Probably something easy with GET

I am sending a user to a page from an e-mail. Included in the link is three random codes that are stored in the db with the user.
Something like this: www.website.com?r1=wi47d&&r2=spwa&&r3=mdnvx

When they arrive at the website I want to check that ALL three of these random codes are correct before sending them to the next page.
Is there a simple way to check that all three have a match with the same user? Probably this is as easy as abc, but I’m sooo tired and been working a lot with different things and just got stuck here.

The user_table contains: | user_id | email | r1| r2 | r3 |

It should be quite easy to construct a DB query from the GET, What about sending the user_id as well, so you can query the DB using one known and check the three unknowns ?

If you’re using PHP and MySQL it might look something like this:


extract ($_GET);
$query = "SELECT r1, r2, r3 FROM table WHERE user_id = 12345";
$result = mysqli_query($link, $query);   // depending on how you've set up the DB access
if (mysqli_num_rows($result) == 1) {     // you should presumably only get one row in the result ?
	$row = mysqli_fetch_assoc($result);
	if ($r1 == $row['r1'] && $r2 ==$row['r2'] && $r3 == $row['r3']) {
                echo 'Everything in the garden is lovely';
        } else {
                // user_id found but vars not matched
        }
} else {
       // user_id not found (or duplicated)
}

Not tested, of course, and apologies for any typos.

If you can’t include the user ID in the GET string, you’ll have to have a more complicated WHERE clause, possibly listing all three random variables (you could get away with using only one if they’re all unique to the user_id)