Page 1 of 1

Serial Key Checker - Database

Posted: Wed Mar 30, 2011 4:35 am
by GunGuyGunner
Hi

I recently made a Registration form in a php and all works well. What I want in there is a serial key checker. So the php looks in the mysql database to see if the key is valid or not. If it is the user can regitser if not it will return with an error. So far I have put in the serial key input field and added to see if the key already exists from a user regitsering it.
I think I have the php code sorted I just need help to see whether its ok and help with the MySQL Database.

Code: Select all

if(mysql_num_rows(mysql_query("SELECT serialkey FROM users WHERE serialkey = '$serialkey'")))
$status= "OK";
else
{
$msg=$msg."Serial number not found in our database. Please try again or contact your sales representative.<BR>";
$status= "NOTOK";}
Also I have 10,149 Keys and are currently stored on a Microsoft Access Database

Re: Serial Key Checker - Database

Posted: Wed Mar 30, 2011 2:44 pm
by Jonah Bron
You need to escape $serialkey with mysql_real_escape_string() to prevent SQL injection.

http://php.net/mysql-real-escape-string

http://shiflett.org/articles/sql-injection