ddg2sailor wrote:
chris smith-9 wrote:
ddg2sailor wrote:
$row = mysql_fetch_array($res);
$res = mysql_query("SELECT passhash, editsecret, status FROM users WHERE
id
= $id");
$row = mysql_fetch_array($res);
I hope this is a copy/paste error or are you running the same thing twice?
I diddnt see that right away. In fact Im combining 2 pieces of code. The
owner of this site dosent want to use a mail server and dosent want to do
a manual confirm. So I added part of the confirm.php to the takesignup.php
file....
mysql_query("UPDATE users SET status='confirmed', uploaded = $giveupload
");
This updates *every* user to have a confirmed status. Probably not what
you want.
Add a
WHERE id='X';
clause
Believe me I agree with you... but this is how he wants it. It took me a
while to realize that the new user cant call up the confirm.php without
the mail with the link and the user name and secret word.
It's still wrong regardless.
User "A" signs up
User "B" signs up
User "A" clicks the confirm link
User "B" does not, but is confirmed anyway.
//send pm to new user
{
$msg = sqlesc("Hello and welcome to Cyber Drive In you have been
given a 1gb head start to help your ratio. .we are a strict but fair site
and our warning are based on the torrent ratio not the global just
because
you have a good ratio dont mean you can hit and run if you do hit and run
your downloads maybe disabled even if your global ratio is fine..so enjoy
our free 1gb gift rules are seed what you take or for 72 hours..plz read
the
rules and facts now you have joined our friendly community");
$added = sqlesc(get_date_time());
$subject = sqlesc("Welcome to Cyber Drive In");
mysql_query("INSERT INTO messages (sender, receiver, subject,
msg,
added) VALUES (0, $id, $subject, $msg, $added)");
What is the sqlesc function?
This is the way the code is when I got it. I think that this is how it
reads from the array. I can see where a table might be more use here.
Eh? I asked about what the sqlesc function does - it is not a native php
function.
You need quotes around your values:
$sql = "insert into table(f1, f2, f3) values ('" .
mysql_real_escape_string($value_1) . "', '" .
mysql_real_escape_string($value_2) . "')";
Im guessing that the preceding line got a bit chopped in the sending....
at least it dosent look quite right as it is. If I cut and paste this back
together I should be able to follow your convention.
No, I was just too lazy to use your code and instead I gave an example.
--
Postgresql & php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
