Jump to content

Won't Update Values


mjnmixael

Recommended Posts

Here is my code:

 

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Set values
$newpassword1=0;
$firstname=0;
$lastname=0;
$email=0;
$complete=0;

// Get values from form
$password=$_POST['password'];
$newpassword1=$_POST['newpassword'];
$newpassword2=$_POST['newpassword2'];
$firstname=$_POST['firstname'];
$lasname=$_POST['lastname'];
$email=$_POST['email'];
$secpassword=md5($_POST['newpassword']);

// Check password confirmation
if($newpassword1 > $newpassword2){
$nomatch = 'nomatch';
setcookie("regerrorp", $nomatch, 0, "/", '.timingishstudios.com');
unset($newpassword);
unset($newpassword2);
header("location:http://www.timingishstudios.com/subscribers/changepassword.php");
exit();
}

// Authenticate
$sql="SELECT * FROM $tbl_name WHERE user_pass='$secpassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){

// Make changes
$sql="SELECT ID FROM $tbl_name WHERE user_pass='$secpassword'";
$result=mysql_query($sql);
$row = mysql_fetch_assoc($result);
$userid=$row['ID'];

if ($newpassword1 !== 0){
$sql="UPDATE $tbl_name SET user_pass = '$secpassword' WHERE ID='$userid'";
$result=mysql_query($sql);
}
if($result){
$complete = ($complete + 1);
}
else {
header("location:error.php");
}
if ($email !== 0){
$sql="UPDATE $tbl_name SET user_email = '$email' WHERE ID='$userid'";
$result=mysql_query($sql);
}
if($result){
$complete = ($complete + 1);
}
else {
header("location:error.php");
}
if ($firstname !== 0){
$sql="UPDATE $tbl_name2 SET meta_value = '$firstname' WHERE user_id='$userid' AND meta_key='first_name'";
$result=mysql_query($sql);
$sql="UPDATE $tbl_name2 SET meta_value = '$firstname' WHERE user_id='$userid' AND meta_key='nickname'";
$result=mysql_query($sql);
}
if($result){
$complete = ($complete + 1);
}
else {
header("location:error.php");
}
if ($lastname !== 0){
$sql="UPDATE $tbl_name2 SET meta_value = '$lastname' WHERE user_id='$userid' AND meta_key='last_name'";
$result=mysql_query($sql);
}
if($result){
$complete = ($complete + 1);
}
else {
header("location:error.php");
}
}
// If sucsessful..
if($complete > 0){	
$sql="SELECT user_email FROM $tbl_name WHERE ID='$userid'";
$result=mysql_query($sql);
$row = mysql_fetch_assoc($result);
$email=$row['user_email'];
$sql="SELECT user_login FROM $tbl_name WHERE ID='$userid'";
$result=mysql_query($sql);
$row = mysql_fetch_assoc($result);
$username=$row['user_login'];
$sql="SELECT meta_value FROM $tbl_name2 WHERE user_id='$userid' AND meta_key='first_name'";
$result=mysql_query($sql);
$row = mysql_fetch_assoc($result);
$firstname=$row['meta_value'];
$sql="SELECT meta_value FROM $tbl_name2 WHERE user_id='$userid' AND meta_key='last_name'";
$result=mysql_query($sql);
$row = mysql_fetch_assoc($result);
$lastname=$row['meta_value'];
// send e-mail to ...
$to="$email";

// Your subject
$subject="Timingishstudios.com Account Info Changed";

// From
$header="from: Timingishstudios.com <donotreply>";

// Your message
$messages= "Your account information has been changed. \r\n";
$messages.="Email: $email \r\n";
$messages.="Username: $username \r\n";
$messages.="Password: $newpassword1 \r\n";
$messages.="First Name: $firstname \r\n";
$messages.="Last Name: $lastname \r\n";
$messages.="The TiS Team. \r\n";

// send email
$sentmail = mail($to,$subject,$messages,$header);

// Redirect
header("location:changed.php");
}

else {
header("location:error.php");
}

// close connection
mysql_close();
?>

 

The script runs fine, it just will not update my values as defined from the form. Any help?

Link to comment
https://forums.phpfreaks.com/topic/182313-wont-update-values/
Share on other sites

try adding some:

 

or trigger_error (mysql_error());

 

to your queries:

 

// Authenticate
$sql="SELECT * FROM $tbl_name WHERE user_pass='$secpassword'";
$result=mysql_query($sql) or trigger_error (mysql_error());

 

so you can see if the queries are ok.

 

also, look into mysql_real_escape_string() for your $_POST variables:

 

$firstname=mysql_real_escape_string ($_POST['firstname']);

 

and so on for you variables that are going to a query.  this helps prevent SQL injection.

Link to comment
https://forums.phpfreaks.com/topic/182313-wont-update-values/#findComment-962048
Share on other sites

I've got it working so far. Now the problem is that it only works when all the form values are filled in. If any are left blank, I get an internal server error.

