我创建了一个小的登录结构:
如果您已将数据写入字段,则会收到确认帐户的链接。 例如confirm.php?email=a@a.com 当您访问该链接时,执行以下代码:
$sql = mysqli_connect("localhost", "name", "password");
mysqli_select_db($sql, "db");
$set_active = "UPDATE `users` SET `active` = 1 WHERE `email` = ".$_GET['email']."";
mysqli_query($sql, $set_active);
mysqli_close($sql);
但在那之后,活跃值仍然像聋人一样。
用户表: email(varchar 100)active(int 1) a@a.com 0
答案 0 :(得分:3)
使用预先准备好的声明:
$stmt = mysqli_prepare($sql, "UPDATE `users` SET `active` = 1 WHERE `email` = ?") or die(mysqli_error($sql));
mysqli_bind_param($stmt, "s", $_GET['email']);
mysqli_stmt_execute($stmt) or die(mysqli_error($sql));
答案 1 :(得分:1)
$set_active = "UPDATE `users` SET `active` = 1 WHERE `email` = '".$_GET['email']."'";
您在电子邮件中遗漏了'。所以查询错了。检查一下:
echo("UPDATE `users` SET `active` = 1 WHERE `email` = ".$_GET['email']."");
这会给你一个错误。
答案 2 :(得分:0)
用双引号评估事物但不用单引号评估
更改
set_active = "UPDATE `users` SET `active` = 1 WHERE `email` = ".$_GET['email']."";
到
set_active = "UPDATE `users` SET `active` = 1 WHERE `email` = '".$_GET['email']."'";