需要检查MySql表中是否存在EMAIL_ADDRESS和ACTIVATION_CODE,如果是,则返回"Code is valid",否则"Code is NOT valid"。
目前它总是返回无效的代码,但是我已经检查了表中的记录,并且查询的代码确实存在。
$email = $_POST['email'];
$acticode = $_POST['code'];
$result = mysql_query("SELECT * FROM xActivate WHERE EMAIL_ADDRESS='$email' AND ACTIVATION_CODE='$acticode' LIMIT 1");
if (mysql_fetch_row($result)) {
echo 'Code is valid';
} else {
echo 'Code is NOT valid';
}
答案 0 :(得分:3)
但是这段代码不安全:
$email = $_POST['email'];
$acticode = $_POST['code'];
$result = mysql_query("SELECT * FROM xActivate WHERE EMAIL_ADDRESS='$email' AND ACTIVATION_CODE='$acticode' LIMIT 1");
$data = mysql_fetch_row($result);
if (mysql_num_rows($result) > 0) {
echo 'Code is valid';
} else {
echo 'Code is NOT valid';
}
保护和阻止SQL注入:
$email = mysql_real_escape_string($_POST['email']);
$acticode = mysql_real_escape_string($_POST['code']);
请注意:
http://ca1.php.net/mysql_real_escape_string
警告
自PHP 5.5.0起,此扩展程序已弃用,将来将被删除。相反,MySQLi或PDO_MySQL扩展应该是 用过的。另请参阅MySQL:选择API指南和相关常见问题解答以获取更多信息 信息。该功能的替代方案包括:
mysqli_real_escape_string() PDO::quote()