I am trying to populate a SQL entry with data from a php script but it doesnt work. I have the config file set up right and everything. This is the code I have

<?
include_once "secure/dbconfig.php";

//check md5
$SECRET = 'xxxxxxxxxxxxxxxxxxxxxxxxx';
$sig = md5('userId'+":"+'appId'+":"+'SECRET');

if($_REQUEST['sig'] == $sig) {
    $userdata = GetUserInfo($_REQUEST['userId']);
    $conn = ConnectDB();
    $res = mysql_query('UPDATE users SET points + '.$_REQUEST['amount'].' WHERE id = '.$_REQUEST['userId'].''. $connection);
    if($res){
        print "1";
        }else{
        print "0";
    }
    }else{
        print "0";
    }

How would I set up the SQL database in detail?

Is there any error message at all? Did you use correct server, user name, password?
explain connectDB()

-- tesu

I have my database info in dbconfig.php and assume it uses the info in there. The information is correct and it posts a 0 after running a script which means it failed to post the information. Not sure why though

you may be getting the out put of 0 because $sig is not what is expected.

<?php
    include_once "secure/dbconfig.php";

    //check md5
    $SECRET = 'xxxxxxxxxxxxxxxxxxxxxxxxx';
    
    // I think that the php syntax for concatenation is to use the . not the +
    $sig = md5('userId' . ":" . 'appId' . ":" . 'SECRET');

    if($_REQUEST['sig'] == $sig) {
        $userdata = GetUserInfo($_REQUEST['userId']);
        $conn = ConnectDB();
        
        //$res = mysql_query('UPDATE users SET points + '.$_REQUEST['amount'].' WHERE id = '.$_REQUEST['userId'].''. $connection);
        $res = mysql_query('UPDATE users SET points = '.$_REQUEST['amount'].' WHERE id = '.$_REQUEST['userId'].''. $connection);
        if($res){ print "res ok"; }
        else{ print "res not ok"; }
    }else{
        print "sig not ok";
    }

I saw that the concatenation of your sig may have been off. try this and let us know how it goes

Also, there was a + sign in your UPDATE query, when it should have been an = sign

I tried to run the script with your modifications but it is indeed the sig that is not being rendered correctly. I am trying to send script.php?appId=1111&userId=12345&amount=10&hash=8b44493ab7b37a6e47ca2f8726b87563
where hash = ('userId' . ":" . 'appId' . ":" . 'SECRET');

What exactly are you using $sig for?
Is it simply for identification??

If you could please explain that a little more to me i may be able to get a better understanding on what you actually want to achieve.

thx.

i am using sig to generate a hash based on the appid userid and and secret and verifying it against the hash that is posted when a request is sent to it.

Member Avatar for rajarajan2017
UPDATE table_name
SET column1=value, column2=value2,...
WHERE some_column=some_value

The above is the syntax of update statement and you missed column name "=" value in the statment. Also echo all the variables to know whether you get the result of variables.

if (mysql_num_rows($res) > 0) { 
   echo "records found";
}else "records not found"

The above code will confirm whether the query affected the rows or not.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.