dudejma Posted August 2, 2011 Share Posted August 2, 2011 I'm getting real tired of this code that has no errors and adds nothing to the error log. I have no idea what's going on but this is like my third script that keeps doing this. Wtf am I doing wrong?! :confused: <?php require 'include/sql.php'; $code = $_GET['code']; if (isset($_POST['submit'])) { $sql = "SELECT * FROM temp_pass WHERE random='$code'"; $result = mysql_query($sql); if (!$result) { echo ("An error has occured. Please contact the webmaseter with the following error: " . mysql_error()); } while ($row = mysql_fetch_array($result)) { $pilotid = $row['pilotID']; $newPass = md5($_POST['password']); $sql2 = "UPDATE users SET password='$newPass' WHERE pilotID='001'"; echo $sql2; } $result2 = mysql_query($sql2); if (!$result) { die ("Line 28 works."); } } $sql3 = "DELETE FROM temp_pass WHERE pilotID='$pilotid'"; $result3 = mysql_query($sql3); if (!$result3) { die ("An error has occured in forgotPass1.php on line 36. Please contact the webmaster with the following error: " . mysql_error()); } header("Location: login.php");*/ } ?> Quote Link to comment Share on other sites More sharing options...
The Little Guy Posted August 2, 2011 Share Posted August 2, 2011 You have an extra brace at the end of your code, after header() Quote Link to comment Share on other sites More sharing options...
dudejma Posted August 2, 2011 Author Share Posted August 2, 2011 This is the new code: <?php require 'include/sql.php'; $code = $_GET['code']; if (isset($_POST['submit'])) { $sql = "SELECT * FROM temp_pass WHERE random='$code'"; $result = mysql_query($sql); if (!$result) { echo ("An error has occured. Please contact the webmaseter with the following error: " . mysql_error()); } while ($row = mysql_fetch_array($result)) { $pilotid = $row['pilotID']; $newPass = md5($_POST['password']); $sql2 = "UPDATE users SET password='$newPass' WHERE pilotID='$pilotid'"; } $result2 = mysql_query($sql2); if (!$result2) { die ("An error has occured. Please contact the webmaster with the following error: " . mysql_error()); } $sql3 = "DELETE FROM temp_pass WHERE pilotID='$pilotid'"; $result3 = mysql_query($sql3); if (!$result3) { die ("An error has occured. Please contact the webmaster with the following error: " . mysql_error()); } header("Location: login.php"); } ?> It goes to login.php with no errors, but it still doesn't do anything it's supposed to. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted August 2, 2011 Share Posted August 2, 2011 A query can execute just fine and not insert, select, or delete a thing. You need to start echoing your query strings to make sure they contain the values you'd expect them to contain, and you need to incorporate logic to not only make sure the query executed without error, but also that it did what it was supposed to do. For INSERT and DELETE queries, you'd use mysql_affected_rows(). Quote Link to comment Share on other sites More sharing options...
nogray Posted August 2, 2011 Share Posted August 2, 2011 You are using a GET for the code and your form is submitted using POST from what I can see "if (isset($_POST['submit'])) {" Also, never use the user input directly in the query. You would need to filter, validate and escape http://us.php.net/manual/en/function.mysql-real-escape-string.php Quote Link to comment Share on other sites More sharing options...
dudejma Posted August 2, 2011 Author Share Posted August 2, 2011 I found it! Sorta.. What happens is, when the page first is opened, it get's the code like it's supposed to, but then, when it tries to submit the data, it tries to run all the code all over again, thus, losing the $code variable. Idk why it does this though. Or how to just keep the code variable. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.