phpsycho Posted May 1, 2011 Share Posted May 1, 2011 When the form is summited it is supposed to check if the password field contained any text so that way it updates the password. so only if $password exists should it run that query. I tried all different ways of making that happen and it never works. I will summit the form without anything in the password field and it will still update the password to something encrypted in md5 anyways. <?php include ('header.php'); if(isset($_GET['sa'])) { switch ( $_GET['sa']) { case 'edit': edit(); break; } }else{ echo "<div class='header'>Edit admins</div><div class='content'>"; $query = mysql_query("SELECT * FROM `admins`"); while($row = mysql_fetch_array($query)){ $username = clean_up($row['username']); $id = clean_up($row['id']); $email = clean_up($row['email']); $website = clean_up($row['website']); echo "$id $username $email $website | <a href='index.php?action=editadmins&sa=edit&id=$id'> Edit</a><br>"; } echo "</div>"; } function edit() { $id = clean_up($_GET['id']); if(isset($_POST['submit'])){ $username = clean_up($_POST['username']); $password = md5(clean_up($_POST['password'])); $email = clean_up($_POST['email']); $website = clean_up($_POST['website']); if(isset($username)){ if(isset($password)){ mysql_query("UPDATE `admins` SET `password`='$password' WHERE `id`='$id'"); } mysql_query("UPDATE `admins` SET `username`='$username', `email`='$email', `website`='$website' WHERE `id`='$id'"); echo "<b><font color=green>Information edited. Go <a href='index.php'>home</a>?</font></b><br>"; }else{ echo "please enter a username"; } }else{ $query = mysql_query("SELECT * FROM `admins` WHERE `id`='$id'"); while($row = mysql_fetch_array($query)){ $username = clean_up($row['username']); $email = clean_up($row['email']); $website = clean_up($row['website']); echo "<div class='header'>Edit $username</div><div class='content'><form action='index.php?action=editadmins&sa=edit&id=$id' method='post'> <b>Username:</b> <input type='text' name='username' id='username' value='$username'><br> <b>Password:</b>(leave blank to keep same) <input type='password' name='password' id='password' value=''><br> <b>Email:</b> <input type='text' name='email' id='email' value='$email'><br> <b>Website:</b> <input type='text' name='website' id='website' value='$website'><br> <input type='submit' name='submit' id=submit' value='Edit $username'></form></div>"; } } } include('footer.php'); ?> Quote Link to comment Share on other sites More sharing options...
teddyb Posted May 1, 2011 Share Posted May 1, 2011 i think your problem lies with the fact that the md5 of the empty string is d41d8cd98f00b204e9800998ecf8427e so $password contains that string after <?php $password = md5(clean_up($_POST['password'])); also isset will return true for the empty string Quote Link to comment Share on other sites More sharing options...
fugix Posted May 1, 2011 Share Posted May 1, 2011 you can use empty() to check if the var contains any text, isset will only check if the variable exists Quote Link to comment Share on other sites More sharing options...
phpsycho Posted May 1, 2011 Author Share Posted May 1, 2011 Yeah so I use this: if(empty($username)){ if(empty($password)){ mysql_query("UPDATE `admins` SET `password`='$password' WHERE `id`='$id'"); } mysql_query("UPDATE `admins` SET `username`='$username', `email`='$email', `website`='$website' WHERE `id`='$id'"); } nothing goes into the db now. so I try this: if(!empty($username)){ if(!empty($password)){ mysql_query("UPDATE `admins` SET `password`='$password' WHERE `id`='$id'"); } mysql_query("UPDATE `admins` SET `username`='$username', `email`='$email', `website`='$website' WHERE `id`='$id'"); } that inserts that empty md5 string Quote Link to comment Share on other sites More sharing options...
teddyb Posted May 1, 2011 Share Posted May 1, 2011 You either want to md5 the password after checking it (better) or have <?php if ($password != "d41d8cd98f00b204e9800998ecf8427e") { //run query } Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted May 1, 2011 Share Posted May 1, 2011 Text/password form fields are set, even if they are empty. In your form processing code, you would need to test if the various fields are not empty, before you apply any function to the values in them. Quote Link to comment Share on other sites More sharing options...
phpsycho Posted May 1, 2011 Author Share Posted May 1, 2011 okay thanks, it works. idk why I didn't think of that lol now is there a way to stop a space (blank character) or as many plus spaces from being summited in the password field? Quote Link to comment Share on other sites More sharing options...
teddyb Posted May 1, 2011 Share Posted May 1, 2011 http://php.net/manual/en/function.trim.php Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.