dongyi3776 2014-12-16 05:44
浏览 48
已采纳

验证确认密钥的问题

I am having trouble on validating link for confirmation email. I can send users a confirmation link from my database as an HTML email like this

$msg = "
<a href=\"http://asite.ca/assets/functions/confirmation.php?key=$permissionCode\"  target=\"_blank\">Click To Confirm</a>
";

the $permissionCode is generating like this

$permissionCode = substr(md5(rand(1000, 9999999)), 0, 12);

which I inserted in confirm_code field.

and in my confirmation.php I have

$key    = $_Get["key"];
$sql = "SELECT * FROM `contact_request` WHERE `confirm_code` = $key";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "We Will Contact You Soon";

} else {
    echo "0 results";
}

but I am getting the 0 results while the same code of the link is in the database when users click the confirmation link in their email! can you please let me know why this is happening?

Thanks

  • 写回答

1条回答 默认 最新

  • dsf12313 2014-12-16 05:57
    关注

    wrap your $key with single quote in query

    $sql = "SELECT * FROM `contact_request` WHERE `confirm_code` = '$key'";

    As requested in comment, See the explanation.....

    Case 1 :

    $key =substr(md5(rand(1000, 9999999)), 0, 12);
$sql = 'SELECT * FROM `contact_request` WHERE `confirm_code` = $key';
echo $sql;

    output is 

    SELECT * FROM `contact_request` WHERE `confirm_code` = $key

    Here if you see single quote does not look for a variable. Whatever is there inside ' ' is considered as a string and returned as such.

    Case 2:

    $key =substr(md5(rand(1000, 9999999)), 0, 12);
$sql = "SELECT * FROM `contact_request` WHERE `confirm_code` = $key";
echo $sql;

    Output is 

    SELECT * FROM `contact_request` WHERE `confirm_code` = dcd9c750bab0

    Here Since the query is inside double quotes, That variable is read. but considered as int.

    Case 3:

    $key =substr(md5(rand(1000, 9999999)), 0, 12);
$sql = "SELECT * FROM `contact_request` WHERE `confirm_code` = '$key'";
echo $sql;

    Output is 

    SELECT * FROM `contact_request` WHERE `confirm_code` = 'fd7c159e29c6'

    Here Since the query is inside double quotes, That variable is read. but considered as string as it is encapsulated with single quotes.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 BP神经网络控制倒立摆
  • ¥20 要这个数学建模编程的代码 并且能完整允许出来结果 完整的过程和数据的结果
  • ¥15 html5+css和javascript有人可以帮吗?图片要怎么插入代码里面啊
  • ¥30 Unity接入微信SDK 无法开启摄像头
  • ¥20 有偿 写代码 要用特定的软件anaconda 里的jvpyter 用python3写
  • ¥20 cad图纸,chx-3六轴码垛机器人
  • ¥15 移动摄像头专网需要解vlan
  • ¥20 access多表提取相同字段数据并合并
  • ¥20 基于MSP430f5529的MPU6050驱动,求出欧拉角
  • ¥20 Java-Oj-桌布的计算