scmeeker Posted June 21, 2010 Share Posted June 21, 2010 In my form, I want to compare passwords to each other before inserting a new record. I can't seem to get this going. Here is the code from the form: <tr> <td><span class="blackfont">Password:</span></td> <td><input type="password" name="password" /> </td> </tr> <tr> <td><span class="blackfont">Reenter Password:</span> </td> <td><input type="password" name="checkpassword" /></td> </tr> <tr> And here is the form's "<form action="insert5.php" method="post">" the "insert5.php" code that goes with the form: <?php $con = mysql_connect("","","", ""); if (!$con) { die('Could not connect: ' . mysql_error()); } $test_name = "password"; $sub_name = "checkpassword"; while ($test_name == $sub_name) { mysql_select_db("lery", $con); $sql="INSERT INTO artist (username, password, email, terms) VALUES ('$_POST[username]','$_POST[password]','$_POST[email]', '$_POST[terms]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; } mysql_close($con) ?> Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted June 21, 2010 Share Posted June 21, 2010 if( $_POST['password'] === $_POST['checkpassword'] { //Do something if the fields are identical } else { /Do something else if they are not identical } Quote Link to comment Share on other sites More sharing options...
kenrbnsn Posted June 21, 2010 Share Posted June 21, 2010 You don't want to do this: <?php $test_name = "password"; $sub_name = "checkpassword"; while ($test_name == $sub_name) { ?> do this instead: <?php $test_name = $_POST['password']; $sub_name = $_POST['checkpassword']; if($test_name == $sub_name) { ?> You should also use the function mysql_real_escape_string on any data you insert into the database. Plus you should store the password in plain text in the database: <?php $sql="INSERT INTO artist (username, password, email, terms) VALUES ('" . mysql_real_escape_string($_POST[username]) . "','" . md5($_POST[password]) . "','" . mysql_real_escape_string($_POST[email]) . "', '" . mysql_real_escape_string($_POST[terms]) . "')"; ?> Ken Quote Link to comment Share on other sites More sharing options...
5kyy8lu3 Posted June 21, 2010 Share Posted June 21, 2010 you could do something like this: //this goes on your insert5.php page <?php session_start(); if ( $_POST['password'] != $_POST['checkpassword'] ) { $_SESSION['passfail'] = 1; header("Location: http://www.yoursite.com/formpage.php"); } ?> //this is your form page <?php session_start(); if ( $_SESSION['passfail'] != '' ) { echo 'Passwords don't match.'; unset($_SESSION['passfail']); } ?> Quote Link to comment Share on other sites More sharing options...
scmeeker Posted June 22, 2010 Author Share Posted June 22, 2010 Thanks everyone for your help! It's working great now. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.