homepage Welcome to WebmasterWorld Guest from 54.205.52.110
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Databases
Forum Library, Charter, Moderators: physics

Databases Forum

    
Mysql query
Alex_Morey




msg:4556056
 1:42 pm on Mar 18, 2013 (gmt 0)

Hi,

I need a little help. I have a site with refer function. I can see who is referer for new users (in myphp) but new refered users are not counting and thats why are not assigned to the referal.. so my refered field (in db) is showing 0 no matter how much new users are refered...
Here ir the code, may be someone can help to fix this?

if($passCheck != $key){
echo "<h2> </h2>";
} else {
$result = mysql_query("SELECT referer FROM users WHERE userId = '$key'");
if(mysql_result($result, 0) != "" ){
$referer = mysql_result($result, 0);
$result = mysql_query("SELECT referer FROM users WHERE userId = '$referer'");
if(mysql_result($result, 0) != "" ){
$result2 = mysql_query("SELECT refered FROM users WHERE userId = '$referer'");
$newRefs = mysql_result($result2, 0) + 1;
mysql_query("UPDATE users SET refered = '$newRefs' WHERE userId = '$referer'");
$result3 = mysql_query("SELECT userName FROM users WHERE userId = '$key'");
$refered = mysql_result($result3, 0);
$offerTitle = "Friend Referal - $refered";
addPoints($referer,100,$offerTitle,0);
}
} else {


}


Many thanks and hope to get some advise.

 

trackchat




msg:4561348
 1:54 pm on Apr 4, 2013 (gmt 0)

Honestly, it's tricky to say without knowing a bit more about how the logic is meant to work, and how the userId column works in the database.

One separate issue that immediately jumps out, however, is that you need to, right now, change this code so that you use prepared statements for your database calls. Example using PDO (which can be used for MySQL) here: [php.net...]

Right now, by using variables directly in your SQL statements like this, you're vulnerable to SQL injection, which could cause all manner of issues for you.

gingir




msg:4574938
 12:20 pm on May 17, 2013 (gmt 0)

Prepared statements do help against injections however a proper input sanitation is still enough against them.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Databases
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved