PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
if(isset($_REQUEST['submit'])) {
$hospital = $_REQUEST['hospital'];
$name=$_POST[name];
$surname=$_POST[surname];
$address=$_POST[address];
$phone=$_POST[phone];
$username=$_POST[username];
$new_password=$_POST[new_password];
if ($new_password=' ')
{
$result = mysql_query("UPDATE users SET address='$address', phone='$phone', username='$username', hospital_id='$hospital' WHERE username='$username'");
echo "Database updated successfully!";
}
else if ($new_password!=' ')
{
$result = mysql_query("UPDATE users SET address='$address', phone='$phone', username='$username', password='sha1($new_password)', hospital_id='$hospital' WHERE username='$username'");
echo "Database updated successfully!";
}
else
{
echo "Unable to update the database!";
}
}
What I want to do is to check if the new password field is filled by the user. If it is filled then I have to also update the password field. All the other fields are being updated without any problem. The problem is that I can't update the password field. The new_password variable has the right value (the value I typed in the new password field) but it seemed that it can't be updated with the sha1 encryption!
Do you have any ideas why is this happening?Have I done something wrong?
First of all you should quote your array keys. Then take a look at http://en.wikipedia.org/wiki/SQL_injection. If there's no message, submit field/button is empty. If not, try mysql_query('...') OR die(mysql_error());
The single quotes tell PHP that the literal string that you have between the single quotes is exactly what you want to have saved as the value for the password field in the table. I don't think you want to save the literal string: sha1($new_password).
Thanks a lot for your help. I make a function in order to prevent sql injection and I found out what was the problem. The problem was that I had put a single = in my if statement instead of == and it never executed the else if! After changing the = everything works fine!
$result = mysql_query("UPDATE users SET address='$address', phone='$phone', username='$username', password='sha1($new_password)', kwd_nos_erg='$hospital' WHERE username='$username'");
still won't execute the sha1() function. PHP will interpret simple variables within a double-quoted string, but not functions (or arrays). You must do the sha1() outside the string, like this:
It doesn't seem to have any problem in my database. It stores the password as I want but I will make the changed you told me because I am not so experienced in PHP.