 

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Get values from form
$password=$_POST['password'];
$newpassword1=$_POST['newpassword'];
$newpassword2=$_POST['newpassword2'];
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$email=$_POST['email'];
$secpassword=md5($_POST['newpassword']);
$compare=($_POST['compare']);

// Check password confirmation
if($newpassword1 > $newpassword2){
$nomatch = 'nomatch';
setcookie("regerrorp", $nomatch, 0, "/", '.timingishstudios.com');
unset($newpassword);
unset($newpassword2);
header("location:http://www.timingishstudios.com/subscribers/changepassword.php");
exit();
}

// Authenticate
$sql="SELECT * FROM $tbl_name WHERE user_pass='$secpassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count<1){
header("location:http://www.timingishstudios.com/subscribers/changepassword.php");
}

// Make changes
$sql="SELECT ID FROM $tbl_name WHERE user_pass='$secpassword'";
$result=mysql_query($sql);
$row = mysql_fetch_assoc($result);
$userid=$row['ID'];

if ($newpassword1 != $compare){
$sql="UPDATE $tbl_name SET user_pass = '$secpassword' WHERE ID='$userid'";
$result=mysql_query($sql);
if($result){
	$complete = ($complete + 1);
}
else {
$nomatchp = 'nomatchp';
setcookie("uerrorp", $nomatch, 0, "/", '.timingishstudios.com');
unset($newpassword);
unset($newpassword2);
header("location:http://www.timingishstudios.com/subscribers/changepassword.php");
exit();
}
}
if ($email != $compare){
$sql="UPDATE $tbl_name SET user_email = '$email' WHERE ID='$userid'";
$result=mysql_query($sql);
if($result){
	$complete = ($complete + 1);
}
else {
$nomatche = 'nomatche';
setcookie("uerrore", $nomatch, 0, "/", '.timingishstudios.com');
unset($email);
header("location:http://www.timingishstudios.com/subscribers/changepassword.php");
exit();
}
}
if ($firstname != $compare){
$sql="UPDATE $tbl_name2 SET meta_value = '$firstname' WHERE user_id='$userid' AND meta_key='first_name'";
$result=mysql_query($sql);
$sql="UPDATE $tbl_name2 SET meta_value = '$firstname' WHERE user_id='$userid' AND meta_key='nickname'";
$result=mysql_query($sql);
if($result){
	$complete = ($complete + 1);
}
else {
$nomatchf = 'nomatchf';
setcookie("uerrorf", $nomatch, 0, "/", '.timingishstudios.com');
unset($firstname);
header("location:http://www.timingishstudios.com/subscribers/changepassword.php");
exit();
}
}
if ($lastname != $compare){
$sql="UPDATE $tbl_name2 SET meta_value = '$lastname' WHERE user_id='$userid' AND meta_key='last_name'";
$result=mysql_query($sql);
if($result){
	$complete = ($complete + 1);
}
else {
$nomatchl = 'nomatchl';
setcookie("uerrorl", $nomatch, 0, "/", '.timingishstudios.com');
unset($lastname);
header("location:http://www.timingishstudios.com/subscribers/changepassword.php");
exit();
}
}
// If sucsessful..
if($complete > 0){	
$sql="SELECT user_email FROM $tbl_name WHERE ID='$userid'";
$result=mysql_query($sql);
$row = mysql_fetch_assoc($result);
$email=$row['user_email'];
$sql="SELECT user_login FROM $tbl_name WHERE ID='$userid'";
$result=mysql_query($sql);
$row = mysql_fetch_assoc($result);
$username=$row['user_login'];
$sql="SELECT meta_value FROM $tbl_name2 WHERE user_id='$userid' AND meta_key='first_name'";
$result=mysql_query($sql);
$row = mysql_fetch_assoc($result);
$firstname=$row['meta_value'];
$sql="SELECT meta_value FROM $tbl_name2 WHERE user_id='$userid' AND meta_key='last_name'";
$result=mysql_query($sql);
$row = mysql_fetch_assoc($result);
$lastname=$row['meta_value'];
// send e-mail to ...
$to="$email";

// Your subject
$subject="Timingishstudios.com Account Info Changed";

// From
$header="from: Timingishstudios.com <donotreply>";

// Your message
$messages= "Your account information has been changed. \r\n";
$messages.="Email: $email \r\n";
$messages.="Username: $username \r\n";
$messages.="Password: $newpassword1 \r\n";
$messages.="First Name: $firstname \r\n";
$messages.="Last Name: $lastname \r\n";
$messages.="The TiS Team. \r\n";

// send email
$sentmail = mail($to,$subject,$messages,$header);

// Redirect
header("location:changed.php");
}
else{
header("location:changepassword.php");
}
// close connection
mysql_close();
?>

 

The problem seems to be the the newpassword data. If that data is not filled in, then the script fails to an internal server error.

Link to comment
https://forums.phpfreaks.com/topic/182313-wont-update-values/#findComment-962150
Share on other sites

going back to what cags wrote, what is going on with:

 

if($newpassword1 > $newpassword2)

 

concerning the 500 error .. are you using .htaccess file(s) at all?  are you being redirected to here: http://www.timingishstudios.com/subscribers/changepassword.php when the server error shows up?

 

Internal Server errors are not very common, so some more specific details are required.  need to know what chunk of code is being executed at the time of this error.

 

do you have an .htaccess file in the "subscribers" folder, and a restriction is not being met?  who knows.

Link to comment
https://forums.phpfreaks.com/topic/182313-wont-update-values/#findComment-962177
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.