updating database with password

[franknu]

Ok, I want to update a database using a password that the user had already stored in his row

the problem is that it says:: Incorrect Password or User Name Try again

I really dont know why it is not working i think it should work perfectly

there is my code:
[code=php:0]


<?
       
$host = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";





$db = mysql_connect($host, $username, $password);
mysql_select_db($database);
$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : '');
$Slogan = (isset($_POST['Slogan']) ? $_POST['Slogan']:'');
$Business_Address = (isset($_POST['Business_Address']) ? $_POST['Business_Address']:'');
$Tel = (isset($_POST['Tel']) ? $_POST['Tel']:'');
$Website = (isset($_POST['Website']) ? $_POST['Website']:'');
$Email = (isset($_POST['Email']) ? $_POST['Email']:'');
$Member_Status = (isset($_POST['Member_Status']) ? $_POST['Member_Status']:'');
$Fax =(isset($_POST['Fax']) ? $_POST['Fax']:'');
$type = (isset($_POST['type']) ? $_POST['type']:'');
$make = (isset($_POST['make']) ? $_POST['make']:'');
$Categories = (isset($_POST['Categories']) ? $_POST['Categories']:'');
$Keyword = (isset($_POST['Keyword']) ? $_POST['Keyword']:'');
$Picture1 =  (isset($_POST['Picture1']) ? $_POST['Picture1']:'');
$Headline =  (isset($_POST['Headline']) ? $_POST['Headline']:'');
$Slogan2 = (isset($_POST['Slogan2']) ? $_POST['Slogan2']:'');
$Description1 = (isset($_POST['Description1']) ? $_POST['Description1']:'');
$Description2 = (isset($_POST['Description2']) ? $_POST['Description2']:'');
$Description3= (isset($_POST['Description3']) ? $_POST['Description3']:'');
$Contact2 = (isset($_POST['Contact2']) ? $_POST['Contact2']:'');
$Picture2 =  (isset($_POST['Picture2']) ? $_POST['Picture2']:'');
$Picture3 = (isset($_POST['Picture3']) ? $_POST['Picture3']:'');
$Picture4 =  (isset($_POST['Picture4']) ? $_POST['Picture4']:'');
$User_Name = (isset($_POST['User_Name']) ? $_POST['User_Name']:'');
$Password = (isset($_POST['Password']) ? $_POST['Password']: '');



$checkp = mysql_query("SELECT `Password` FROM `business_info` WHERE `User_Name` = '"
. mysql_real_escape_string($User_Name)."'");


$Password1 = mysql_fetch_row($checkp);
$Password2 = $Password1['Password'];




if($Password === $Password2)

{

$query = "UPDATE  business_info SET
`BusinessName`= '$BusinessName',
`Slogan`='$Slogan',
`Business_Address`='$Business_Address',
`Tel`='$Tel',
`Website`='$Website',
`Email`='$Email',
`Member_Status`='$Member_Status',
`Fax`='$Fax',
`type`='$type',
`make`='$make',
`Categories`='$Categories',
`Keyword`='$Keyword',
`Picture1`='$Picture1',
`Headline`='$Headline',
`Slogan2`='$Slogan2',
`Description1`='$Description1',
`Description2`='$Description2',
`Description3`= '$Description3',
`Contact2`='$Contact2',
`Picture2`='$Picture2',
`Picture3`='$Picture3',
  `User_Name` ='User_Name',
`Password`='$Password' WHERE `User_Name`='$User_Name'";

$result = mysql_query($query) or die (mysql_error());


  }


    else

    {
   
  echo "Incorrect Password or User Name Try again ";
  exit;
}




?>
[/code]

[obsidian]

are you using any sort of encryption on your password field in the database (MD5 or PASSWORD)?

i would recommend taking your checks to a new level, and for your error checking, figure out what stage you're erroring out on:

[code]
<?php
$user = trim($_POST['User_Name']);
$pass = trim($_POST['password']);
$sql = mysql_query("SELECT Password FROM business_info WHERE User_Name = '$user'");
if (mysql_num_rows($sql) == 1) {
  $confPass = mysql_result($sql, 0, 'Password');
  if ($pass == $confPass) {
    // passed checks. update your table
  } else {
    // wrong password
  }
} else {
  // user doesn't exist
}
?>
[/code]

check to make sure you're getting a record that you think you're getting in your username query, and see if that helps.

