I don’t know whats wrong?
I get this error:
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given in /activate_email.php on line 12
Warning: Cannot modify header information - headers already sent by (output started at /activate_email.php:12) in /activate_email.php on line 16
[php]
<?php if (isset($_GET['email']) && isset($_GET['hash']) && isset($_GET['code'])) { // Connect to database and sanitize incoming $_GET variables include_once("connect.php"); $email = preg_replace('#[^0-9]#i', '', $_GET['email']); $hash = preg_replace('#[^a-z0-9]#i', '', $_GET['hash']); $activatecode = mysqli_real_escape_string($dbc, $_GET['code']); // Evaluate the lengths of the incoming $_GET variable // Check their credentials against the database $sql = "SELECT * FROM users WHERE email='$email' AND hash='$hash' AND code='$activatecode' LIMIT 1"; $query = mysqli_query($dbc, $sql); $numrows = mysqli_num_rows($query); // Evaluate for a match in the system (0 = no match, 1 = match) if($numrows == 0){ // Log this potential hack attempt to text file and email details to yourself header("location: message.php?msg=Your credentials are not matching anything in our system"); exit(); } // Match was found, you can activate them $sql = "UPDATE users SET activated='1' WHERE email='$email' LIMIT 1"; $query = mysqli_query($dbc, $sql); // Optional double check to see if activated in fact now = 1 $sql = "SELECT * FROM users WHERE email='$email' AND activated='1' LIMIT 1"; $query = mysqli_query($dbc, $sql); $numrows = mysqli_num_rows($query); // Evaluate the double check if($numrows == 0){ // Log this issue of no switch of activation field to 1 header("location: message.php?msg=activation_failure"); exit(); } else if($numrows == 1) { // Great everything went fine with activation! header("location: message.php?msg=activation_success"); exit(); } } else { // Log this issue of missing initial $_GET variables header("location: message.php?msg=missing_GET_variables"); exit(); } ?>[/php]