[RESOLVED] confrim link errors

@UAL225Jul 15.2009

Hello gentlemen once again i have a slight issue, I got my script to automatically send me an e-mail with a confirmation link, but when it goes to confirm that account I get this error:

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home2/chicagt7/public_html/confirm.php on line 11

and here is my script:

[CODE]<?php //opens a connection to the MYSQUL require (“dbconnect.php”); $confirmId = $_GET[‘c’];

$errorMessage = “”; $validCount = 0;

$query = “SELECT confirmed FROM `users` WHERE confirmationCode=’$confirmId'”; $result = mysql_query($query); $validCount = mysql_num_rows($result);

if($result[‘confirmed’] == 1) $errorMessage .= “You have already confirmed this account.<br/>”; if($validCount == 0) $errorMessage .= “You are trying to confirm an invalid account.<br/>”;

if(empty($errorMessage)) { $query = “UPDATE `users` SET confirmed = 1 WHERE confirmationCode=’$confirmId'”; mysql_query($query) OR die(mysql_error());

echo ‘Your account has been confirmed!’; } else { echo $errorMessage; } ?> [/CODE]

any help would be appreciated!

to post a comment

PHP

10 Comments(s) _↴

@MindzaiJul 15.2009 — #I can't see anything immediately wrong (aside from the usual unnecessary re-assignment of GET data and the lack of cleaning which leaves your script wide open to SQL injection). However ultimately something is going on which is causing your query to fail. Can you post the following information:

1: The final generated SQL string:

[code=php]$query = "SELECT confirmed FROM users WHERE confirmationCode='$confirmId'";
 echo $query; <-- the result of this[/code]

And also the error message mysql is returning:

[code=php]$result = mysql_query($query) or die(mysql_error());[/code]

Incidentally when you fix this error your script is still not going to work. The following is not valid:

[code=php]if($result['confirmed'] == 1)[/code]

$result is either going to be boolean false, or a resource identifier. It is not an array of data. You need to retrieve the results like so:

[code=php]$data = mysql_fetch_assoc($result);
 echo $data['confirmed'];[/code]

@UAL225authorJul 15.2009 — #1: The final generated SQL string:

[code=php]$query = "SELECT confirmed FROM users WHERE confirmationCode='$confirmId'";
 echo $query; <-- the result of this[/code]

[/QUOTE]
Here is the result from that:

SELECT confirmed FROM users WHERE confirmationCode='2G8xIA38'

and

And also the error message mysql is returning:

[code=php]$result = mysql_query($query) or die(mysql_error());[/code]
[/QUOTE]
and here is that error:

[15-Jul-2009 08:49:51] PHP Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home2/******/public_html/confirm.php on line 12

@MindzaiJul 15.2009 — #No not the PHP error, you will need to post the actual mysql_error() as indicated in the second block of code I posted.

@UAL225authorJul 15.2009 — #excuse me for asking, but where do I find the the actual mysql_error()[/QUOTE] is it in the error log?

@MindzaiJul 15.2009 — #If you edit your script to reflect the 2nd code block in my first post, then run it, it should print the error directly on the screen. If you have made the change and this is not happening, please post your full script.

@UAL225authorJul 15.2009 — #I do believe this is what you were looking for:

A fatal MySQL error occured.

Query: SELECT confirmed FROM users WHERE confirmationCode='2G8xIA38'

Error: (1054) Unknown column 'confirmed' in 'field list'

@UAL225authorJul 15.2009 — #Here is my table

ID int(11) No auto_increment KEY

fullname varchar(30) Null=No

gid varchar(25) Null=No

uname varchar(30) Null=No Index Unique

email varchar(50) Null=No Unique

birth date Null=No

pass varchar(50) Null=No

pilot varchar(10) Null=No

atc varchar(10) Null=No

Random_key varchar(32) Null=Yes Default=Null

Active varchar(11) Null=No Default=0

@UAL225authorJul 15.2009 — #Heydzai, thanks for the help, once I got that Mysql error the actual one, I figured that out, thanks for pointing me in that direction?, now I have this issue, I have no more errors, but I want it to change in the mysql table column Active which is default 0 to a 1 once a person press the link, but the column doesn't update to a 1 it just says 0 still and the script runs fully with no errors, why?

and here is my updated scripting:

[code=php]<?php
 //opens a connection to the MYSQUL 
 require ("dbconnect.php");
 $confirmId = $_GET['c'];
 
 $errorMessage = "";
 $validCount = 0;
 
 $query = "SELECT Active FROM users WHERE Random_key='$confirmId'";
 $result = mysql_query($query) or die("<b>A fatal MySQL error occured</b>.n<br />Query: " . $query . "<br />nError: (" . mysql_errno() . ") " . mysql_error()); 
 $validCount = mysql_num_rows($result);
 
 if($result['Active'] == 1) $errorMessage .= "You have already confirmed this account.<br/>";
 if($validCount == 0) $errorMessage .= "You are trying to confirm an invalid account.<br/>";
 
 if(empty($errorMessage))
 { 

 $query = "UPDATE users SET Active = 1 WHERE Random_key='$Random_key'";
 mysql_query($query) OR die(mysql_error()); 
 echo 'Your account has been confirmed!';
 }
 else
 {
 echo $errorMessage;
 }
 ?>[/code]

@MindzaiJul 15.2009 — #Change this line:

[code=php]$query = "UPDATE users SET Active = 1 WHERE Random_key='$Random_key'"; [/code]

to this:

[code=php]$query = "UPDATE users SET Active = 1 WHERE Random_key='$confirmId'"; [/code]

Also now your script is working, you should sort out the SQL injection security flaw. Change this:

[code=php]$confirmId = $_GET['c']; [/code]

to this:

[code=php]$confirmId = mysql_real_escape_string($_GET['c']);[/code]

However don't just make this change without understanding why you are making it. Be sure to read up on SQL injection because it is, by a large margin, the most common error made by PHP programmers, and it has the potential to bring your entire site down and give access to anything in your database to anyone.

Finally make sure you remove the "or die(mysql_error())" sections from the code before you go live. Don't give any error information away unnecessarily as it can help attackers. You should replace it with some actual error handling, even if that just involves testing the result of mysql_query() and acting accordingly.

@UAL225authorJul 15.2009 — #Thanks so much for your help, I will be sure to read up on SQL injection, I got my handy dandy PHP and Mysql book with me and I will be sure to read it while flying!!! Thanks so much again!

Also in #PHP _↴

sendmail_from has no value?echoing the name of the 'key' in a 'foreach' loop [RESOLVED] Request Variable for MySQL Limit Request

Success!

Help @UAL225 spread the word by sharing this article on Twitter...

Tweet This

[RESOLVED] confrim link errors

10 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

[RESOLVED] confrim link errors

10 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

10 Comments(s) _↴

Also in #PHP _↴