[franknu]

i am not using any encryption, i want to keep it simple for now after i get it to work, i would add more complex tools too it but shouldn't it work just  the way it is

[obsidian]

seems like it should, but you need to make sure that you're actually connecting to your database and that your query is returning what you think it should. here is some error checking you can add:
[code]
<?php
$host = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";

$db = mysql_connect($host, $username, $password) or die(mysql_error());
mysql_select_db($database) or die(mysql_error());
?>
[/code]

that will kill your script if your username/password or any other connection information is inaccurate. also, put in the more specific error checking i posted above so you can see where your query is dying. you need to find out if you're even returning a row with your User_Name query before you try to match your password. i'm simply trying to help you pinpoint the exact location that the error is taking place. once you know that, trouble shooting will be much easier.

good luck

[franknu]

it is connecting to the database but there is something it doesnt like about the way Password and User_Name is set up. i dont know why.. I made some changes but i still keep getting the error message from the codes

[code=php:0]

<?
       
$host = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";
$db = mysql_connect($host, $username, $password) or die(mysql_error());
mysql_select_db($database) or die(mysql_error());






$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : '');
$Slogan = (isset($_POST['Slogan']) ? $_POST['Slogan']:'');
$Business_Address = (isset($_POST['Business_Address']) ? $_POST['Business_Address']:'');
$Tel = (isset($_POST['Tel']) ? $_POST['Tel']:'');
$Website = (isset($_POST['Website']) ? $_POST['Website']:'');
$Email = (isset($_POST['Email']) ? $_POST['Email']:'');
$Member_Status = (isset($_POST['Member_Status']) ? $_POST['Member_Status']:'');
$Fax =(isset($_POST['Fax']) ? $_POST['Fax']:'');
$type = (isset($_POST['type']) ? $_POST['type']:'');
$make = (isset($_POST['make']) ? $_POST['make']:'');
$Categories = (isset($_POST['Categories']) ? $_POST['Categories']:'');
$Keyword = (isset($_POST['Keyword']) ? $_POST['Keyword']:'');
$Picture1 =  (isset($_POST['Picture1']) ? $_POST['Picture1']:'');
$Headline =  (isset($_POST['Headline']) ? $_POST['Headline']:'');
$Slogan2 = (isset($_POST['Slogan2']) ? $_POST['Slogan2']:'');
$Description1 = (isset($_POST['Description1']) ? $_POST['Description1']:'');
$Description2 = (isset($_POST['Description2']) ? $_POST['Description2']:'');
$Description3= (isset($_POST['Description3']) ? $_POST['Description3']:'');
$Contact2 = (isset($_POST['Contact2']) ? $_POST['Contact2']:'');
$Picture2 =  (isset($_POST['Picture2']) ? $_POST['Picture2']:'');
$Picture3 = (isset($_POST['Picture3']) ? $_POST['Picture3']:'');
$Picture4 =  (isset($_POST['Picture4']) ? $_POST['Picture4']:'');
$User_Name = (isset($_POST['User_Name']) ? $_POST['User_Name']:'');
$Password = (isset($_POST['Password']) ? $_POST['Password']: '');




$checkp = mysql_query("SELECT `Password` FROM `business_info` WHERE `User_Name` = '"
. mysql_real_escape_string($User_Name)."'");


$Password1 = mysql_fetch_row($checkp);
$Password2 = $Password1;


if($Password === $Password2)

