quick mysql query problem

blink359 · May 4, 2009

I have this code im writing and i want to make it so if this query

        $result = mysql_query("SELECT * FROM `accounts` where login='$user' AND password='$pass'")

Comes back false it comes back with the error "Invalid username or password" if it comes back true it goes on to do a mysql update which would be

"UPDATE accounts SET password = '$newpass' WHERE username = '$user' and password = '$pass";

and if that doesnt work it just gives the mysql error

If someone could help me do this that would be great

Thanks

Blink359

Ken2k7 · May 4, 2009

if (empty($result)) return 'Invalid username or password';
else {
     $sql = "YOUR_UPDATE_SQL";
     $result = mysql_query($sql);
     if (empty($result)) return mysql_error();
}

Like that? o.O

jackpf · May 4, 2009

You should use mysql_num_rows($result)==0 rather than empy($result) or so I'm told...

Zhadus · May 4, 2009

Additionally I'd recommend adding an error handler to your $result line, it can save you hassle in the future:

<?
$result = mysql_query("SELECT * FROM `accounts` where login='$user' AND password='$pass'") or die(mysql_error());
?>

blink359 · May 4, 2009

So this should work

$result = mysql_query("SELECT * FROM `accounts` where login='$user' AND password='$pass'") or die(mysql_error());

        {
        if (empty($result)) return 'Invalid username or password';
        else {
                 $sql = "UPDATE accounts SET password = '$newpass' WHERE username = '$user' and password = '$pass";";
                 $result = mysql_query($sql);
        if mysql_num_rows($result)==0 return mysql_error();
        }

Ken2k7 · May 4, 2009

You should use mysql_num_rows($result)==0 rather than empy($result) or so I'm told...

He wanted it to return an error if it comes back false, not if it comes back with no results. I just wrote it as is man.

Ken2k7 · May 4, 2009

$result = mysql_query("SELECT * FROM `accounts` where login='$user' AND password='$pass'") or die(mysql_error());

       {
       if (empty($result)) return 'Invalid username or password';
       else {
                $sql = "UPDATE accounts SET password = '$newpass' WHERE username = '$user' and password = '$pass";";
                $result = mysql_query($sql);
       if mysql_num_rows($result)==0 return mysql_error();
       }

Syntax error much!?

blink359 · May 4, 2009

What needs editing then im newbie remember im trying to learn

also its this now

        $result = mysql_query("SELECT * FROM `accounts` where login='$user' AND password='$pass'") or die(mysql_error());

        {
        if (empty($result)) return 'Invalid username or password';
        else {
                 $sql = "UPDATE accounts SET password = '$newpass' WHERE username = '$user' and password = '$pass";";
                 $result = mysql_query($sql);
        if (empty($result)) return mysql_error();
        }

Ken2k7 · May 4, 2009

See that curly brace before the first if statement? Remove that.

jackpf · May 4, 2009

He wanted it to return an error if it comes back false, not if it comes back with no results. I just wrote it as is man.

Guess so.

blink359 · May 4, 2009

Kk guys thanks for that i may be posting later if im having problems with other pages since i wrote pages that all worked now i can use them like that so im having to recode them

blink359 · May 4, 2009

Parse error: syntax error, unexpected T_STRING in /var/www/nathan/wotlk/passchange.php on line 52

which is aparently my actual form

<form name=myform method=post action=''>
          <input name="user" type="text"/>
          <br>  
          Password: 
          <input name="pass" type="password"/>
          <br>  
         New Password: 
          <input name="newpass" type="password"/>
          <br>  
          Repeat New Password: 
          <input name="newpass2" tpye="password"/>
          <br />
          <input name="Submit" type="submit" value="submit" /> 
          
          <imput name="reset" type="reset" value="reset" /> 
</form>

jackpf · May 4, 2009

<form name=myform method=post action=''>

Are you echoing this with single quotes?

blink359 · May 4, 2009

I copied it from another page as i forgot what the actual code was so i copied it from my register page which is working fine

Ken2k7 · May 4, 2009

That form is the passchange.php file? Can you post what's before that? Where's line 52?

blink359 · May 4, 2009

What your ment to post is that info to go into the mysql query

$sql = "UPDATE accounts SET password = '$newpass' WHERE username = '$user' and password = '$pass";";

Line 52 <input name="user" type="text"/>

jackpf · May 4, 2009

You're probably not escaping your quotes correctly.

Ken2k7 · May 4, 2009

$sql = "UPDATE accounts SET password = '$newpass' WHERE username = '$user' and password = '$pass';";

blink359 · May 4, 2009

Parse error: syntax error, unexpected $end in /var/www/nathan/wotlk/passchange.php on line 69

line 69 = </html>

ive had this before but i cant remember what was wrong

the182guy · May 4, 2009

[*]Don't SELECT * when you are not even retrieving the results, just select one column such as the ID or username.

[*]Don't leave that or die(mysql_error()) code in when this system is live on the internet, it will only invite people to try and hack your script/website.

[*]I hope $user and $pass are being escaped to prevent SQL Injection.

[*]You only intend to update 1 row in your UPDATE, so add LIMIT 1 to the end, why? If someone does have a successful SQL Injection attack there is a possibility of changing all your users passwords in one go. Addling LIMIT 1 will ensure only 1 row is updated.

[*]I can't see the rest of your code but it appears your passwords are being stored as plain text, you should consider encrypting or encoding them

blink359 · May 4, 2009

How can i goabout the it im quite newbie to this

But also this website is gonna be used amongst a few other people as its ment to interact with a database for a private emulator of a game

Ken2k7 · May 4, 2009

If I hear another person use "I'm a newbie" line for an excuse to attempt something, I'm going to refuse them of my help. It's so annoying to read that line!

Can you post lines 67-70 of passchange.php?

blink359 · May 4, 2009

</form>

</body>

</html>

I dont think its much help tho

blink359 · May 4, 2009

If I hear another person use "I'm a newbie" line for an excuse to attempt something, I'm going to refuse them of my help. It's so annoying to read that line!

Sorry

Ken2k7 · May 4, 2009

Okay... Can you post the entire file here then? Make sure you take out any sensitive data you don't want people to see such as username and password.

Sign In

quick mysql query problem

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information