Checking form data against SQL database. If/else statement

Fearpig · May 1, 2007

Hi Guys,

Could someone help me with the code below... I'm trying to compare a password entered on a form to a password stored on a database. I can echo the form data and the database data and they all match up but regardless of this my code just goes ahead with the first of the "if / else" conditions.

$id = $_POST['id'];
$Authorised = $_POST['Authorise'];
$Division = $_POST['Division'];
$Password = $_POST['Password'];

//GET PASSWORD FROM DATABASE
$sql_password_confirmation="SELECT * FROM tbl_Contacts WHERE Division = '$Division'";
$Password_Confirmation=odbc_exec($conn,$sql_password_confirmation);
if (!$Password_Confirmation)
       {exit("Error in SQL - Password not Confirmed");}

$Stored_Password=odbc_result($Password_Confirmation,"Password");


//COMPARE FORM PASSWORD WITH DATABASE PASSWORD
if ($Password != $Stored_Password){

echo "<p class='Body2'>You have either not entered the correct password or you are not permitted to authorise on behalf of this division. </p>";

}
else{ 
    
//UPDATE TABLE - if I strip out the password bits this part works fine! 
$sql_Insert="UPDATE tbl_Visit SET Authorised = '$Authorised' WHERE Event_ID = '$id'";
$Insert_Details=odbc_exec($conn,$sql_Insert);
if (!$Insert_Details)
	{exit("Error in SQL");}


echo "<p class='Body2' align='middle'>You have succesfully authorised this visit</p>";

}

Am I right in thinking that you can do "if / else" in the format below?

if (CONDITION){ 

ACTION1

}
else{

ACTION2

}

I know you shouldn't do passwords like this but its not important data and I'm doing it more to learn php than set up a secure system. Any help would be appreciated.

tauchai83 · May 1, 2007

i'm not sure about odbc.

but the following:

$Stored_Password=odbc_result($Password_Confirmation,"Password");

the password here is a variable? if yes, should be $Password

Fearpig · May 1, 2007

No, that password isn't a variable... its a field on the table tbl_Contacts.

I know that bit works as I can echo the variables and passwords and they all match up... the error has to be somewhere in my if/else or somewhere like that!

trq · May 1, 2007

Your over complicating it. You need to validate the password in your actual query. eg;

<?php

$id = $_POST['id'];
$Authorised = $_POST['Authorise'];
$Division = $_POST['Division'];
$Password = $_POST['Password'];

$sql = "SELECT * FROM tbl_Contacts WHERE Division = '$Division' AND Password = '$Password'";
if ($result = odbc_exec($conn,$sql)) {
  if (odbc_num_rows($result)) {
    // do update.
  } else {
    // Password invalid.
  }
}

?>

Fearpig · May 1, 2007

Hi Thorpe,

I've tried what you suggested but I'm still getting the same error... whatever password I enter it just does the first action.

I've simplfied the code and here is what I am working with at the moment:

$Event_ID = $_POST['Event_ID'];
$Authorised = $_POST['Authorise'];
$Division = $_POST['Division'];
$Password = $_POST['Password'];


$sql = "SELECT * FROM tbl_Contacts WHERE Division = '$Division' AND Password = '$Password'";
if ($result = odbc_exec($conn,$sql)) {
  if (odbc_num_rows($result)) {
  
	echo "Good password";

  } else {
    
echo "Bad password";

  }
}

If anyone has any idea I'd greatly appreciate it as I'm just stuck at the moment!

Sign In

Checking form data against SQL database. If/else statement

Recommended Posts

Fearpig

Link to comment

Share on other sites

tauchai83

Link to comment

Share on other sites

Fearpig

Link to comment

Share on other sites

trq

Link to comment

Share on other sites

Fearpig

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information