Jump to content

PHP update problem


anastasia0181

Recommended Posts

Hi,

I have an application for creating accounts with :

"Name" / "email"/ "password" (I use sha1 to hash it) , I created a diferent page to update these info, but if i only change name or email the password gets encrypted a second time.

--------------------------------------------------------------------------

 

Below is my code for the update page, I want to update the password only when it is changed.

 

***********************************************************************

<?php require_once('../../Connections/myDB.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break; 
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "loginForm")) {
$updateSQL = sprintf("UPDATE userTbl SET Name=%s, Email=%s, Password=sha(%s) WHERE id=%s",
GetSQLValueString($_POST['Name'], "text"),
GetSQLValueString($_POST['Email'], "text"),
GetSQLValueString($_POST['Password'], "text"),
GetSQLValueString($_POST['userId'], "int"));

mysql_select_db($database_myDB, $myDB);
$Result1 = mysql_query($updateSQL, $myDB) or die(mysql_error());

$updateGoTo = "accounts.php";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}

$colname_rsUp = "1";
if (isset($_GET['id'])) {
$colname_rsUp = (get_magic_quotes_gpc()) ? $_GET['id'] : addslashes($_GET['id']);
}
mysql_select_db($database_myDB, $myDB);
$query_rsUp = sprintf("SELECT * FROM userTbl WHERE id = %s", $colname_rsUp);
$rsUp = mysql_query($query_rsUp, $myDB) or die(mysql_error());
$row_rsUp = mysql_fetch_assoc($rsUp);
$totalRows_rsUp = mysql_num_rows($rsUp);
?>

<form action="<?php echo $editFormAction; ?>" id="updateForm" name="loginForm" method="POST">

<table width="280" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<th height="34" width="85"><div align="left" >Name : </div></th>
<td colspan="4">

<input name="Name" type="text" class="textfield" id="Name" value="<?php echo $row_rsUp['Name']; ?>" size="30" />

</td>
</tr>
<tr>
<th height="34" width="85"><div align="left" >Email:</div></th>
<td colspan="4">
<span id="two"> 
<input name="Email" type="text" class="textfield" id="Email" value="<?php echo $row_rsUp['Email']; ?>" size="30" />

</td>
</tr>
<tr>
<th height="34" width="85"><div align="left" >Password:</div></th>
<td colspan="4">

<input name="Password" type="password" class="textfield" id="Password" value="<?php echo $row_rsUp['Password']; ?>" size="30" />

</td>
</tr>
<tr>
<td> </td>

<td width="61"> </td>
<td width="122" align="right"><input type="submit" name="Submit" value="Update" /></td>
</tr>
</table>
<input name="userId" type="hidden" id="userId" value="<?php echo $row_rsUp['id']; ?>" />
<input type="hidden" name="MM_update" value="loginForm">
</form> 
<?php
mysql_free_result($rsUp);
?>

**************************************************************************

 

Thank you.

Link to comment
Share on other sites

Welcome to the forum, congrats on the first post, but I hate to be a jerk..

 

Please use code tags or php tags, trying to read that code without punctuation or anything really hurts my eyes (I got bad eyes <3)

 

Thanks, I'll check back when you got code tags or php tags in there!

Link to comment
Share on other sites

Hi RussellReal  I really appreciate you trying to help me, this is the first time I put code in a forum, do you want me to put all code between tags <code> and </code> like this

 


<?php require_once('../../Connections/myDB.php'); ?>
<?php
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "loginForm")) {
  $updateSQL = sprintf("UPDATE userTbl SET Name=%s, Email=%s, Password=sha(%s) WHERE id=%s",
                       GetSQLValueString($_POST['Name'], "text"),
                       GetSQLValueString($_POST['Email'], "text"),
                       GetSQLValueString($_POST['Password'], "text"),
                       GetSQLValueString($_POST['userId'], "int"));

  mysql_select_db($database_myDB, $myDB);
  $Result1 = mysql_query($updateSQL, $myDB) or die(mysql_error());

}

$colname_rsUp = "1";
if (isset($_GET['id'])) {
  $colname_rsUp = (get_magic_quotes_gpc()) ? $_GET['id'] : addslashes($_GET['id']);
}
mysql_select_db($database_myDB, $myDB);
$query_rsUp = sprintf("SELECT * FROM userTbl WHERE id = %s", $colname_rsUp);
$rsUp = mysql_query($query_rsUp, $myDB) or die(mysql_error());
$row_rsUp = mysql_fetch_assoc($rsUp);
$totalRows_rsUp = mysql_num_rows($rsUp);
?>

<form action="<?php echo $editFormAction; ?>" id="updateForm" name="loginForm" method="POST">
  
  <table width="280" border="0" align="center" cellpadding="2" cellspacing="0">
  <tr>
    <th height="34" width="85"><div align="left"  >Name : </div></th>
    <td colspan="4">
   
    <input name="Name" type="text" class="textfield" id="Name" value="<?php echo $row_rsUp['Name']; ?>" size="30" />
     
    </td>
  </tr>
  <tr>
    <th height="34" width="85"><div align="left"  >Email:</div></th>
    <td colspan="4">
   <span id="two">   
    <input name="Email" type="text" class="textfield" id="Email" value="<?php echo $row_rsUp['Email']; ?>" size="30" />
   
    </td>
  </tr>
  <tr>
    <th height="34" width="85"><div align="left"  >Password:</div></th>
    <td colspan="4">
     
    <input name="Password" type="password" class="textfield" id="Password" value="<?php echo $row_rsUp['Password']; ?>" size="30" />
   
    </td>
  </tr>
  <tr>
    <td> </td>

    <td width="61"> </td>
    <td width="122" align="right"><input type="submit" name="Submit" value="Update" /></td>
  </tr>
</table>
<input name="userId" type="hidden" id="userId" value="<?php echo $row_rsUp['id']; ?>" />
<input type="hidden" name="MM_update" value="loginForm">
</form> 
<?php
mysql_free_result($rsUp);
?>



 

MOD EDIT:

 . . . 

tags added.

Link to comment
Share on other sites

make sure you back up your code, I am not absolutely sure what it is that you want

 

change:

  $updateSQL = sprintf("UPDATE userTbl SET Name=%s, Email=%s, Password=sha(%s) WHERE id=%s",
                       GetSQLValueString($_POST['Name'], "text"),
                       GetSQLValueString($_POST['Email'], "text"),
                       GetSQLValueString($_POST['Password'], "text"),
                       GetSQLValueString($_POST['userId'], "int"));

 

to:

  $updateSQL = sprintf("UPDATE userTbl SET Password=sha(%s) WHERE id=%s",
                       GetSQLValueString($_POST['Password'], "text"),
                       GetSQLValueString($_POST['userId'], "int"));

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.