Update mysql

Anon

I have written a registration script which generates a random number for verification. the script will send an e-mail with the random number pointing to a url e.g. http://URL/verification.php?random_number=123456789
now i want with verification.php to access the random number's user and update it by inserting the username.Anyone got any ideas how to do this?

My script looks like this:

<body>
<?php
$db = mysql_connect("localhost","username","password");
mysql_select_db("official",$db);
if ($random_number) {
// query the DB
$sql = "SELECT * FROM visitors WHERE random_number=$random_number";
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
UPDATE visitors SET username='$myrow["Email_Address"]' WHERE random_number='$myrow["random_number"]';
}
?>
Username:<?php echo $myrow["Email_Address"]?>
<br><br>Your account has been enabled. Please login <a href=http://URL/auth1.php>here</a>.
</form>
</body>

sepodati

Put your update command in a mysql_query() and it'll help...and use $random_number instead of $myrow["random_number"] since they are the same. You need to check if a row is returned from your first query, too. You only want to update if you find a row that matches the random number...

Also, look at uniqid() for generating unique ids like this....

---John Holmes...

brandonschnell

heres an idea, if you've got an id column and a column indicating if the account has been enabled send the verification email using the id as the random number and the email address as verification.

so the user would receive:
http://yoursite.com/verification.php?id=1002&email_address=something@someothersite.com

now on the verification script set the account to active only if both the email address and the id match.

while simple, this runs the risk of the user figuring out the scheme and testing the ids until they hit the right one.

to really use random numbers try adding a random_number column for the user, send out the random number and the email address, and verify only if the random_number and email_address column match up. (like the previous post says, random numbers can and will repeat even after seeding the random number generator.)

alanl

Also, remember that a randon number is not a unique number, so you will have problems if the same random number is used twice.

Cheers,
Alan

Anon

in the verification script the if statement at the beginning would look like this in order to check both the id and the email address?

if ($Email_Address || $id)

if (Email_Address & $id)

brandonschnell

if ($Email_Address && $id) to vefify something is there, but then use sql to be sure something is found in the database that matches with what was in the email.

Anon

Sorry to bother you again but would you think this would work? Well if i get the random number working that is but anyway....
Also was wondering if anything happens when no match is found which i guess is nothing!

Thanks again!

  <body>

  <?php

  $db = mysql_connect("localhost","user","password");

  mysql_select_db("official",$db);

  if ($Email_Address && $random_number) {

    $sql = "SELECT * FROM visistors WHERE Email_Address='$Email_Address' AND random_number='$random_number'";

    mysql_query("UPDATE visitors SET username='$Email_Address' WHERE Email_Address='$Email_Address' AND random_number='$random_number'");

}

    ?>

    Username:<?php echo $Email_Address?>

<br><br>Your account has been enabled. Please login <a href=http://URL/auth1.php>here</a>.

  </form>

  </body>

brandonschnell

take a look at:

http://www.phpbuilder.com/columns/tim20000505.php3

for a way of handling this.

if you look at your code you're doing nothing with the select so its useless here. with the update rather than setting the username, how about setting a column to say that the account is now active.

  <body>

  <?php

  $db = mysql_connect("localhost","user","password");

  mysql_select_db("official",$db);

  if ($Email_Address && $random_number) {

    $sql = "SELECT * FROM visistors WHERE Email_Address='$Email_Address' AND random_number='$random_number'";

    mysql_query("UPDATE visitors SET username='$Email_Address' WHERE Email_Address='$Email_Address' AND random_number='$random_number'");

}

    ?>

    Username:<?php echo $Email_Address?>

Your account has been enabled. Please login <a href=http://URL/auth1.php>here</a>.

  </form>

  </body>