查詢失敗您的SQL語法有誤。 檢查與您的MariaDB服務器版本相對應的手冊

Question

HTTP：//localhost/project/activate.php email=rakibchokder94@gmail.com&code=b98535103096dd0e8f59a5c6c92b9008

輸出查詢失敗

您的SQL語法有誤； 檢查與您的MariaDB服務器版本相對應的手冊以獲取正確的語法，以在第1行的“ b98535103096dd0e8f59a5c6c92b9008”附近使用

    <?php
function clean($string){
    return htmlentities($string);
}

function redirect($location){
    return header("Location: {$location}");
}

function set_message($message){
    if(!empty($message)){
       $_SESSION['message'] =$message;  
    }
    else{
        $message="";
    }
}

function display_message(){
    if(isset($_SESSION['message'])){

        echo $_SESSION['message'];
        unset($_SESSION['message']);

    }
}



function activate_user(){
    if($_SERVER['REQUEST_METHOD']=="GET"){
        if(isset($_GET['email'])){
            $email=clean($_GET['email']);
            $validation_code = clean($_GET['code']);

            $sql = "SELECT id FROM users WHERE email='".escape($_GET['email'])."' AND validation_code'".escape($_GET['code'])."' ";
            $result=query($sql);
            confirm($result);

            if(row_count($result)==1){

                $sql2 = "UPDATE 'users' SET 'active' = 1, 'validation_code' = 0 WHERE 'email' = '".escape($email)."' AND 'validation_code' = '".escape($validation_code)."' ";
                $result2=query($sql2);
                confirm($result2);

                set_message("<p class='bg-success'>Your account has been activated</p>");
                redirect("login.php");
            }
            else{
                set_message("<p class='bg-danger'>Your account has not been activated</p>");
                redirect("login.php");
            }
        }
    }
}
?>

Answer 1

您在查詢中有錯字

$sql = "SELECT id FROM users WHERE email='".escape($_GET['email'])."' AND validation_code'".escape($_GET['code'])."' ";

您缺少等號

AND validation_code='".escape($_GET['code'])."' ";
-------------------^