StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POPHP Activating account with UPDATE SQL
primarykey
Id
14823213
data
AcceptedAnswerId
14823399
AnswerCount
4
ClosedDate
CommentCount
2
CommunityOwnedDate
CreationDate
2013-02-11T23:57:41.223
FavoriteCount
0
LastActivityDate
2013-02-12T00:24:58.293
LastEditDate
2013-02-12T00:24:58.293
LastEditorUserId
1113666
OwnerUserId
1113666
ParentId
0
PostTypeId
1
Score
0
ViewCount
183
LastEditorDisplayName
text
Body
OK I have this code to send an email account verification link <pre><code> $verifyemail = $clean['email']; $to = $verifyemail; $subject = 'Virtual Pierz Close | Verify Your Account'; $message = "Thanks for registering with VPC, on clicking the verification link below, your account will be confirmed, you can then go ahead buy Virtual Properties, donating £5 each time to the worthwhile charity. http://www.cambrianvacation.co.uk/vpc/registered.php? email='$verifyemail'&hash='$hash1' "; $headers = 'From:noreply@cambrianvacation.co.uk'; // Set from headers mail($to, $subject, $message, $headers); </code></pre> And then I have this code, that is trying to activate the account by setting active = 1 in the database, which will then be part of the access control logic at login, without active = 1, there is no login, amongst other protection <pre><code> if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash'])){ // Verify data $accountemail = $_GET['email']; $accounthash = $_GET['hash']; } $accountActive = 1; $notactive = 0; $username = ''; $password2 = ''; $username = 'xxxxxxx'; $password2 = 'xxxxxxx'; $db1 = new PDO('mysql:host=localhost;dbname=xxxxxxxxxxxxx', $username, $password2, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8")); $db1->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); $db1->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); try{ $search = $db1->prepare("SELECT email, hash, active FROM users WHERE email = :email AND hash= :hash AND active = :active"); $search->bindParam(':email', $accountemail); $search->bindParam(':hash', $accounthash); $search->bindParam(':active', $notactive); $search->execute(); $colcount = $search->columnCount(); }catch(PDOException $e) { $e->getMessage(); } print_r($colcount); if($colcount === 3){ //try{ $update = $db1->prepare("UPDATE users SET active=:active WHERE email=:email AND hash=:hash AND active = :active"); $update->bindParam(':active', $accountActive); $update->bindParam(':email', $accountemail); $update->bindParam(':hash', $accounthash); $update->bindParam(':active', $notactive); $update->execute(); //}catch(PDOException $e) { // $e->getMessage(); //} </code></pre> However I cannot get the active column to update. I've also thought about using the GET['email'] could be subject to semantic url attacks, however the logic won't activate the account without the matching hash, which is randomly generated with crypt()......... If anyone can see any security holes in the code, please tell me......... 
Tags
<php><sql><security>
Title
PHP Activating account with UPDATE SQL
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USAnt Power
UserOwnerUserId
1. USAnt Power
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
3. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. COPlease stop editing the question without telling anyone that answered you, makes it difficult to try and help and reference what you have if you keep changing it on those trying to help.
 singulars
 PostPostId
 POPHP Activating account with UPDATE SQL
 UserUserId
 USJon
2. COSorry........I understand the bit about prepared statements well, I just left a bit of there code because I was trying run the code without bindParam and without. Sorry will make sure my code is what it should be next time I publish, as its clearly confusing sorry.....
 singulars
 PostPostId
 POPHP Activating account with UPDATE SQL
 UserUserId
 USAnt Power

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.