| this is just a bit more secure... but you should test ur posts anyway
<?php
$user_name="root";
$password="nbuser";
$database="Meet_A_Geek";
$server="localhost";
mysql_connect($server,$user_name,$password) or die("cannot connect");
mysql_select_db($database) or die("cannot select DB");
$mypin=$_POST['pin'];
$myserialnum=$_POST['serial'];
//check to see if PIN and SERIAL number indeed exist
$sql="SELECT * FROM cardserials WHERE cardpins='" . mysql_real_escape_string($mypin) . "' AND serialnumber='" . mysql_real_escape_string($myserialnum) . "'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
//if ppin and SERIAL exist,check to see if it has been used by another person.
if($count==1)
{
$myresult=mysql_query("SELECT * FROM usepins WHERE card_pin='" . mysql_real_escape_string($mypin) . "' AND serial_no='" . mysql_real_escape_string($myserialnum) . "'";
$finite=mysql_num_rows($myresult);
//if it has been used,notify user
if ($finite==1)
{
echo "Card has been used";
}
else
{
mysql_query("INSERT INTO usepins (card_pin,serial_no) VALUES('" . mysql_real_escape_string($mypin) . "','" . mysql_real_escape_string($myserialnum) . "')");
}
}
else
{
echo "check your details";
}
?> |