PFMaBiSmAd

The trim() function apparently has no bearing on the problem (the value is an md5() value and it would not have any trim-able (AFAIK) characters on the leading or trailing edge.) You will need to investigate what values your code is using vs what is stored in your table (for example, the change password code could have had an incorrect form and the password used was actually an empty string...) I would take the encryptPassword() code and make it a standalone function in its own .php file and enter the password you just attempted to change your's to and see if the value it returns is what is currently stored in your database table. <?php function encryptPassword ( $pass, $encKey = "lupine-salt@1234" ) { return ( md5 ( $pass.$encKey ) ); } echo encryptPassword ('put_the_new_password_you_attempted_to_change_yours_to_here'); ?>

Is there some reason you started a second thread for this same code instead of continuing in the same thread you started yesterday?

Seeing the Functions::encryptPassword() function code would help. There is a trim() function call thrown in the updatePassword() function that is not present in the createUser() or the login code, that if the encryptPassword() function was doing something that left a trim-able character as part of the data, would result in an unmatchable value after using the updatePassword() function.

So, what code is used when setting the passwords originally (i.e. the passwords that worked.) What code is used when you attempted to set a new password? What code is checking the password when you attempt to log in? What if anything is currently stored in your user record for the password when you look directly in the database table? Please post any code between tags so that someone will bother to read it. Do you have a backup of your database so that you could examine the password data in it and/or restore it?

The error means that your query matched zero rows (the WHERE clause was FALSE). You should use mysql_num_rows() to find out if your query matched anything before you attempt to fetch and access the data. As to why your query did not match anything, are you sure your $_SESSION variable contains what you expect? What do you get if you echo $query?

You are missing the FROM keyword.

If you bother to read your code, you are not even using the correct variable names in it.

Given that $updated_embed and $_POST['title'] are the data you are putting into the query that need to be escaped, what are you doing trying to use mysql_real_escape_string on $_POST['embed']?

What would adding a space before the : have to do with removing the extra one that is after the : that is causing the problem???

You have an extra space after the : inside the strtotime() part that is throwing off the expected format.

Your query failed due to some error. If you echo mysql_error(); on the next line after the line with your mysql_query() statement, it will tell you why the query failed.

You would use a lookup array - $lookup = array(); $lookup[1] = 'France'; $lookup[3] = 'UK'; $lookup[9] = 'Test'; // add other entries here ... $Country = $_REQUEST['Country']; if(isset($lookup[$Country])){ $Country = $lookup[$Country]; } else { $Country = 'Germany'; } Once you have an array like that you would also use it to build your form so that you have consistency and shorter code.

The internal locking that is described at that link deals solely with how the server manages concurrent queries. It has nothing to do with how your application prevents multiple people from making changes to the same information. In fact, since transactions and locking are per client session and editing (reading, displaying, possibly changing, and updating) information involves multiple page requests, each with a separate database client session, you must manage this at the application level. You need to request/set a piece of data that indicates someone wants to edit the specific information. If the request/set is successful and matches the requesting person, that person has obtained the right to edit the information. When he is done (or with a timeout in case he aborts the operation), the request for the edit is released and someone else requesting the ability to edit that specific information would succeed when they make the request. Edit: I guess I would ask, what type of information is this, because you may in fact not want to update existing information, but add (INSERT) records with each change, both so that you have a record of who made a modification and when and so that you have the source data that goes into a value rather than just a single value that someone could have made an error editing using the read/update method.

No, you would not have. The first error means that your query failed due to an error (zero matching rows is not an error), probably due to not having a valid connection to your database, which is what the second error supports as well. That you have this code inside of an outer loop that you did not bother to post and that the code you did post is closing the connection explains the errors. If you really want help with what your code is doing, you would need to post all the actual relevant code. You are writing and rewriting unnecessary code to compensate for some crap code earlier in your script.

http://dev.mysql.com/doc/refman/5.1/en/string-functions.html#function_field ORDER BY FIELD(your_column,1,4,2,3) You can also use the FIND_IN_SET() function to accomplish the same thing.

Or course you can reference the different column names. Your join would be something like the following, depending on the actual relationship and join's you want - FROM table_1 t1 JOIN table_2 t2 ON (t1.id = t2.tmpid) JOIN table_3 t3 ON (t1.id = t3.tmpid)

http://dev.mysql.com/doc/refman/5.0/en/group-by-functions.html#function_sum

That's not how you write code. You write code by learning what the functions do and what the syntax means and use them to produce the code and query that accomplishes what you want. The full code you finally posted in reply #5, will produce a query that displays correctly when echo'ed and could be copy/pasted and executed, but the actual variable $query does not contain valid sql due to how the mysql_real_escape_string() and htmlentities() are being applied to the sql syntax in it. Until you form your query by only using mysql_real_escape_string() on string data values that could contain sql special characters and by not using htmlentities() at all, you won't get this to work.

odbc_num_rows() may work, depending on if the db driver you are using supports it. odbc_fetch_array() and odbc_fetch_row() optionally take a second parameter than can be used to reset back to row 1, again depending on if the db driver you are using supports it. You could also use most of your existing logic, but change the while(){} loop into a do{}while() loop so that you can use the first row that you are fetching as part of the test to see if there are any rows. Also, you could just use your existing while(){} loop. Your existing code should produce an empty table when there are zero matching rows. Removing the extra fetch_array() won't change that. What sort of problems where you having that caused you to put in that extra fetch_array()?

No one told you to remove the quotes. However, you were told that you are using mysql_real_escape_string() on parts of your SQL syntax. It is only used on string data that is put into a query, i.e. the data that is put between single-quotes in the query. The single-quotes around string data in your query are part of the sql syntax that makes up the query. They are not escaped as that would break the sql syntax. As to the htmlentities(), if you removed the htmlentities() from your code, then yes the resulting output is correct. If you echoed the query, even with htmlentities() in your code, it will display correctly and you can copy/paste it and it will work, but the actual string that php uses is not valid sql syntax and AbraCadaver wrote in his post that if you look at the view source of the page you would see the html entities.

^^^ That line of code is fetching and discarding the first row in the result set. Why do you have that line of code in your program?

I'm going to guess that because you are attempting to develop code on a live server, instead of a local development system, that all the disk/web server caching that the web host has setup to improve his server efficiency is causing your changing code to take a while to actually get used on the server. You should develop code locally and only put final finished code onto a live server. You will save a ton of your time.

Too bad you didn't store the time using a DATETIME or mysql TIMESTAMP, because you can do this directly in your query using the mysql CONVERT_TZ() function - CONVERT_TZ('2004-01-01 12:00:00','GMT','MET'); You could probably use the mysql FROM_UNIXTIME() function to get your data into a format that would work.

With short_open_tags ON, the php code you have written cannot be parsed. With short_open_tags OFF, the php code you have written can be parsed. Short-answer: Don't put a comment immediately following a php tag without any white-space between the tag and the comment.

Each string data value must be enclosed in single-quotes so that it is treated as a string instead of SQL keywords.