What am I missing here ???

Studio381

Hi,
I'm missing something here. I have a routine to check that a posted combination of a table index and a random value match those stored in the DB.
This was not working so I added some echo statements to check the variable values.
An example of the echo output is...

rand dsvbxdsb
code dsvbxdsb
fail
225

Where rand is the DB stored random value,
code is the posted random value,
fail is the result of the check if rand==code (looks ok to me).

The code is below (with echos added).

I must have gone blind here!!!!!

Thanks,
John.

<?php
/* Check the data from basic1check.php and store if correct
 *
 */
$birthtableID=$_POST['birthtableID'];
$code=$_POST['code'];



 include("misc.inc");

  $connection = mysql_connect($host,$user,$password)
       or die ("couldn't connect to server");
  $db = mysql_select_db($database,$connection)
       or die ("Couldn't select database");

   $codecheck="fail";

   $query = "SELECT * FROM BirthTable WHERE birthtableID = '$birthtableID'";   
   $result = mysql_query($query)
   or die ("Couldn't execute query.");
   while($row=mysql_fetch_array($result,MYSQL_ASSOC))
   {
   // read all the data
   $sender = $row['Sender']; 
   $forename = $row['Forename']; 
   $initial = $row['Initial']; 
   $surname = $row['Surname']; 
   $thisyear = $row['Thisyear']; 
   $year = $row['Year']; 
   $month = $row['Month']; 
   $day = $row['Day']; 
   $line1 = $row['Line1']; 
   $line2 = $row['Line2']; 
   $line3 = $row['Line3']; 
   $line4 = $row['Line4']; 
   $email = $row['Email']; 
   $email2 = $row['Email2'];
   $rand = $row['Random'];

    echo "rand ".$rand;echo "<br />"; //extra code during testing

   // check the code matches the random number
   if ($rand==$code){$codecheck="pass";}
   }
echo "code ".$code;              //extra code during testing
echo "<br />";                       //extra code during testing
echo $codecheck;                  //extra code during testing
echo "<br />";                       //extra code during testing
echo $birthtableID;               //extra code during testing
exit();                                    //extra code during testing

  if ($codecheck=="fail"){ header("Location: m11.php");exit();}



?>

djjjozsi

I think to the connection to the database is wrong at you,

am...

and if you know that 1 row will be the result, why do you use while to fetch that. An there is the mysql_fetch_assoc function to do that.

And the id field has an integer type, so dont handle that as a string (in mysql_query).

And get used to write the mysql_error() message, maybe it has important infos in there.

And you might check the variables comes from the user, it really comes with POST? if not , use $_GET and other url encoding functions...

lets put an if at the begin, if the data from user is emty, go back to the previos file.

byez

<?php
/* Check the data from basic1check.php and store if correct
*
*/

//include("misc.inc");
$hostname='****'; //// specify host, i.e. 'localhost'
$user='****'; //// specify username
$pass='****'; //// specify password
$dbase='****'; //// specify database name
$connection = mysql_connect("$hostname" , "$user" , "$pass")
or die ("Can't connect to MySQL");
$db = mysql_select_db($dbase , $connection) or die ("Can't select database.");

  $codecheck="fail";


$birthtableID=mysql_real_escape_string($_POST['birthtableID']);
$code=$_POST['code'];

   $query = "SELECT * FROM BirthTable WHERE birthtableID = $birthtableID";   
   $result = mysql_query($query)
   or die ("Couldn't execute query.".mysql_error());
   if(mysql_num_rows($result)>0)
   {
   		$row=mysql_fetch_assoc($result);

	   // read all the data
	   $sender = $row['Sender'];
	   $forename = $row['Forename'];
	   $initial = $row['Initial'];
	   $surname = $row['Surname'];
	   $thisyear = $row['Thisyear'];
	   $year = $row['Year'];
	   $month = $row['Month'];
	   $day = $row['Day'];
	   $line1 = $row['Line1'];
	   $line2 = $row['Line2'];
	   $line3 = $row['Line3'];
	   $line4 = $row['Line4'];
	   $email = $row['Email'];
	   $email2 = $row['Email2'];
	   $rand = $row['Random'];

		echo "rand ".$rand;
		echo "<br />"; //extra code during testing

	   // check the code matches the random number
	   if ($rand==$code)
	   {
	   $codecheck="pass";
	   }
   }

echo "code ".$code;              //extra code during testing
echo "<br />";                       //extra code during testing
echo $codecheck;                  //extra code during testing
echo "<br />";                       //extra code during testing
echo $birthtableID;               //extra code during testing
//exit();                                    //extra code during testing

  if ($codecheck=="fail")
  { 
print "The code not correct";
//  header("Location: m11.php");
  exit();
  }

?>

Studio381

If I change the POST to GET, it works.
No real idea why.
Thanks.

djjjozsi

At the forms the method could set that.

POST or GET ... GET goes to the links, POST not 🙂