1

So I am just doing a simple email verification for testing/learning purposes, however I cannot figure out what is wrong. Here is the problem:

The query works.. it updates the field in my table, but it should only do so if it active=0. So basically, it still echo's "success" even if active=1, which it should not be able to query, because its only supposed to grab WHERE active=0 ... this make sense? Here take a look

<?php 
$connection = new mysqli('localhost', 'user', 'pass', 'db');
if (mysqli_connect_errno()) {
    printf("Can't connect to MySQL Server. Errorcode: %s\n",
        mysqli_connect_error());
    exit;
}

$email      = $_GET['email'];
$activation = $_GET['hash'];

$query = $connection->query("UPDATE users SET active = '1' WHERE
    email='".$email."' AND activationCode='".$activation."' AND active='0'");

if ($query){
    echo "success";
} else {
    echo "fail";
}

$connection->close();
?>
Improve this question
3
  • im not sure what the question is... Commented Mar 25, 2011 at 19:55
  • that is a valid sql statement, it will always return true Commented Mar 25, 2011 at 19:56
  • Oh, I guess I was under the assumption that it was true only if it found a result. How would I do that? Commented Mar 25, 2011 at 19:59

1 Answer 1

Reset to default
3

The query returns true because the query was executed just fine, even if it didn't affect any rows. It only returns false if the query is invalid. You should look into retrieving the number of affected rows. (mysql_num_rows($query) for example.)

Also, you should use mysql_real_escape_string($getvalue) when using values from $_GET or $_POST in your queries to prevent MySQL injection.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Thank you. Is there a mysqli equivalent to mysql_num_rows($query)?
Yes. Just call $connection->affected_rows after executing the query to get the amount of rows. See php.net/manual/en/mysqli.affected-rows.php for more info.
You're welcome. Please select this answer as accepted if you issue is solved now. : )
I gotcha bud, had to wait 58 seconds :P
Ah, alright. I didn't know that. : ) (Never actually asked a question here before. ;p)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.