Question

所以建立了连接，这是代码。我想要做的是从url获取两个var并将它们保存为var。我收到一个错误，PHP无法正常工作，我知道网址中的信息是正确的，并与数据库匹配。错误是“网址无效或您已激活帐户”。如果没有匹配，这就是php返回的内容，所以我猜测断开连接是在url和var设置之间。代码：

if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) &&     !empty($_GET['hash'])){  
// Verify data  
$email = mysql_escape_string($_GET['email']); // Set email variable  
$hash = mysql_escape_string($_GET['hash']); // Set hash variable  

$search = mysql_query("SELECT email, hash, active FROM users WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysql_error());  
$match  = mysql_num_rows($search);  

if($match > 0){  
    // We have a match, activate the account  
    mysql_query("UPDATE users SET active='1' WHERE email='".$email."' AND hash='".$hash."' AND active='0'") or die(mysql_error());  
    echo '<div class="statusmsg">Your account has been activated, you can now login</div>';  
}else{  
    // No match -> invalid url or account has already been activated.  
    echo '<div class="statusmsg">The url is either invalid or you already have activated your account.</div>';  
}  

}else{  
// Invalid approach  
echo '<div class="statusmsg">Invalid approach, please use the link that has been send to your email.</div>';  
}  
?>

URL：

http://www.aliahealthcare.com/verify.php?email=＆安培 'me@email.com。 ';散列='。67f7fb873eaf29526a11a9b7ac33bfac'

Answer 1

看起来PHP很可靠，所以我认为这不是你的问题。我忍不住注意到，虽然你在网址中有几个'.'。我想你需要摆脱它们：

http://www.aliahealthcare.com/verify.php?email=me@email.com&hash=67f7fb873eaf29526a11a9b7ac33bfac

可以肯定的是，在使用mysql_real_escape_string之前，请尝试回显电子邮件和哈希值。我打赌代码很好，但我怀疑输入。

Answer 2

代码看起来很好

我会尝试这样做

$sql = "SELECT email, hash, active FROM users WHERE email='".$email."' AND hash='".$hash."' AND active='0'";

echo $sql;

$search = mysql_query($sql);

检查echo的sql看起来没问题，并尝试在phpmyadmin或cmdline中运行它以确认这些参数确实存在行

PHP-使用mysql从url检查获取var

2 个答案: