php - 简单查询未运行

Question

首先，我知道我对 SQL 注入(inject)持开放态度，这只是一个原型(prototype)。但它仍然应该有效。

我一生都无法弄清楚为什么我无法从数组中取出一个项目。我可能做错了什么？我已经摆弄这个看似简单的查询太久了，而且我似乎无法让它提取数据。我觉得这件事很简单......

$query = 'SELECT * FROM users WHERE email = "' . $email . '"';
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_assoc($result);
$ID = $row['ID'];

我没有得到 $ID 的结果 ....

这是我的完整代码:

<html>
<head>
<?php

$email = $_GET["email"];
$servername="localhost";
$username="*****";
$password="*****";
$database="*****";
$conn= mysql_connect($servername,$username,$password)or die(mysql_error());
mysql_select_db("$database",$conn);


$query = 'SELECT email FROM users WHERE email = "' . $email . '"';
$result = mysql_query($query) or die(mysql_error());



//Checks if the email address exists in the system already
if (mysql_num_rows($result) ) {
        die("Duplicate email found!");
    }
    else {
          //use current date/time combination times the number 11 times the ID to get a unique confirmation number.
          $query = 'SELECT * FROM users WHERE email = "' . $email . '"';
          $result = mysql_query($query) or die(mysql_error());
          $row = mysql_fetch_assoc($result);
          $ID = $row['ID'];
          echo $row;
          $date = date("mydhis");
          $date2 = $date * 11 * $ID;
          echo $ID . "  <-> " . $date . "  <->  <p>" . $date2;
          $sql="insert into users (first,last,displayname,email,password,verification_email)values('$_GET[first]','$_GET[last]','$_GET[display]','$_GET[email]','$_GET[password]','$date2')";
          $result=mysql_query($sql,$conn) or $string = mysql_error();
          $confirmlink = "http://www.somewebsite.com/android/confirm.php?" . $date2;


          $to = $_GET['email'];
          $subject = "Thank you for Registering!";
          $message = "Hello " . $_GET['display'] . " and thank you for registering with the Smeet app!  To confirm your email address (and let us know you aren't a bot), please click the following link: " . $confirmlink;
          $from = "noreply@smeet.com";
          $headers = "From:" . $from;
          mail($to,$subject,$message,$headers) or die('You have successfully registered however mail servers are currently down, you may or may not receive a confirmation email');

          print "<h1>You have registered successfully</h1>";
          print "You will receive an email shortly with instructions on how to confirm your email address.</a>";
    }
?>

 </body>
 </html>

感谢您为解决此问题提供的任何帮助。

Answer 1

这是一个简单的答案，我明白了!

我的 $ID 在创建记录之前就被拉取了，这就是为什么它是空白的!我犯了一个愚蠢的错误。