Jump to content

PHP update problem


anastasia0181
 Share

Recommended Posts

Hi,

I have an application for creating accounts with :

"Name" / "email"/ "password" (I use sha1 to hash it) , I created a diferent page to update these info, but if i only change name or email the password gets encrypted a second time.

--------------------------------------------------------------------------

 

Below is my code for the update page, I want to update the password only when it is changed.

 

***********************************************************************

<?php require_once('../../Connections/myDB.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break; 
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "loginForm")) {
$updateSQL = sprintf("UPDATE userTbl SET Name=%s, Email=%s, Password=sha(%s) WHERE id=%s",
GetSQLValueString($_POST['Name'], "text"),
GetSQLValueString($_POST['Email'], "text"),
GetSQLValueString($_POST['Password'], "text"),
GetSQLValueString($_POST['userId'], "int"));

mysql_select_db($database_myDB, $myDB);
$Result1 = mysql_query($updateSQL, $myDB) or die(mysql_error());

$updateGoTo = "accounts.php";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}

$colname_rsUp = "1";
if (isset($_GET['id'])) {
$colname_rsUp = (get_magic_quotes_gpc()) ? $_GET['id'] : addslashes($_GET['id']);
}
mysql_select_db($database_myDB, $myDB);
$query_rsUp = sprintf("SELECT * FROM userTbl WHERE id = %s", $colname_rsUp);
$rsUp = mysql_query($query_rsUp, $myDB) or die(mysql_error());
$row_rsUp = mysql_fetch_assoc($rsUp);
$totalRows_rsUp = mysql_num_rows($rsUp);
?>

<form action="<?php echo $editFormAction; ?>" id="updateForm" name="loginForm" method="POST">

<table width="280" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<th height="34" width="85"><div align="left" >Name : </div></th>
<td colspan="4">

<input name="Name" type="text" class="textfield" id="Name" value="<?php echo $row_rsUp['Name']; ?>" size="30" />

</td>
</tr>
<tr>
<th height="34" width="85"><div align="left" >Email:</div></th>
<td colspan="4">
<span id="two"> 
<input name="Email" type="text" class="textfield" id="Email" value="<?php echo $row_rsUp['Email']; ?>" size="30" />

</td>
</tr>
<tr>
<th height="34" width="85"><div align="left" >Password:</div></th>
<td colspan="4">

<input name="Password" type="password" class="textfield" id="Password" value="<?php echo $row_rsUp['Password']; ?>" size="30" />

</td>
</tr>
<tr>
<td> </td>

<td width="61"> </td>
<td width="122" align="right"><input type="submit" name="Submit" value="Update" /></td>
</tr>
</table>
<input name="userId" type="hidden" id="userId" value="<?php echo $row_rsUp['id']; ?>" />
<input type="hidden" name="MM_update" value="loginForm">
</form> 
<?php
mysql_free_result($rsUp);
?>

**************************************************************************

 

Thank you.

Link to comment
Share on other sites

Welcome to the forum, congrats on the first post, but I hate to be a jerk..

 

Please use code tags or php tags, trying to read that code without punctuation or anything really hurts my eyes (I got bad eyes <3)

 

Thanks, I'll check back when you got code tags or php tags in there!

Link to comment
Share on other sites

Hi RussellReal  I really appreciate you trying to help me, this is the first time I put code in a forum, do you want me to put all code between tags <code> and </code> like this

 


<?php require_once('../../Connections/myDB.php'); ?>
<?php
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "loginForm")) {
  $updateSQL = sprintf("UPDATE userTbl SET Name=%s, Email=%s, Password=sha(%s) WHERE id=%s",
                       GetSQLValueString($_POST['Name'], "text"),
                       GetSQLValueString($_POST['Email'], "text"),
                       GetSQLValueString($_POST['Password'], "text"),
                       GetSQLValueString($_POST['userId'], "int"));

  mysql_select_db($database_myDB, $myDB);
  $Result1 = mysql_query($updateSQL, $myDB) or die(mysql_error());

}

$colname_rsUp = "1";
if (isset($_GET['id'])) {
  $colname_rsUp = (get_magic_quotes_gpc()) ? $_GET['id'] : addslashes($_GET['id']);
}
mysql_select_db($database_myDB, $myDB);
$query_rsUp = sprintf("SELECT * FROM userTbl WHERE id = %s", $colname_rsUp);
$rsUp = mysql_query($query_rsUp, $myDB) or die(mysql_error());
$row_rsUp = mysql_fetch_assoc($rsUp);
$totalRows_rsUp = mysql_num_rows($rsUp);
?>

<form action="<?php echo $editFormAction; ?>" id="updateForm" name="loginForm" method="POST">
  
  <table width="280" border="0" align="center" cellpadding="2" cellspacing="0">
  <tr>
    <th height="34" width="85"><div align="left"  >Name : </div></th>
    <td colspan="4">
   
    <input name="Name" type="text" class="textfield" id="Name" value="<?php echo $row_rsUp['Name']; ?>" size="30" />
     
    </td>
  </tr>
  <tr>
    <th height="34" width="85"><div align="left"  >Email:</div></th>
    <td colspan="4">
   <span id="two">   
    <input name="Email" type="text" class="textfield" id="Email" value="<?php echo $row_rsUp['Email']; ?>" size="30" />
   
    </td>
  </tr>
  <tr>
    <th height="34" width="85"><div align="left"  >Password:</div></th>
    <td colspan="4">
     
    <input name="Password" type="password" class="textfield" id="Password" value="<?php echo $row_rsUp['Password']; ?>" size="30" />
   
    </td>
  </tr>
  <tr>
    <td> </td>

    <td width="61"> </td>
    <td width="122" align="right"><input type="submit" name="Submit" value="Update" /></td>
  </tr>
</table>
<input name="userId" type="hidden" id="userId" value="<?php echo $row_rsUp['id']; ?>" />
<input type="hidden" name="MM_update" value="loginForm">
</form> 
<?php
mysql_free_result($rsUp);
?>



 

MOD EDIT:

 . . . 

tags added.

Link to comment
Share on other sites

make sure you back up your code, I am not absolutely sure what it is that you want

 

change:

  $updateSQL = sprintf("UPDATE userTbl SET Name=%s, Email=%s, Password=sha(%s) WHERE id=%s",
                       GetSQLValueString($_POST['Name'], "text"),
                       GetSQLValueString($_POST['Email'], "text"),
                       GetSQLValueString($_POST['Password'], "text"),
                       GetSQLValueString($_POST['userId'], "int"));

 

to:

  $updateSQL = sprintf("UPDATE userTbl SET Password=sha(%s) WHERE id=%s",
                       GetSQLValueString($_POST['Password'], "text"),
                       GetSQLValueString($_POST['userId'], "int"));

Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.