{

$query = "UPDATE  business_info SET
`BusinessName`= '$BusinessName',
`Slogan`='$Slogan',
`Business_Address`='$Business_Address',
`Tel`='$Tel',
`Website`='$Website',
`Email`='$Email',
`Member_Status`='$Member_Status',
`Fax`='$Fax',
`type`='$type',
`make`='$make',
`Categories`='$Categories',
`Keyword`='$Keyword',
`Picture1`='$Picture1',
`Headline`='$Headline',
`Slogan2`='$Slogan2',
`Description1`='$Description1',
`Description2`='$Description2',
`Description3`= '$Description3',
`Contact2`='$Contact2',
`Picture2`='$Picture2',
`Picture3`='$Picture3',
  `User_Name` ='User_Name',
`Password`='$Password' WHERE `User_Name`='$User_Name'";

$result = mysql_query($query) or die (mysql_error());


  }


    else

    {
   
  echo "Incorrect Password or User Name Try again ";
  exit;
}




?>
[/code]

[obsidian]

like i posted above, you need to break down the query to see if you're even pulling a record:
[code]
<?php
$user = $_POST['User_Name'];
$q = "SELECT `Password` FROM business_info WHERE User_Name = '$user'";
$sql = mysql_query($q) or die(mysql_error() . "<br />$q");
if (mysql_num_rows($sql) == 1) {
  $pass = $_POST['Password'];
  $confPass = mysql_result($sql, 0, 'Password');
  if ($pass == $confPass) {
    // update
  } else {
    // Passwords don't match
    echo "$pass != $confPass";
  }
} else {
  // didn't get any records
  echo "No records for query: <b>$q</b>";
}
?>
[/code]

put those checks in and see [b]WHERE[/b] your script is dying... let us know the outcome

[franknu]

i made  the changes but still error message: I think i quit. i cant find the problem i been doing for weeks..

Notice: Undefined variable: results in c:\program files\easyphp1-8\home\townsfinder\authorization\update_page.php on line 118
NULL Incorrect Password or User Name Try again

[code=php:0]


$host = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";
$db = mysql_connect($host, $username, $password) or die(mysql_error());
mysql_select_db($database) or die(mysql_error());


$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : '');
$Slogan = (isset($_POST['Slogan']) ? $_POST['Slogan']:'');
$Business_Address = (isset($_POST['Business_Address']) ? $_POST['Business_Address']:'');
$Tel = (isset($_POST['Tel']) ? $_POST['Tel']:'');
$Website = (isset($_POST['Website']) ? $_POST['Website']:'');
$Email = (isset($_POST['Email']) ? $_POST['Email']:'');
$Member_Status = (isset($_POST['Member_Status']) ? $_POST['Member_Status']:'');
$Fax =(isset($_POST['Fax']) ? $_POST['Fax']:'');
$type = (isset($_POST['type']) ? $_POST['type']:'');
$make = (isset($_POST['make']) ? $_POST['make']:'');
$Categories = (isset($_POST['Categories']) ? $_POST['Categories']:'');
$Keyword = (isset($_POST['Keyword']) ? $_POST['Keyword']:'');
$Picture1 =  (isset($_POST['Picture1']) ? $_POST['Picture1']:'');
$Headline =  (isset($_POST['Headline']) ? $_POST['Headline']:'');
$Slogan2 = (isset($_POST['Slogan2']) ? $_POST['Slogan2']:'');
$Description1 = (isset($_POST['Description1']) ? $_POST['Description1']:'');
$Description2 = (isset($_POST['Description2']) ? $_POST['Description2']:'');
$Description3= (isset($_POST['Description3']) ? $_POST['Description3']:'');
$Contact2 = (isset($_POST['Contact2']) ? $_POST['Contact2']:'');
$Picture2 =  (isset($_POST['Picture2']) ? $_POST['Picture2']:'');
$Picture3 = (isset($_POST['Picture3']) ? $_POST['Picture3']:'');
$Picture4 =  (isset($_POST['Picture4']) ? $_POST['Picture4']:'');
$User_Name = (isset($_POST['User_Name']) ? $_POST['User_Name']:'');
$Password = (isset($_POST['Password']) ? $_POST['Password']: '');
$user = (isset($_POST['User_Name']) ? $_POST['User_Name']:'');


