updating an MD5 password

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ianao
Forum Newbie
Posts: 12
Joined: Fri May 22, 2009 7:03 am

updating an MD5 password

Post by ianao »

Hi

I have been Googling all morning but can't find the answer I'm looking for.

I am trying to write some PHP to update a user password. Here is an extract from my code:

Code: Select all

 
$newpassword = md5($_POST['newpassword']);
mysql_query("UPDATE members SET password='$newpassword' WHERE email='$email'")
                    or die("could not execute command");
 
The code executes, but when I check the relevant entry in MySQL the old password remains unchanged.

Can anyone help?

Best
ianao
Last edited by Benjamin on Fri May 22, 2009 9:51 am, edited 1 time in total.
Reason: Added [code=php] tags.
mattpointblank
Forum Contributor
Posts: 304
Joined: Tue Dec 23, 2008 6:29 am

Re: updating an MD5 password

Post by mattpointblank »

The easiest way to figure out why your code isn't putting the right info in the database is to print out your SQL and see what you're sending.

Code: Select all

 
$newpassword = md5($_POST['newpassword']);
$query = "UPDATE members SET password='$newpassword' WHERE email='$email'";
$result = mysql_query($query) or die("could not execute command: " . mysql_error());
echo $query;
 
See what's coming back: maybe some of your variables aren't defined like you think they are.
ianao
Forum Newbie
Posts: 12
Joined: Fri May 22, 2009 7:03 am

Re: updating an MD5 password

Post by ianao »

Hi

I can see how that would be very useful if it were producing an error, but frustratingly it's not doing that. It simply will not update the password field.

Best
ianao
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: updating an MD5 password

Post by onion2k »

"password" is a MySQL reserved word. Backtick your query and that won't happen. Eg

[sql]UPDATE `members` SET `password`='$newpassword' WHERE `email`='$email'[/sql]

The backtick ` is usually at the top left of your keyboard.

Alternatively, avoid calling columns and tables names that coincide with MySQL functions... http://dev.mysql.com/doc/refman/5.1/en/ ... words.html

EDIT: Weird, "password" isn't on that list. I'm sure it's a reserved word though.
ianao
Forum Newbie
Posts: 12
Joined: Fri May 22, 2009 7:03 am

Re: updating an MD5 password

Post by ianao »

Hi

I've tried backticking like this, but to no avail. It's still not updating.

Code: Select all

mysql_query("UPDATE `members` SET `password`='$newpassword' WHERE `email`='$email'")
Any other thoughts would be most welcome.

Best
ianao
Last edited by Benjamin on Fri May 22, 2009 9:51 am, edited 1 time in total.
Reason: Added [code=php] tags.
mattpointblank
Forum Contributor
Posts: 304
Joined: Tue Dec 23, 2008 6:29 am

Re: updating an MD5 password

Post by mattpointblank »

ianao wrote:Hi

I can see how that would be very useful if it were producing an error, but frustratingly it's not doing that. It simply will not update the password field.

Best
ianao
It is producing an error, or at least, it's not doing what you expect. Echo out your query and double check that it's doing what you think it is doing.
ianao
Forum Newbie
Posts: 12
Joined: Fri May 22, 2009 7:03 am

Re: updating an MD5 password

Post by ianao »

Hi

This is the echo'd result:

Code: Select all

UPDATE members SET `password`='101186a9a44bc0354ed997696a6aefba' WHERE `email`='$email'
Just can't see what's wrong.

Ianao
Last edited by Benjamin on Fri May 22, 2009 9:52 am, edited 1 time in total.
Reason: Added [code=php] tags.
mattpointblank
Forum Contributor
Posts: 304
Joined: Tue Dec 23, 2008 6:29 am

Re: updating an MD5 password

Post by mattpointblank »

Looks to me like it's trying to find an email address of '$email'? Try using double " not single ' around email.
ianao
Forum Newbie
Posts: 12
Joined: Fri May 22, 2009 7:03 am

Re: updating an MD5 password

Post by ianao »

Nope.

I tried escaping the "s as well, still no luck.

:cry:
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: updating an MD5 password

Post by pickle »

Ya, $email isn't evaluating to your actual email address. When you run that query on the database, it probably says "Query OK, 0 rows affected" right? That'll mean your WHERE clause isn't matching anything.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
ianao
Forum Newbie
Posts: 12
Joined: Fri May 22, 2009 7:03 am

Re: updating an MD5 password

Post by ianao »

Aha!

I tried changing the $email variable to the email string, and it worked!!

Now just got to figure out why it doesn't like the variable.

Thanks everyone and have a great weekend!

ianao
mattpointblank
Forum Contributor
Posts: 304
Joined: Tue Dec 23, 2008 6:29 am

Re: updating an MD5 password

Post by mattpointblank »

Sounds stupid, but did you define $email anywhere? Your other variable comes from $_POST so maybe you meant to write something like $email = $_POST['email']; somewhere?

Also: do some reading on SQL injection before you insert raw $_POST data into your database.
ianao
Forum Newbie
Posts: 12
Joined: Fri May 22, 2009 7:03 am

Re: updating an MD5 password

Post by ianao »

Not stupid at all. The email address came about from a posting from another file, and the error was in there. All sorted now, so thanks again for the help.

Yup. Got my SQL injection killer sorted.

Best
ianao
Post Reply