[SOLVED] Figuring out whether each part of a query is not matching

[limitphp]

I have a query that checks a users username, fname, lname, email, and securityAnswer:

$queryCheckUser = "SELECT email FROM user WHERE username = '$username' AND fname = '$fname' AND lname = '$lname' AND email = '$email' AND securityAnswer = '$securityAnswer'";
$resultCheckUser = mysql_query($queryCheckUser) or die (mysql_error());
$rowCountCheckUser=mysql_num_rows($resultCheckUser);
if ($rowCountCheckUser==0) {
$message = "didn't match records";
}

 

Is there any way to break up the $message in this to check if each part of the query didn't match?

 

In other words, I want to notify them if the fname didn't match, and i want to notify them if the lname didn't match, etc.

The query just checks if ALL of them match or not.  Is there a way to just use one query and find out which part didn't match, instead of writing several queries (a query to check the fname, a query to check the lname, a query to check the email)?

 

So, instead of:

$message = "didn't match records";

 

it could be:

$message = "fname didn't match";

 

$message = $message."lname didn't match"

 

$message = $message."email didn't match"

 

Thanks

 

[premiso]

I have a query that checks a users username, fname, lname, email, and securityAnswer:

$queryCheckUser = "SELECT email FROM user WHERE username = '$username' AND fname = '$fname' AND lname = '$lname' AND email = '$email' AND securityAnswer = '$securityAnswer'";
$resultCheckUser = mysql_query($queryCheckUser) or die (mysql_error());
$rowCountCheckUser=mysql_num_rows($resultCheckUser);
if ($rowCountCheckUser==0) {
$message = "didn't match records";
}

 

Is there any way to break up the $message in this to check if each part of the query didn't match?

 

In other words, I want to notify them if the fname didn't match, and i want to notify them if the lname didn't match, etc.

The query just checks if ALL of them match or not.  Is there a way to just use one query and find out which part didn't match, instead of writing several queries (a query to check the fname, a query to check the lname, a query to check the email)?

 

So, instead :

$message = "didn't match records";

 

it could be:

$message = "fname didn't match";

 

$message = $message."lname didn't match"

 

$message = $message."email didn't match"

 

Thanks

 

 

I wouldnt give them the reason. This helps hackers etc figure out more stuff.

 

But to answer the question, pull out all the date where the username is equal, then run through the array returned and check the values against those and populate $message with the appropriate error.

[limitphp]

I'm afraid it'll really make people angry if I just tell them record didn't match.

 

I know, myself, I have accounts all over the place on different websites.  I forget what I use, because I use different email accounts sometimes when I register.  And I definitely forget what goes with what site sometimes.

 

I'll follow your advice though.  I guess I can put a big limit on how many times they can keep trying to recover their password.

Because its even if someone figured out everything, which would be highly unlikely if they didn't know them really well, the password will still be sent to the original email address.  So, it does the hacker no good.

 

My site is basically going to be a music site where people can listen to and comment on songs, they'll be buying music using google checkout, so there will be no real harm that can be done in the unfortunate event someone takes over another person's account.

 

[premiso]

Yea, I was just enlightening you on why it would be done that way. Let me know if my explanation on how to do it helps you out or not, I can elaborate if you need me to.

[limitphp]

Yea, I was just enlightening you on why it would be done that way. Let me know if my explanation on how to do it helps you out or not, I can elaborate if you need me to.

 

Actually, I don't understand how do "pull out all the date where the username is equal, then run through the array returned ".  You sort of lost me on that.  Plus I'm really bad and scared of arrays.  They seem to confuse me.

 

But its ok, I'm going to take your advice and just give them a hit or miss message on the whole form.

[premiso]

<?php
$queryCheckUser = "SELECT email, secretAnswer, fname, lname FROM user WHERE username = '$username' LIMIT 1";
$resultCheckUser = mysql_query($queryCheckUser) or die (mysql_error());
$rowCountCheckUser=mysql_num_rows($resultCheckUser);
if ($rowCountCheckUser > 0) {
         $row = mysql_fetch_assoc($resultCheckUser);
          if ($row['secretAnswer'] != $secretAnswer) {
               $message = "Your secret answer is wrong.";
          }elseif ($row['email'] != $email) {
               $message = "email is invalid.";
          }// etc....
}else {
     $message = "Username does not exist.";
}
?>

 

Let me know if you need more clarification.

[limitphp]

<?php
$queryCheckUser = "SELECT email, secretAnswer, fname, lname FROM user WHERE username = '$username' LIMIT 1";
$resultCheckUser = mysql_query($queryCheckUser) or die (mysql_error());
$rowCountCheckUser=mysql_num_rows($resultCheckUser);
if ($rowCountCheckUser > 0) {
         $row = mysql_fetch_assoc($resultCheckUser);
          if ($row['secretAnswer'] != $secretAnswer) {
               $message = "Your secret answer is wrong.";
          }elseif ($row['email'] != $email) {
               $message = "email is invalid.";
          }// etc....
}else {
     $message = "Username does not exist.";
}
?>

 

Let me know if you need more clarification.

 

Oh yeah...now I get it!

Of course, just see if the answers match the values in the table, so simple, yet, I couldn't think of that.

 

Its funny how coding really starts to get you to be a really logical person and break things down at the foundation to see if there's a better, quicker, simpler way of solving a problem.

 

Its tempting to want to use this, but I'll stick to your advice and just tell them a hit or miss on the whole form.

Thanks again.