When users type "/register" bot is inserting "0" instead of their "user id"

Asked May 17 '21 at 05:48

Active May 17 '21 at 22:57

Viewed 137 times

When users type /register, then my bot is inserting "0" instead of their user id in phpMyAdmin.

This is the code, what's causing this problem?

if (strpos($message, "/register") === 0) {

    $che = mysqli_query($db, "SELECT * FROM users WHERE id = '" . $id . "' ");
    $check = mysqli_fetch_assoc($che);

    if ($id != $check['id']) {
        mysqli_query($db, "UPDATE count SET users = users + 1");
        mysqli_query($db, "INSERT INTO users(id) VALUES('$id')");
        sendMessage($chatId, "<u>Done</u>", $message_id);
    }
}

edited May 17 '21 at 22:57

John Conde

217,595
99
455
496

asked May 17 '21 at 05:48

Wiker Bem

Where does `$id` come from? I strongly suspect your code is doing something like `INSERT INTO users(id) VALUES ('register')` and that's getting turned into `0` because MySQL does that by default when an invalid string is put into a numeric column. – ceejayoz May 17 '21 at 22:53
(This code is also highly vulnerable to SQL injection and is unsafe. https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – ceejayoz May 17 '21 at 22:53
Where is $id defined? – Muaath Aug 23 '21 at 18:04

When users type "/register" bot is inserting "0" instead of their "user id"

0 Answers0