$sql = "SELECT `Password` FROM business_info WHERE User_Name = '$user'";
$sql = mysql_query($sql) or die(mysql_error() . "<br />$sql");
if (mysql_num_rows($sql) == 1) {
  $pass = $_POST['Password'];
  $confPass = mysql_result($sql, 0, 'Password');
  if ($pass == $confPass) {
    // update
  } else {
    // Passwords don't match
    echo "$pass != $confPass";
  }
} else {
  // didn't get any records
  echo "No records for query: <b>$sql</b>";
}




$checkp = mysql_query("SELECT `Password` FROM `business_info` WHERE `User_Name` = '"
. mysql_real_escape_string($User_Name)."'");


$Password1 = mysql_fetch_row($checkp);
$Password2 = $Password1;


if($Password === $Password2)

{

$query = "UPDATE  business_info SET
`BusinessName`= '$BusinessName',
`Slogan`='$Slogan',
`Business_Address`='$Business_Address',
`Tel`='$Tel',
`Website`='$Website',
`Email`='$Email',
`Member_Status`='$Member_Status',
`Fax`='$Fax',
`type`='$type',
`make`='$make',
`Categories`='$Categories',
`Keyword`='$Keyword',
`Picture1`='$Picture1',
`Headline`='$Headline',
`Slogan2`='$Slogan2',
`Description1`='$Description1',
`Description2`='$Description2',
`Description3`= '$Description3',
`Contact2`='$Contact2',
`Picture2`='$Picture2',
`Picture3`='$Picture3',
  `User_Name` ='User_Name',
`Password`='$Password' WHERE `User_Name`='$User_Name'";

$result = mysql_query($query) or die (mysql_error());


  }


    else

    {
   
  var_dump($results['BusinessName']); 

  echo "Incorrect Password or User Name Try again ";
  exit;
}




?>
[/code]

i cant see the error.... ???

[obsidian]

ok, look closely at your error:
[b]Notice: Undefined variable: results in c:\program files\easyphp1-8\home\townsfinder\authorization\update_page.php on line 118[/b]

what is line 118? you are referencing a variable $results on that line that has not been set.

[franknu]

this is what  i have on line 118. var_dump($results['BusinessName']); 

i can remove it, i just did it for testing

[obsidian]

ok, here's what's weird: if you have the above code, and the only warning you got was the line 118 error, that means that all my code was passed with no errors. that means you should study carefully any differences between my code and yours (in logic)... including the difference between "==" and "===".

[franknu]

i has to do something with the Password or User_Name.. maybe i should remove that just to see and re-entered.. really at this point maybe re-write everything or look for some codes online that can do that

[obsidian]

ok, getting tired of pointing, so i'll try to spell it out, and see if we can get somewhere ;)
[code]
<?php
$host    = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";
$db = mysql_connect($host, $username, $password) or die(mysql_error());
mysql_select_db($database) or die(mysql_error());

// has the form been submitted?
if (isset($_POST['submit'])) {
  // sets your variables
  foreach ($_POST as $key => $val) {
    $$key = mysql_real_escape_string($val);
  }

  $q = "SELECT `Password` FROM business_info WHERE User_Name = '$user'";
  $sql = mysql_query($sql) or die(mysql_error() . "<br />$q");
  if (mysql_num_rows($sql) == 1) {
    $pass = $_POST['Password'];
    $confPass = mysql_result($sql, 0, 'Password');
    if ($pass == $confPass) {
      // update
      $query = "UPDATE  business_info SET `BusinessName`= '$BusinessName', `Slogan`='$Slogan', " .
              "`Business_Address`='$Business_Address', `Tel`='$Tel', `Website`='$Website', " .
              "`Email`='$Email', `Member_Status`='$Member_Status', `Fax`='$Fax', `type`='$type', " .
              "`make`='$make', `Categories`='$Categories', `Keyword`='$Keyword', `Picture1`='$Picture1', " .
              "`Headline`='$Headline', `Slogan2`='$Slogan2', `Description1`='$Description1', " .
              "`Description2`='$Description2', `Description3`= '$Description3', `Contact2`='$Contact2', " .
              "`Picture2`='$Picture2', `Picture3`='$Picture3', `User_Name` ='User_Name', " .
              "`Password`='$Password' WHERE `User_Name`='$User_Name'";

