Query Failed You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version

Question

http://localhost/project/activate.php?email=rakibchokder94@gmail.com&code=b98535103096dd0e8f59a5c6c92b9008

Output Query Failed

You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''b98535103096dd0e8f59a5c6c92b9008'' at line 1

    <?php
function clean($string){
    return htmlentities($string);
}

function redirect($location){
    return header("Location: {$location}");
}

function set_message($message){
    if(!empty($message)){
       $_SESSION['message'] =$message;  
    }
    else{
        $message="";
    }
}

function display_message(){
    if(isset($_SESSION['message'])){

        echo $_SESSION['message'];
        unset($_SESSION['message']);

    }
}



function activate_user(){
    if($_SERVER['REQUEST_METHOD']=="GET"){
        if(isset($_GET['email'])){
            $email=clean($_GET['email']);
            $validation_code = clean($_GET['code']);

            $sql = "SELECT id FROM users WHERE email='".escape($_GET['email'])."' AND validation_code'".escape($_GET['code'])."' ";
            $result=query($sql);
            confirm($result);

            if(row_count($result)==1){

                $sql2 = "UPDATE 'users' SET 'active' = 1, 'validation_code' = 0 WHERE 'email' = '".escape($email)."' AND 'validation_code' = '".escape($validation_code)."' ";
                $result2=query($sql2);
                confirm($result2);

                set_message("<p class='bg-success'>Your account has been activated</p>");
                redirect("login.php");
            }
            else{
                set_message("<p class='bg-danger'>Your account has not been activated</p>");
                redirect("login.php");
            }
        }
    }
}
?>

Answer 1

You have a typo in the query

$sql = "SELECT id FROM users WHERE email='".escape($_GET['email'])."' AND validation_code'".escape($_GET['code'])."' ";

You're missing an equals sign

AND validation_code='".escape($_GET['code'])."' ";
-------------------^

Query Failed You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version

Question

1 answers

solution1
1 2019-03-15 19:06:53

Query Failed You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version

Question

1 answers

solution1 1 2019-03-15 19:06:53

solution1
1 2019-03-15 19:06:53