

Reputation: 117354

Can it be that the field userid is defined as key? If yes, it should be unique, but you always set it to 1

Try removing that part from the UPDATE:

, userid='1'

Upvotes: 0

Related Questions