      if (!mysql_query($query)) {
        echo "Record updated!";
      } else {
        echo "Couldn't update!<br />" . mysql_error();
      }
    } else {
      // Passwords don't match
      echo "$pass != $confPass";
    }
  } else {
    // didn't get any records
    echo "No records for query: <b>$q</b>";
  }
}
?>
[/code]

see where that gets you. this is IN PLACE OF all the code we've discussed so far. don't add it to anything, replace everything with it. i would recommend putting this in a separate file and pointing your form to the new file and see what happens.

NOTICE: this script assumes that your submit button is named "submit" ... if this is not the case, change the "if (isset($_POST['submit']))" line to match your submit button's name.

[franknu]

i try that and now i only get a blank page..

[obsidian]

are you hitting the page directly, or are you coming from a form? i probably should have asked that in the first place, but i assumed that since you're using the $_POST variable you were coming from a submitted form

[franknu]

yeah, i am comming from a submit form

[obsidian]

what is the [b]name[/b] of your submit button on your form?

[franknu]

<input type="submit"  value="Login" />
<form action="Update_Page.php" method="Post">
 
  <strong>UserName</strong> </td>

          <td width="63%"><input type="text" name="User_Name"></td>

that is my form information

[obsidian]

um... i hope you're showing me the idea of your form and not the actual code? there are a few things wrong: first of all, in the code you posted, your submit button is not even within your form. secondly, it has [b]no name at all[/b] which is why the code i gave you to handle it shows a blank page. the code i gave you is expecting the following form:
[code]
<form action="Update_Page.php" method="post" name="loginForm">
Username: <input type="text" name="User_Name" /><br />
Password: <input type="password" name="Password" /><br />
<input type="submit" name="submit" value="Login" />
</form>
[/code]

basically, your biggest problem is that your submit button isn't named. [b]every field needs to be named[/b] in your forms. this is good practice to get into. fix up your form, send it over to my code again, and let me know how it looks.

[franknu]

hey, the form that i sent was just an idea, but still it seem you were right on the other stuff

here is what i am displaying

Notice: Undefined variable: sql in c:\program files\easyphp1-8\home\townsfinder\authorization\update_page.php on line 62
Query was empty
SELECT `Password` FROM business_info WHERE User_Name = 'franklin'

hey it seems that it is about to work

this is what i have on line 62
$q = "SELECT `Password` FROM business_info WHERE User_Name = '$user'";

i guess i can go up and define $q with  $_POST[];

[franknu]

it said empty query, but i have info in that row what is causing this

[franknu]

this is my codes how i set it up so you can have a better idea

[code=php:0]

<?php
$host    = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";

$db = mysql_connect($host, $username, $password) or die(mysql_error());
mysql_select_db($database) or die(mysql_error());

if (isset($_POST['submit']))

