| 
15th May 2009, 11:47 AM
|
#1 (permalink)
| | Registered User
Join Date: Jul 2007
Posts: 12
| What is wrong with this PHP code?
Hello guys, can someone tell me what is wrong about this code? I'm a complete novice learning php.... thanks PHP Code:
O!
<?php
$user_name="root";
$password="nbuser";
$database="Meet_A_Geek";
$server="localhost";
mysql_connect("$server","$user_name","$password") or die("cannot connect");
mysql_select_db("$database") or die("cannot select DB");
$mypin=$_POST['pin'];
$myserialnum=$_POST['serial'];
//check to see if PIN and SERIAL number indeed exist
$sql="SELECT*FROM cardserials WHERE cardpins='$mypin' AND serialnumber='$myserialnum'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
//if ppin and SERIAL exist,check to see if it has been used by another person.
if(count==1){
$myresult=mysql_query("SELECT*FROM usepins WHERE card_pin='$mypin' AND serial_no='myserialnum'";
$finite=mysql_num_rows($myresult);
//if it has been used,notify user
if($finite==1){
echo"Card has been used";
}else{
mysql_query("INSERT INTO usepins (card_pin,serial_no) VALUES('$mypin','$myserialnum')");
}
}else{
echo"check your details";
}
?> | 
|  | |
15th May 2009, 12:27 PM
|
#2 (permalink)
| | Senile Member
Join Date: Mar 2005
Posts: 1,227
| $server="127.0.0.1";
__________________
An old dog learning new tricks
| |
| | |
15th May 2009, 12:29 PM
|
#3 (permalink)
| | Senile Member
Join Date: Mar 2005
Posts: 1,227
| if($count==1){
__________________
An old dog learning new tricks
| |
| | |
29th May 2009, 03:04 PM
|
#4 (permalink)
| | Registered User
Join Date: Jul 2008
Posts: 14
| Code: <?php
$user_name="root";
$password="nbuser";
$database="Meet_A_Geek";
$server="127.0.0.1";
$link=mysql_connect($server,$user_name,$password) or die("cannot connect");
mysql_select_db($database, $link) or die("cannot select DB");
$mypin=$_POST['pin'];
$myserialnum=$_POST['serial'];
//check to see if PIN and SERIAL number indeed exist
$sql="SELECT * FROM cardserials WHERE cardpins='".$mypin."' AND serialnumber='".$myserialnum."'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
//if ppin and SERIAL exist,check to see if it has been used by another person.
if(count==1){
$myresult=mysql_query("SELECT*FROM usepins WHERE card_pin='".$mypin."' AND serial_no='".$myserialnum."'");
$finite=mysql_num_rows($myresult);
//if it has been used,notify user
if($finite==1){
echo"Card has been used";
}else{
mysql_query("INSERT INTO usepins (card_pin,serial_no) VALUES('".$mypin."','".$myserialnum."')");
}
} else {
echo("check your details");
}
?> But I only had a quick run through 
Last edited by Paul_C : 29th May 2009 at 03:09 PM.
| |
| | |
29th May 2009, 03:18 PM
|
#5 (permalink)
| | Registered User
Join Date: Jul 2008
Posts: 14
| As a side note to this - I would highly recommend a look at CodeIgniter if you're looking at developing PHP applications. There are a couple of tutorials available that should get you started, and the user guide is excellent; note that you'll still have to learn the basics of PHP - but it will make it a LOT easier to get functional apps up and running quickly, and will be a useful tool to have in your arsenal 
Paul | |
| | |
12th June 2009, 04:46 AM
|
#6 (permalink)
| | Registered User
Join Date: Jun 2009
Posts: 1
| this is right code
<?php
$user_name="root";
$password="nbuser";
$database="Meet_A_Geek";
$server="localhost";
mysql_connect("$server","$user_name","$password") or die("cannot connect");
mysql_select_db("$database") or die("cannot select DB");
$mypin=$_POST['pin'];
$myserialnum=$_POST['serial'];
//check to see if PIN and SERIAL number indeed exist
$sql="SELECT * FROM cardserials WHERE cardpins='$mypin' AND serialnumber='$myserialnum'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
//if ppin and SERIAL exist,check to see if it has been used by another person.
if($count==1){
$myresult=mysql_query("SELECT * FROM usepins WHERE card_pin='$mypin' AND serial_no='myserialnum'";
$finite=mysql_num_rows($myresult);
//if it has been used,notify user
if($finite==1){
echo"Card has been used";
}else{
mysql_query("INSERT INTO usepins (card_pin,serial_no) VALUES('$mypin','$myserialnum')");
}
}else{
echo"check your details";
}
?> | |
| | |
3rd July 2009, 03:33 AM
|
#7 (permalink)
| | Registered User
Join Date: Feb 2008
Posts: 5
| this is just a bit more secure... but you should test ur posts anyway
<?php
$user_name="root";
$password="nbuser";
$database="Meet_A_Geek";
$server="localhost";
mysql_connect($server,$user_name,$password) or die("cannot connect");
mysql_select_db($database) or die("cannot select DB");
$mypin=$_POST['pin'];
$myserialnum=$_POST['serial'];
//check to see if PIN and SERIAL number indeed exist
$sql="SELECT * FROM cardserials WHERE cardpins='" . mysql_real_escape_string($mypin) . "' AND serialnumber='" . mysql_real_escape_string($myserialnum) . "'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
//if ppin and SERIAL exist,check to see if it has been used by another person.
if($count==1)
{
$myresult=mysql_query("SELECT * FROM usepins WHERE card_pin='" . mysql_real_escape_string($mypin) . "' AND serial_no='" . mysql_real_escape_string($myserialnum) . "'";
$finite=mysql_num_rows($myresult);
//if it has been used,notify user
if ($finite==1)
{
echo "Card has been used";
}
else
{
mysql_query("INSERT INTO usepins (card_pin,serial_no) VALUES('" . mysql_real_escape_string($mypin) . "','" . mysql_real_escape_string($myserialnum) . "')");
}
}
else
{
echo "check your details";
}
?> | |
| | |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | | | | Thread Tools | | | | Display Modes | Rate This Thread |  Linear Mode | | 
Posting Rules
| You may not post new threads You may not post replies You may not post attachments You may not edit your posts
HTML code is Off | | | | |
