unistake Posted October 15, 2010 Share Posted October 15, 2010 I can not find the problem with this script I wrote. I am trying to show a web page provided that the $_GET['reg'] is registered by the user. I am trying to check that the $_GET['reg'] is registered by the user before the page with specific details is shown. For some reason even if the email address equals the email address in the DB the output still shows: <?php echo "I am sorry but this '$_GET[reg]' does not seem to be registered by you!"; ?> Can anyone see where I am going wrong - there is more than one 'reg' for each email address in the DB. Thanks <?php $email = $_POST['email']; $sql = "SELECT reg FROM sales WHERE email='$email'"; $result = mysqli_query($cxn,$sql) or die ("Couldn't execute query"); $data = array(); //This way we can hold multiple results $i = 0; //The index of the array to add the result to while($row = mysqli_fetch_assoc($result)) { if ($row['reg'] == $_GET['reg'] ) { //Why use two if statements? $data[$i] = $row['reg']; $i++; //increase the array index for the next while loop } else { echo "I am sorry but this '$_GET[reg]' does not seem to be registered by you!"; exit(); } } // THIS IS WHERE THE PAGE CONTENT IS ...................... ?> Quote Link to comment Share on other sites More sharing options...
litebearer Posted October 15, 2010 Share Posted October 15, 2010 where are you setting the value of the $_GET['reg']? Quote Link to comment Share on other sites More sharing options...
unistake Posted October 15, 2010 Author Share Posted October 15, 2010 in the link such as www.website.com/index.php?reg=test Quote Link to comment Share on other sites More sharing options...
litebearer Posted October 15, 2010 Share Posted October 15, 2010 do a simple test of variable values... echo $_GET['reg'] . "<br>:; echo $_POST['email']; and see what values are there Quote Link to comment Share on other sites More sharing options...
unistake Posted October 15, 2010 Author Share Posted October 15, 2010 Just tested them. Both the values are exactly what they should be and are the same as in the database. I think my actual php format is somehow wrong. Quote Link to comment Share on other sites More sharing options...
litebearer Posted October 15, 2010 Share Posted October 15, 2010 Are there multiple occurences of matching email/reg in the database? ie. several records have the exact same email AND reg Quote Link to comment Share on other sites More sharing options...
unistake Posted October 15, 2010 Author Share Posted October 15, 2010 Hi Litebearer, No there are multiple 'email' but there are no rows where the 'email' and 'reg' are the exact same. I have just changed the database entries so that one 'email' is only associated with one 'reg'. This solved the problem so I think it must be to do with having two rows with the same 'email'. Any ideas? Thanks Quote Link to comment Share on other sites More sharing options...
litebearer Posted October 15, 2010 Share Posted October 15, 2010 Your logic seems to be saying... See if there is a database record where variable_email_content AND variable_reg_content are in the record If that is the case, adjust your query as follows $sql = "SELECT reg FROM sales WHERE email='$email'"; then simply count the number of rows returned by your result. if there are NO rows - say sorry if there is 1 row - you are good to go if there are more than 1 rows - houston we have a problem Quote Link to comment Share on other sites More sharing options...
unistake Posted October 15, 2010 Author Share Posted October 15, 2010 yeah that seems to be it! Do you know how houston can correct this problem, they are usually good at this sorta stuff! Quote Link to comment Share on other sites More sharing options...
litebearer Posted October 15, 2010 Share Posted October 15, 2010 Oops, left a piece out... $email = $_POST['email']; $reg = $_GET['reg']; $sql = "SELECT reg FROM sales WHERE email='$email' AND reg='$reg'"; Quote Link to comment Share on other sites More sharing options...
unistake Posted October 15, 2010 Author Share Posted October 15, 2010 That works BUT, If I type any name 'reg' as a variable into the link, it comes up with the information to do with that 'reg'. It does not stop saying echo "I am sorry but this '$_GET[reg]' does not seem to be registered by you!"; - as it should do. The code I have now is: <?php $email = $_POST['email']; $reg = $_GET['reg']; $sql = "SELECT reg FROM sales WHERE email='$email' AND reg='$reg'"; $result = mysqli_query($cxn,$sql) or die ("Couldn't execute query"); $data = array(); //This way we can hold multiple results $i = 0; //The index of the array to add the result to while($row = mysqli_fetch_assoc($result)) { if ($row['reg'] == $_GET['reg'] ) { $data[$i] = $row['reg']; $i++; //increase the array index for the next while loop } else { echo "I am sorry but this '$_GET[reg]' does not seem to be registered by you!"; exit(); } } ?> Quote Link to comment Share on other sites More sharing options...
litebearer Posted October 15, 2010 Share Posted October 15, 2010 can you post the code that sets the reg and email variables (entire code) Quote Link to comment Share on other sites More sharing options...
unistake Posted October 15, 2010 Author Share Posted October 15, 2010 The reg is just entered in the link like www.page.com/?reg=test and the $email variable is just = $_SESSION['name']; I think I may be going about this problem in a complicated way. If you can see the problem please say - I am thinking of other ways around the problem Thanks for you help. Quote Link to comment Share on other sites More sharing options...
premiso Posted October 15, 2010 Share Posted October 15, 2010 First up what is the point of checking if $row['reg'] == $_GET['reg'] ??? Of course they will be equal, MySQL would not have pulled it out any other way, so I would remove that check. Here is an updated version of your code, complete with SQL Injection prevention. <?php // Escapes the values to prevent SQL Injection, if set, else set to null $email = !empty($_POST['email']) ? mysqli_real_escape_string($cxn, $_POST['email']):null; $reg = !empty($_GET['reg']) ? mysqli_real_escape_string($cxn, $_GET['reg']):null; if (!empty($reg) && !empty($email)) { $sql = "SELECT reg FROM sales WHERE email='$email' AND reg='$reg'"; $result = mysqli_query($cxn,$sql) or die ("Couldn't execute query sales statement"); $data = array(); //This way we can hold multiple results while($row = mysqli_fetch_assoc($result)) { $data[] = $row['reg']; } }else { echo 'Sorry, Reg and Email are required to process.'; } ?> I did not read through the entire thread, but will do that now to see if that was the problem or not. EDIT The problem was with that if Statment. Chances are your MySQL database is setup to be Case Insensitive, meaning that it would match A and a as if they were equal. PHP is CaSe SeNSiTiVe on checks, thus if one character was upper case or lower case and was not that way in the database, it would fail. That would be my guess as to why your code never worked to begin with. Quote Link to comment Share on other sites More sharing options...
unistake Posted October 15, 2010 Author Share Posted October 15, 2010 Ok I have tried to put that script in but it displays a blank page. There is quite a bit there that I do not understand. will get back shortly! Quote Link to comment Share on other sites More sharing options...
premiso Posted October 15, 2010 Share Posted October 15, 2010 Ok I have tried to put that script in but it displays a blank page. There is quite a bit there that I do not understand. will get back shortly! Well yea, you have to something with the $data array to display data or else it will be blank. To save you some looking up the ? : is the ternary operator. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.