What are the steps involved in implementing email confirmation for user registration in PHP, and how can SQL injections be prevented during this process?

To implement email confirmation for user registration in PHP, you need to first send a confirmation email with a unique link to the user's email address. When the user clicks on the link, you can verify their email address and activate their account. To prevent SQL injections during this process, always use prepared statements when interacting with the database. 

// Send confirmation email with unique link
$confirmation_code = generateUniqueCode();
$to = $user_email;
$subject = 'Confirm Your Email Address';
$message = 'Click the following link to confirm your email address: http://example.com/confirm.php?code=' . $confirmation_code;
$headers = 'From: webmaster@example.com';
mail($to, $subject, $message, $headers);

// Verify confirmation code and activate user account
if(isset($_GET['code'])) {
    $code = $_GET['code'];
    $stmt = $pdo->prepare("SELECT * FROM users WHERE confirmation_code = :code");
    $stmt->execute(['code' => $code]);
    $user = $stmt->fetch();

    if($user) {
        // Update user status to active
        $stmt = $pdo->prepare("UPDATE users SET status = 'active' WHERE id = :id");
        $stmt->execute(['id' => $user['id']]);
        echo 'Email address confirmed successfully!';
    } else {
        echo 'Invalid confirmation code!';
    }
}

function generateUniqueCode() {
    return md5(uniqid(rand(), true));
}

Keywords

PHP email confirmation user registration SQL injections prevention

Related Questions