Welcome to WebmasterWorld Guest from 54.159.190.106

Forum Moderators: open

Message Too Old, No Replies

Mysql query

   
1:42 pm on Mar 18, 2013 (gmt 0)



Hi,

I need a little help. I have a site with refer function. I can see who is referer for new users (in myphp) but new refered users are not counting and thats why are not assigned to the referal.. so my refered field (in db) is showing 0 no matter how much new users are refered...
Here ir the code, may be someone can help to fix this?

if($passCheck != $key){
echo "<h2> </h2>";
} else {
$result = mysql_query("SELECT referer FROM users WHERE userId = '$key'");
if(mysql_result($result, 0) != "" ){
$referer = mysql_result($result, 0);
$result = mysql_query("SELECT referer FROM users WHERE userId = '$referer'");
if(mysql_result($result, 0) != "" ){
$result2 = mysql_query("SELECT refered FROM users WHERE userId = '$referer'");
$newRefs = mysql_result($result2, 0) + 1;
mysql_query("UPDATE users SET refered = '$newRefs' WHERE userId = '$referer'");
$result3 = mysql_query("SELECT userName FROM users WHERE userId = '$key'");
$refered = mysql_result($result3, 0);
$offerTitle = "Friend Referal - $refered";
addPoints($referer,100,$offerTitle,0);
}
} else {


}


Many thanks and hope to get some advise.
1:54 pm on Apr 4, 2013 (gmt 0)



Honestly, it's tricky to say without knowing a bit more about how the logic is meant to work, and how the userId column works in the database.

One separate issue that immediately jumps out, however, is that you need to, right now, change this code so that you use prepared statements for your database calls. Example using PDO (which can be used for MySQL) here: [php.net...]

Right now, by using variables directly in your SQL statements like this, you're vulnerable to SQL injection, which could cause all manner of issues for you.
12:20 pm on May 17, 2013 (gmt 0)



Prepared statements do help against injections however a proper input sanitation is still enough against them.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month