anastasia0181

Thank you RussellReal that is what I acctually did, I created a separate page for changing password. Your help was appreciated .

Hi , With the tags I get the same results as my first post.

Hi RussellReal I really appreciate you trying to help me, this is the first time I put code in a forum, do you want me to put all code between tags <code> and </code> like this <?php require_once('../../Connections/myDB.php'); ?> <?php if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "loginForm")) { $updateSQL = sprintf("UPDATE userTbl SET Name=%s, Email=%s, Password=sha(%s) WHERE id=%s", GetSQLValueString($_POST['Name'], "text"), GetSQLValueString($_POST['Email'], "text"), GetSQLValueString($_POST['Password'], "text"), GetSQLValueString($_POST['userId'], "int")); mysql_select_db($database_myDB, $myDB); $Result1 = mysql_query($updateSQL, $myDB) or die(mysql_error()); } $colname_rsUp = "1"; if (isset($_GET['id'])) { $colname_rsUp = (get_magic_quotes_gpc()) ? $_GET['id'] : addslashes($_GET['id']); } mysql_select_db($database_myDB, $myDB); $query_rsUp = sprintf("SELECT * FROM userTbl WHERE id = %s", $colname_rsUp); $rsUp = mysql_query($query_rsUp, $myDB) or die(mysql_error()); $row_rsUp = mysql_fetch_assoc($rsUp); $totalRows_rsUp = mysql_num_rows($rsUp); ?> <form action="<?php echo $editFormAction; ?>" id="updateForm" name="loginForm" method="POST"> <table width="280" border="0" align="center" cellpadding="2" cellspacing="0"> <tr> <th height="34" width="85"><div align="left" >Name : </div></th> <td colspan="4"> <input name="Name" type="text" class="textfield" id="Name" value="<?php echo $row_rsUp['Name']; ?>" size="30" /> </td> </tr> <tr> <th height="34" width="85"><div align="left" >Email:</div></th> <td colspan="4"> <span id="two"> <input name="Email" type="text" class="textfield" id="Email" value="<?php echo $row_rsUp['Email']; ?>" size="30" /> </td> </tr> <tr> <th height="34" width="85"><div align="left" >Password:</div></th> <td colspan="4"> <input name="Password" type="password" class="textfield" id="Password" value="<?php echo $row_rsUp['Password']; ?>" size="30" /> </td> </tr> <tr> <td> </td> <td width="61"> </td> <td width="122" align="right"><input type="submit" name="Submit" value="Update" /></td> </tr> </table> <input name="userId" type="hidden" id="userId" value="<?php echo $row_rsUp['id']; ?>" /> <input type="hidden" name="MM_update" value="loginForm"> </form> <?php mysql_free_result($rsUp); ?> MOD EDIT: . . . tags added.

Hi, I have an application for creating accounts with : "Name" / "email"/ "password" (I use sha1 to hash it) , I created a diferent page to update these info, but if i only change name or email the password gets encrypted a second time. -------------------------------------------------------------------------- Below is my code for the update page, I want to update the password only when it is changed. *********************************************************************** <?php require_once('../../Connections/myDB.php'); ?> <?php function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue; switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "loginForm")) { $updateSQL = sprintf("UPDATE userTbl SET Name=%s, Email=%s, Password=sha(%s) WHERE id=%s", GetSQLValueString($_POST['Name'], "text"), GetSQLValueString($_POST['Email'], "text"), GetSQLValueString($_POST['Password'], "text"), GetSQLValueString($_POST['userId'], "int")); mysql_select_db($database_myDB, $myDB); $Result1 = mysql_query($updateSQL, $myDB) or die(mysql_error()); $updateGoTo = "accounts.php"; if (isset($_SERVER['QUERY_STRING'])) { $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?"; $updateGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $updateGoTo)); } $colname_rsUp = "1"; if (isset($_GET['id'])) { $colname_rsUp = (get_magic_quotes_gpc()) ? $_GET['id'] : addslashes($_GET['id']); } mysql_select_db($database_myDB, $myDB); $query_rsUp = sprintf("SELECT * FROM userTbl WHERE id = %s", $colname_rsUp); $rsUp = mysql_query($query_rsUp, $myDB) or die(mysql_error()); $row_rsUp = mysql_fetch_assoc($rsUp); $totalRows_rsUp = mysql_num_rows($rsUp); ?> <form action="<?php echo $editFormAction; ?>" id="updateForm" name="loginForm" method="POST"> <table width="280" border="0" align="center" cellpadding="2" cellspacing="0"> <tr> <th height="34" width="85"><div align="left" >Name : </div></th> <td colspan="4"> <input name="Name" type="text" class="textfield" id="Name" value="<?php echo $row_rsUp['Name']; ?>" size="30" /> </td> </tr> <tr> <th height="34" width="85"><div align="left" >Email:</div></th> <td colspan="4"> <span id="two"> <input name="Email" type="text" class="textfield" id="Email" value="<?php echo $row_rsUp['Email']; ?>" size="30" /> </td> </tr> <tr> <th height="34" width="85"><div align="left" >Password:</div></th> <td colspan="4"> <input name="Password" type="password" class="textfield" id="Password" value="<?php echo $row_rsUp['Password']; ?>" size="30" /> </td> </tr> <tr> <td> </td> <td width="61"> </td> <td width="122" align="right"><input type="submit" name="Submit" value="Update" /></td> </tr> </table> <input name="userId" type="hidden" id="userId" value="<?php echo $row_rsUp['id']; ?>" /> <input type="hidden" name="MM_update" value="loginForm"> </form> <?php mysql_free_result($rsUp); ?> ************************************************************************** Thank you.