{
    $BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : '');
$Slogan = (isset($_POST['Slogan']) ? $_POST['Slogan']:'');
$Business_Address = (isset($_POST['Business_Address']) ? $_POST['Business_Address']:'');
$Tel = (isset($_POST['Tel']) ? $_POST['Tel']:'');
$Website = (isset($_POST['Website']) ? $_POST['Website']:'');
$Email = (isset($_POST['Email']) ? $_POST['Email']:'');
$Member_Status = (isset($_POST['Member_Status']) ? $_POST['Member_Status']:'');
$Fax =(isset($_POST['Fax']) ? $_POST['Fax']:'');
$type = (isset($_POST['type']) ? $_POST['type']:'');
$make = (isset($_POST['make']) ? $_POST['make']:'');
$Categories = (isset($_POST['Categories']) ? $_POST['Categories']:'');
$Keyword = (isset($_POST['Keyword']) ? $_POST['Keyword']:'');
$Picture1 =  (isset($_POST['Picture1']) ? $_POST['Picture1']:'');
$Headline =  (isset($_POST['Headline']) ? $_POST['Headline']:'');
$Slogan2 = (isset($_POST['Slogan2']) ? $_POST['Slogan2']:'');
$Description1 = (isset($_POST['Description1']) ? $_POST['Description1']:'');
$Description2 = (isset($_POST['Description2']) ? $_POST['Description2']:'');
$Description3= (isset($_POST['Description3']) ? $_POST['Description3']:'');
$Contact2 = (isset($_POST['Contact2']) ? $_POST['Contact2']:'');
$Picture2 =  (isset($_POST['Picture2']) ? $_POST['Picture2']:'');
$Picture3 = (isset($_POST['Picture3']) ? $_POST['Picture3']:'');
$Picture4 =  (isset($_POST['Picture4']) ? $_POST['Picture4']:'');
$User_Name = (isset($_POST['User_Name']) ? $_POST['User_Name']:'');
$Password = (isset($_POST['Password']) ? $_POST['Password']: '');
$user = (isset($_POST['User_Name']) ? $_POST['User_Name']:'');
 

  foreach ($_POST as $key => $val) {
    $$key = mysql_real_escape_string($val);
  }

  $q = "SELECT `Password` FROM business_info WHERE User_Name = '$user'";
  $sql = mysql_query($sql) or die(mysql_error() . "<br />$q");
  if (mysql_num_rows($sql) == 1) {
    $pass = $_POST['Password'];
    $confPass = mysql_result($sql, 0, 'Password');
    if ($pass == $confPass) {
     
      $query = "UPDATE  business_info SET `BusinessName`= '$BusinessName', `Slogan`='$Slogan', " .
              "`Business_Address`='$Business_Address', `Tel`='$Tel', `Website`='$Website', " .
              "`Email`='$Email', `Member_Status`='$Member_Status', `Fax`='$Fax', `type`='$type', " .
              "`make`='$make', `Categories`='$Categories', `Keyword`='$Keyword', `Picture1`='$Picture1', " .
              "`Headline`='$Headline', `Slogan2`='$Slogan2', `Description1`='$Description1', " .
              "`Description2`='$Description2', `Description3`= '$Description3', `Contact2`='$Contact2', " .
              "`Picture2`='$Picture2', `Picture3`='$Picture3', `User_Name` ='User_Name', " .
              "`Password`='$Password' WHERE `User_Name`='$User_Name'";

      if (!mysql_query($query)) {
        echo "Record updated!";
      } else {
        echo "Couldn't update!<br />" . mysql_error();
      }
    } else {
      // Passwords don't match
      echo "$pass != $confPass";
    }
  } else {
    // didn't get any records
    echo "No records for query: <b>$q</b>";
  }
}
?>
[/code]

[obsidian]

ok, here's what your page should look like:
[code]
<?php
$host    = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";

$db = mysql_connect($host, $username, $password) or die(mysql_error());
mysql_select_db($database) or die(mysql_error());

