Page 1 of 1

UPDATE sql statement trouble

Posted: Mon May 22, 2006 8:47 am
by tommy1987
Hi there, I have the following code:

Code: Select all

if(isset($confirm)) {
		//change pass
		echo $_GET['np'].'  '.$_GET['usr'];
		$newpass = $_GET['np'];
		$user = $_GET['user'];
		$query = "UPDATE users SET pass='$newpass' WHERE usr=$user";
		$result = mysql_query($query);
		if($result) {
			echo '<b>Password successfully changed</b>';
		}
			}
It is getting the correct value as is known from the echo. It never displays 'Password successfully changed', hence the query is not being successfully executed, can anyone suggest why?

Posted: Mon May 22, 2006 9:27 am
by GM
Are you missing single quotes around the $user variable in the query?

ie:

Code: Select all

WHERE usr = '$user'
PS: is it a good idea passing the new password as part of the URL??

PPS: Why not put an else clause in your PHP?

Code: Select all

if($result) {
  Echo "blah blah";
} else {
  Echo "Something's wrong: $query";
}

Posted: Mon May 22, 2006 9:42 am
by tommy1987
in this case security isnt an issue just yet, because it is just in testing.

Okay having put quotes around the $user as well, the code is now saying password changed successfully but the database isnt changed, im not sure what the problem is?

Posted: Mon May 22, 2006 9:56 am
by GM
I can't see anything else wrong with the query. Could it be that you need to send a "COMMIT" command to the database to commit the changes you've made?

If you run the query manually in the database does it update correctly?

Re: UPDATE sql statement trouble

Posted: Mon May 22, 2006 10:10 am
by RobertGonzalez
Try this...

Code: Select all

<?php
if(isset($confirm)) {
		//change pass
		echo $_GET['np'].'  '.$_GET['usr'];
		$newpass = $_GET['np'];
		$user = $_GET['user'];
		$query = "UPDATE users SET pass='$newpass' WHERE usr=$user";
		$result = mysql_query($query);
		if(mysql_affected_rows($result)) {
			echo '<b>Password successfully changed</b>';
		}
			}

?>