PHP update problem

anastasia0181 · June 17, 2011

Hi,

I have an application for creating accounts with :

"Name" / "email"/ "password" (I use sha1 to hash it) , I created a diferent page to update these info, but if i only change name or email the password gets encrypted a second time.

--------------------------------------------------------------------------

Below is my code for the update page, I want to update the password only when it is changed.

***********************************************************************

<?php require_once('../../Connections/myDB.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break; 
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "loginForm")) {
$updateSQL = sprintf("UPDATE userTbl SET Name=%s, Email=%s, Password=sha(%s) WHERE id=%s",
GetSQLValueString($_POST['Name'], "text"),
GetSQLValueString($_POST['Email'], "text"),
GetSQLValueString($_POST['Password'], "text"),
GetSQLValueString($_POST['userId'], "int"));

mysql_select_db($database_myDB, $myDB);
$Result1 = mysql_query($updateSQL, $myDB) or die(mysql_error());

$updateGoTo = "accounts.php";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}

$colname_rsUp = "1";
if (isset($_GET['id'])) {
$colname_rsUp = (get_magic_quotes_gpc()) ? $_GET['id'] : addslashes($_GET['id']);
}
mysql_select_db($database_myDB, $myDB);
$query_rsUp = sprintf("SELECT * FROM userTbl WHERE id = %s", $colname_rsUp);
$rsUp = mysql_query($query_rsUp, $myDB) or die(mysql_error());
$row_rsUp = mysql_fetch_assoc($rsUp);
$totalRows_rsUp = mysql_num_rows($rsUp);
?>

<form action="<?php echo $editFormAction; ?>" id="updateForm" name="loginForm" method="POST">

<table width="280" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<th height="34" width="85"><div align="left" >Name : </div></th>
<td colspan="4">

<input name="Name" type="text" class="textfield" id="Name" value="<?php echo $row_rsUp['Name']; ?>" size="30" />

</td>
</tr>
<tr>
<th height="34" width="85"><div align="left" >Email:</div></th>
<td colspan="4">
<span id="two"> 
<input name="Email" type="text" class="textfield" id="Email" value="<?php echo $row_rsUp['Email']; ?>" size="30" />

</td>
</tr>
<tr>
<th height="34" width="85"><div align="left" >Password:</div></th>
<td colspan="4">

<input name="Password" type="password" class="textfield" id="Password" value="<?php echo $row_rsUp['Password']; ?>" size="30" />

</td>
</tr>
<tr>
<td> </td>

<td width="61"> </td>
<td width="122" align="right"><input type="submit" name="Submit" value="Update" /></td>
</tr>
</table>
<input name="userId" type="hidden" id="userId" value="<?php echo $row_rsUp['id']; ?>" />
<input type="hidden" name="MM_update" value="loginForm">
</form> 
<?php
mysql_free_result($rsUp);
?>

**************************************************************************

Thank you.

RussellReal · June 17, 2011

Welcome to the forum, congrats on the first post, but I hate to be a jerk..

Please use code tags or php tags, trying to read that code without punctuation or anything really hurts my eyes (I got bad eyes <3)

Thanks, I'll check back when you got code tags or php tags in there!

anastasia0181 · June 17, 2011

Hi RussellReal I really appreciate you trying to help me, this is the first time I put code in a forum, do you want me to put all code between tags <code> and </code> like this


<?php require_once('../../Connections/myDB.php'); ?>
<?php
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "loginForm")) {
  $updateSQL = sprintf("UPDATE userTbl SET Name=%s, Email=%s, Password=sha(%s) WHERE id=%s",
                       GetSQLValueString($_POST['Name'], "text"),
                       GetSQLValueString($_POST['Email'], "text"),
                       GetSQLValueString($_POST['Password'], "text"),
                       GetSQLValueString($_POST['userId'], "int"));

  mysql_select_db($database_myDB, $myDB);
  $Result1 = mysql_query($updateSQL, $myDB) or die(mysql_error());

}

$colname_rsUp = "1";
if (isset($_GET['id'])) {
  $colname_rsUp = (get_magic_quotes_gpc()) ? $_GET['id'] : addslashes($_GET['id']);
}
mysql_select_db($database_myDB, $myDB);
$query_rsUp = sprintf("SELECT * FROM userTbl WHERE id = %s", $colname_rsUp);
$rsUp = mysql_query($query_rsUp, $myDB) or die(mysql_error());
$row_rsUp = mysql_fetch_assoc($rsUp);
$totalRows_rsUp = mysql_num_rows($rsUp);
?>

<form action="<?php echo $editFormAction; ?>" id="updateForm" name="loginForm" method="POST">
  
  <table width="280" border="0" align="center" cellpadding="2" cellspacing="0">
  <tr>
    <th height="34" width="85"><div align="left"  >Name : </div></th>
    <td colspan="4">
   
    <input name="Name" type="text" class="textfield" id="Name" value="<?php echo $row_rsUp['Name']; ?>" size="30" />
     
    </td>
  </tr>
  <tr>
    <th height="34" width="85"><div align="left"  >Email:</div></th>
    <td colspan="4">
   <span id="two">   
    <input name="Email" type="text" class="textfield" id="Email" value="<?php echo $row_rsUp['Email']; ?>" size="30" />
   
    </td>
  </tr>
  <tr>
    <th height="34" width="85"><div align="left"  >Password:</div></th>
    <td colspan="4">
     
    <input name="Password" type="password" class="textfield" id="Password" value="<?php echo $row_rsUp['Password']; ?>" size="30" />
   
    </td>
  </tr>
  <tr>
    <td> </td>

    <td width="61"> </td>
    <td width="122" align="right"><input type="submit" name="Submit" value="Update" /></td>
  </tr>
</table>
<input name="userId" type="hidden" id="userId" value="<?php echo $row_rsUp['id']; ?>" />
<input type="hidden" name="MM_update" value="loginForm">
</form> 
<?php
mysql_free_result($rsUp);
?>

MOD EDIT:

 . . .

tags added.

kenrbnsn · June 18, 2011

In this forum, you post your code between

tags.

Ken

anastasia0181 · June 18, 2011

Hi ,

With the

tags I get the same results as my first post.

RussellReal · June 18, 2011

make sure you back up your code, I am not absolutely sure what it is that you want

change:

  $updateSQL = sprintf("UPDATE userTbl SET Name=%s, Email=%s, Password=sha(%s) WHERE id=%s",
                       GetSQLValueString($_POST['Name'], "text"),
                       GetSQLValueString($_POST['Email'], "text"),
                       GetSQLValueString($_POST['Password'], "text"),
                       GetSQLValueString($_POST['userId'], "int"));

to:

  $updateSQL = sprintf("UPDATE userTbl SET Password=sha(%s) WHERE id=%s",
                       GetSQLValueString($_POST['Password'], "text"),
                       GetSQLValueString($_POST['userId'], "int"));

anastasia0181 · June 23, 2011

Thank you RussellReal that is what I acctually did, I created a separate page for changing password.

Your help was appreciated .

Sign In

PHP update problem

Recommended Posts

anastasia0181

Link to comment

Share on other sites

RussellReal

Link to comment

Share on other sites

anastasia0181

Link to comment

Share on other sites

kenrbnsn

Link to comment

Share on other sites

anastasia0181

Link to comment

Share on other sites

RussellReal

Link to comment

Share on other sites

anastasia0181

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information