I am having trouble on validating link for confirmation email. I can send users a confirmation link from my database as an HTML email like this
$msg = "
<a href=\"http://asite.ca/assets/functions/confirmation.php?key=$permissionCode\" target=\"_blank\">Click To Confirm</a>
";
the $permissionCode is generating like this
$permissionCode = substr(md5(rand(1000, 9999999)), 0, 12);
which I inserted in confirm_code field.
and in my confirmation.php I have
$key = $_Get["key"];
$sql = "SELECT * FROM `contact_request` WHERE `confirm_code` = $key";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "We Will Contact You Soon";
} else {
echo "0 results";
}
but I am getting the 0 results while the same code of the link is in the database when users click the confirmation link in their email! can you please let me know why this is happening?
Thanks
wrap your $key with single quote in query
$sql = "SELECT * FROM `contact_request` WHERE `confirm_code` = '$key'";
As requested in comment, See the explanation.....
Case 1 :
$key =substr(md5(rand(1000, 9999999)), 0, 12);
$sql = 'SELECT * FROM `contact_request` WHERE `confirm_code` = $key';
echo $sql;
output is
SELECT * FROM `contact_request` WHERE `confirm_code` = $key
Here if you see single quote does not look for a variable. Whatever is there inside ' ' is considered as a string and returned as such.
Case 2:
$key =substr(md5(rand(1000, 9999999)), 0, 12);
$sql = "SELECT * FROM `contact_request` WHERE `confirm_code` = $key";
echo $sql;
Output is
SELECT * FROM `contact_request` WHERE `confirm_code` = dcd9c750bab0
Here Since the query is inside double quotes, That variable is read. but considered as int.
Case 3:
$key =substr(md5(rand(1000, 9999999)), 0, 12);
$sql = "SELECT * FROM `contact_request` WHERE `confirm_code` = '$key'";
echo $sql;
Output is
SELECT * FROM `contact_request` WHERE `confirm_code` = 'fd7c159e29c6'
Here Since the query is inside double quotes, That variable is read. but considered as string as it is encapsulated with single quotes.