update database from confirmation link email

Question

Anyone can help me pls! This code supposed to compare between the passkey from the confirmation email and the confirm_code from the database and if the two value are identical it update "verified" row from null to 1. Thank you and sorry for my english :/

//Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect to server"); 
mysql_select_db("$db_name")or die("cannot select DB");


$passkey=$_GET['passkey'];
$confirm_code=$_GET['confirm_code'];


if($confirm_code == '$passkey';){
$sql1="UPDATE $tbl_name SET verified='1' WHERE $confirm_code ='$passkey'";
echo "Confirmation code verified!!!";
}

else {
echo "Wrong Confirmation code";
}
?>

Why both confirm and passkey come from URL parameters and what is the point in comparing them? Are you planning to execute your SQL? — Bulat, Aug 19 '14 at 14:00

score 1 · Answer 1 · answered Aug 19 '14 at 13:35

1

Change if($confirm_code == '$passkey';){ to if($confirm_code == "$passkey"){

Also notice the double quotes around $passkey.

answered Aug 19 '14 at 13:35

Jigar

3,256
1
30
51

score 1 · Answer 2 · answered Aug 19 '14 at 13:39

1

Check your syntax first, maybe this is the problem here :

if($confirm_code == "$passkey"){

Are you not supposed to retrieve first the passkey from database then compare it with the one GET from URL ? Here you use GET for both of them.

answered Aug 19 '14 at 13:39

ZazOufUmI

3,212
6
37
67

score 1 · Answer 3 · answered Aug 19 '14 at 13:41

You have an incorrect SQL statement

$sql1="UPDATE $tbl_name SET verified='1' WHERE $confirm_code ='$passkey'";

That $confirm_code should be confirm_codeand should correspond to the column in your table having the stored key. So you will be simply updating the record where the passed key is equal to the stored key.

update database from confirmation link email

3 Answers3