This works with 1 entry in the datbase but not 2 entries :-(
Posted: Tue Jan 18, 2011 3:49 pm
Have to admit, i can code in VB.net but not PHP
The following code connects to the MySQL database and if the email address is in the database and they have paid it will redirect them to the software to download.
However if the user has brought a 2nd copy of the software, 2 entries are present in the MySQL database on separate entries.
When this happens the script directs them to the incorrect email address part meaning they havn't paid or arnt in the database - however they have paid twice
How can i amend it so that aslong as they are in the database and paid they are redirected, even if their email address is present again in a seperate entry?
The following code connects to the MySQL database and if the email address is in the database and they have paid it will redirect them to the software to download.
However if the user has brought a 2nd copy of the software, 2 entries are present in the MySQL database on separate entries.
When this happens the script directs them to the incorrect email address part meaning they havn't paid or arnt in the database - however they have paid twice
How can i amend it so that aslong as they are in the database and paid they are redirected, even if their email address is present again in a seperate entry?
Code: Select all
<?php
$host="xxxxxxxxxx.com"; // Host name
$username="xxxxxx"; // Mysql username
$password="xxxxxx"; // Mysql password
$db_name="xxxxxx"; // Database name
$tbl_name="orders"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$CustomerEmail=$_POST['CustomerEmail'];
$IsPaid="-1";
$Product="My Software";
// To protect MySQL injection (more detail about MySQL injection)
$CustomerEmail = stripslashes($CustomerEmail);
$IsPaid = stripslashes($IsPaid);
$Product = stripslashes($Product);
$CustomerEmail = mysql_real_escape_string($CustomerEmail);
$IsPaid = mysql_real_escape_string($IsPaid);
$Product = mysql_real_escape_string($Product);
$sql="SELECT * FROM $tbl_name WHERE CustomerEmail='$CustomerEmail' and IsPaid='$IsPaid' and Product='$Product'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $CustomerEmail, table row must be 1 row
if($count==1){
// Register $CustomerEmail, $IsPaid and redirect to file "login_success.php"
session_register("CustomerEmail");
session_register("IsPaid");
session_register("Product");
header("location:login_success.php");
}
else {
echo "Incorrect Email Address - Please press the back button and check that you have entered your registered email correctly";
}
?>