• Welcome to The Cave of Dragonflies forums, where the smallest bugs live alongside the strongest dragons.

    Guests are not able to post messages or even read certain areas of the forums. Now, that's boring, don't you think? Registration, on the other hand, is simple, completely free of charge, and does not require you to give out any personal information at all. As soon as you register, you can take part in some of the happy fun things at the forums such as posting messages, voting in polls, sending private messages to people and being told that this is where we drink tea and eat cod.

    Of course I'm not forcing you to do anything if you don't want to, but seriously, what have you got to lose? Five seconds of your life?

[PHP] MySQL problem

Lorem Ipsum

Member
Pronoun
x
For all my sins, I'm using PHP to code a little pet project to try and get me to get back into coding, but I've stumbled at one of the first hurdles and can't identify what the problem is.

Basically, User A signs up to the service and receives a unique ID number and verification code, and for others to join User A's group, they have to enter both of these numbers when registering. The code for User A's registration works fine, and it all enters into the database wonderfully.

My problem is the registration of User B - I've set up a rudimentary check to see whether the verification code matches the verification assigned to the user ID in the database, and if it doesn't, it sends you back and tells you to fill out the registration form again. The only problem is that even if they ARE the same, it sends you back regardless.

The only thing I can imagine is wrong is that the code to check the database verification ID is somehow flawed, but I can't see where. Any help on this would be greatly appreciated! Code below:

PHP:
$sid = $_POST['schoolid'];
$ver = $_POST['verificationid'];
$title = $_POST['title'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$pwd = $_POST['pwd1'];
$conf = $_POST['pwd2'];

// MySQL login data goes here

$con = mysql_connect($mysql_host,$mysql_user,$mysql_password);

$getsid = mysql_query(
"SELECT *
FROM schools
WHERE uid='$sid'");

while($row = mysql_fetch_array($getsid)) {
	$origver = $row['verification'];
	}

if ($pwd != $conf) {
		header('Location: register.php?error=1');
	}
elseif ($ver != $original) {
	header('Location: register.php?error=2');
	}

// Further, unimportant code
 

1. Luftballon

Banned
Pronoun
it
well, at a glance, there's a p glaring sql inj with the sid interpolation. please do not interpolate across interfaces unsafely.

(this has nothing to do with the bug you're looking at, but security holes should always take precedence, right)

(I would have links to go with that but I can't seem to motor functions enough to copy/paste on this thing, oops?)
 
Last edited:

Butterfree

Still loves Joltik, though!
Staff member
Pronoun
she/her
The variable you're reading from the database is called $origver; the variable you're comparing $ver to is called $original. Since PHP just creates new variables if a variable name it doesn't recognize comes up, even if you're trying to read from it which is a pretty strong hint you meant to reference something that exist, it's comparing it to undefined or null or whatever PHP's initial variable value is, which is always going to be false. That would be your problem.

But yes, do look into SQL injections - PHP can do prepared queries now with PDO, which takes care of the issue entirely, but running mysql_real_escape_string on it before you inject it into the query should technically also do the trick, in a hackish, really-bad-idea asking-for-trouble way (since if you were to ever forget it for any value you plug into a query at a later point, you're left completely vulnerable).
 
Last edited:

1. Luftballon

Banned
Pronoun
it
But yes, do look into SQL injections - PHP can do prepared queries now with PDO, which takes care of the issue entirely, but running mysql_real_escape_string on it before you inject it into the query should technically also do the trick, in a hackish, really-bad-idea asking-for-trouble way (since if you were to ever forget it for any value you plug into a query at a later point, you're left completely vulnerable).
by all of which I think we would agree we mean, don't do that. not unless you have no other choices.

relevant link, and pdo documentation.
 
Top