Xeven Posted March 3, 2008 Share Posted March 3, 2008 Ok so I have another question for you friendly people at PHP Freaks. I am trying to make a sort of control panel page for user accounts. On this page I am trying to allow the user to change their current password. This is being done by the browser using the session, which holds the name of the user logged in. So it checks who the user is and updates my MySQL database that way. Here is what I have done so far <?php session_start(); // sessions are started?> <? include ("info.inc"); $connect = mysql_connect($host,$account,$password); $db = mysql_select_db("database") or die("Can't connect to database"); $password1 = $_POST['password1']; $password2 = $_POST['password2']; // start the query $query = mysql_query("UPDATE user SET password1=MD5('$password1'), password2=MD5('$password2') WHERE emailaddress1 = '".$_SESSION['sessioname']."'"); $result = mysql_query($query) or die(mysql_error()); ?> The only problem is, it is not updating anything but is giving me the following error: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1" If anyone has any idea's as to what I can try to fix this I would be very grateful. Quote Link to comment Share on other sites More sharing options...
revraz Posted March 3, 2008 Share Posted March 3, 2008 echo $query and it should give you a indication of why. Quote Link to comment Share on other sites More sharing options...
discomatt Posted March 3, 2008 Share Posted March 3, 2008 I'm no mysql guru, but try escapting all mysql field names. Sometimes you can be using a reserved name without knowing it $query = mysql_query(" UPDATE `user` SET `password1` = MD5('" . mysql_escape_string($password1) . "'), `password2` = MD5('" . mysql_escape_string($password2) . "') WHERE `emailaddress1` = '" . $_SESSION['sessioname'] . "' "); Quote Link to comment Share on other sites More sharing options...
soycharliente Posted March 3, 2008 Share Posted March 3, 2008 I concur with discomatt. In the past I've used 'date' as a column name and didn't even realize it. Using backticks (`) to escape all table and column names is always a great idea. Quote Link to comment Share on other sites More sharing options...
Xeven Posted March 4, 2008 Author Share Posted March 4, 2008 I did reply to this thread last night but for some reason my last post has gone missing. Ok so I have put an echo around: echo $query = mysql_query("UPDATE user SET password1=MD5('$password1'), password2=MD5('$password2') WHERE emailaddress1 = '".$_SESSION['sessioname']."'"); and now I seem to get a "1" at the start of the sentence like so: 1You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1 Thanks for helping guys. Quote Link to comment Share on other sites More sharing options...
Agricola Posted March 4, 2008 Share Posted March 4, 2008 this is proberbly the offending part '".$_SESSION['sessioname']."'"); what you have here is a syntax when building a query as a string, not calling it direct EDIT you be better off just doing it this way in long run. <?php $pw_update = "UPDATE user SET password1=MD5('$password1'), password2=MD5('$password2') WHERE emailaddress1 = '".$_SESSION['sessioname']."' "; $query = mysql_query($pw_update); ?> EDIT: AS for missing post, the dababase died or somthing like that, as i registered yesterday and replied to a few things but when come to log on came up with username not in database, so had to re register. appears the database was rolled back prior to my signing up. Quote Link to comment Share on other sites More sharing options...
Xeven Posted March 4, 2008 Author Share Posted March 4, 2008 That has solved the problem. Thanks a lot for your help! Quote Link to comment Share on other sites More sharing options...
soycharliente Posted March 5, 2008 Share Posted March 5, 2008 Thanks hackers. That was what I suggested as well but it got deleted. Sorry we couldn't help you solve your problem earlier. I always have my query in a variable and then pass the variable to the mysql_query function. That way it's much easier to echo out if I'm having problems with errors or things just not updating. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.