我試圖讓我的電子郵件驗證工作。一切工作儘可能發送電子郵件與哈希鏈接進行確認,但一旦它進入下面的verify.php鏈接它不會更新我的數據庫活動行從0到1.任何建議?確認電子郵件驗證
if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['email_hash']) && !empty($_GET['email_hash'])){
// Verify data
$search = "SELECT email, email_hash, active FROM users WHERE email='".$email."' AND hash='".$email_hash."' AND active='0'";
$match = $database->num_rows($query);
if($match > 0){
//Fields and values to update
$update = array(
'active' => 1
);
//Add the WHERE clauses
$where_clause = array(
'email' => '$email',
'email_hash' => '$email_hash',
'active' => '1'
);
$updated = $database->update('users', $update, $where_clause, 1);
if($updated)
{
echo '<p>Your account has been activated, you can now login</p>';
}
}
}else{
echo '<p>Your account is already activated</p>';
}
我認爲這個代碼將工作,但它是一個非常糟糕的主意在SQL語句使用$ GET/POST $ cariables:https://www.owasp.org/index。 php/SQL_Injection_Prevention_Cheat_Sheet –