$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : '');
$Slogan = (isset($_POST['Slogan']) ? $_POST['Slogan']:'');
$Business_Address = (isset($_POST['Business_Address']) ? $_POST['Business_Address']:'');
$Tel = (isset($_POST['Tel']) ? $_POST['Tel']:'');
$Website = (isset($_POST['Website']) ? $_POST['Website']:'');
$Email = (isset($_POST['Email']) ? $_POST['Email']:'');
$Member_Status = (isset($_POST['Member_Status']) ? $_POST['Member_Status']:'');
$Fax =(isset($_POST['Fax']) ? $_POST['Fax']:'');
$type = (isset($_POST['type']) ? $_POST['type']:'');
$make = (isset($_POST['make']) ? $_POST['make']:'');
$Categories = (isset($_POST['Categories']) ? $_POST['Categories']:'');
$Keyword = (isset($_POST['Keyword']) ? $_POST['Keyword']:'');
$Picture1 =  (isset($_POST['Picture1']) ? $_POST['Picture1']:'');
$Headline =  (isset($_POST['Headline']) ? $_POST['Headline']:'');
$Slogan2 = (isset($_POST['Slogan2']) ? $_POST['Slogan2']:'');
$Description1 = (isset($_POST['Description1']) ? $_POST['Description1']:'');
$Description2 = (isset($_POST['Description2']) ? $_POST['Description2']:'');
$Description3= (isset($_POST['Description3']) ? $_POST['Description3']:'');
$Contact2 = (isset($_POST['Contact2']) ? $_POST['Contact2']:'');
$Picture2 =  (isset($_POST['Picture2']) ? $_POST['Picture2']:'');
$Picture3 = (isset($_POST['Picture3']) ? $_POST['Picture3']:'');
$Picture4 =  (isset($_POST['Picture4']) ? $_POST['Picture4']:'');
$User_Name = (isset($_POST['User_Name']) ? $_POST['User_Name']:'');
$Password = (isset($_POST['Password']) ? $_POST['Password']: '');
$user = (isset($_POST['User_Name']) ? $_POST['User_Name']:'');

if (isset($_POST['submit']))  {

  foreach ($_POST as $key => $val) {
    $$key = mysql_real_escape_string($val);
  }

  $q = "SELECT `Password` FROM business_info WHERE User_Name = '$user'";
  $sql = mysql_query($q) or die(mysql_error() . "<br />$q");
  if (mysql_num_rows($sql) == 1) {
    $confPass = mysql_result($sql, 0, 'Password');
    if ($Password == $confPass) {
     
      $query = "UPDATE  business_info SET `BusinessName`= '$BusinessName', `Slogan`='$Slogan', " .
              "`Business_Address`='$Business_Address', `Tel`='$Tel', `Website`='$Website', " .
              "`Email`='$Email', `Member_Status`='$Member_Status', `Fax`='$Fax', `type`='$type', " .
              "`make`='$make', `Categories`='$Categories', `Keyword`='$Keyword', `Picture1`='$Picture1', " .
              "`Headline`='$Headline', `Slogan2`='$Slogan2', `Description1`='$Description1', " .
              "`Description2`='$Description2', `Description3`= '$Description3', `Contact2`='$Contact2', " .
              "`Picture2`='$Picture2', `Picture3`='$Picture3', `User_Name` ='User_Name', " .
              "`Password`='$Password' WHERE `User_Name`='$User_Name'";

      if (!mysql_query($query)) {
        echo "Record updated!";
      } else {
        echo "Couldn't update!<br />" . mysql_error();
      }
    } else {
      // Passwords don't match
      echo "$pass != $confPass";
    }
  } else {
    // didn't get any records
    echo "No records for query: <b>$q</b>";
  }
}
?>
[/code]

[franknu]

No records for query: SELECT `Password` FROM business_info WHERE User_Name = 'franklin'

this is what i am getting now any subjection.

i do have records there

[obsidian]

copy the query that is output to the screen and run it in your database manually. do you get results there? keep in mind that "=" in MySQL is [b]case sensitive[/b], so if your User_Name in the database is "Franklin", it will not match with "franklin".

[franknu]

ok Some interesting things are happening now, When i type in the  User_Name (franklin) and Password  it gets  changed to
User_Name in the database... and  i also use this in the database.No records for query: SELECT `Password` FROM business_info WHERE User_Name = 'franklin'

when i do that it shows the col Password and i can change it to whatever..

i am really close help to finish this thank you