PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
franknu
Forum Contributor
Posts: 146 Joined: Sun May 28, 2006 9:29 am
Post
by franknu » Tue Oct 17, 2006 1:28 pm
I want the user to update his data which is in a row on table business_info. Once he type in his password and user name which is already store in the database the user should be able to change all the data in his row. The problem is that i have an user and password in the database, it should work, i dont see why it is not working please help.
this is the message i am getting
Incorrect Password or User Name Try again
this is my code
Code: Select all
<?
$host = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";
$db = mysql_connect($host, $username, $password);
mysql_select_db($database);
$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : "");
$Slogan = (isset($_POST['Slogan']));
$Business_Address = (isset($_POST['Business_Address']));
$Tel = (isset($_POST['Tel']));
$Website = (isset($_POST['Website']));
$Email = (isset($_POST['Email']));
$Member_Status = (isset($_POST['Member_Status']));
$Fax =(isset($_POST['Fax']));
$type = (isset($_POST['type']));
$make = (isset($_POST['make']));
$Categories = (isset($_POST['Categories']));
$Keyword = (isset($_POST['Keyword']));
$Picture1 = (isset($_POST['Picture1']));
$Headline = (isset($_POST['Headline']));
$Slogan2 = (isset($_POST['Slogan2']));
$Description1 = (isset($_POST['Description1']));
$Description2 = (isset($_POST['Description2']));
$Description3= (isset($_POST['Description3']));
$Contact2 = (isset($_POST['Contact2']));
$Picture2 = (isset($_POST['Picture2']));
$Picture3 = (isset($_POST['Picture3']));
$Picture4 = (isset($_POST['Picture4']));
$User_Name = (isset($_POST['User_Name']));
$Password = (isset($_POST['Password']));
$checkp = mysql_query("SELECT `Password` FROM `Business_Info` WHERE `User_Name` = '$User_Name'");
$Password1 = mysql_fetch_row($checkp);
$Password2 = $Password1['Password'];
if($Password === $Password2)
{
$query = "UPDATE Business_Info SET
`BusinessName`= '$BusinessName',
`Slogan`='$Slogan',
`Business_Address`='$Business_Address',
`Tel`='$Tel',
`Website`='$Website',
`Email`='$Email',
`Member_Status`='$Member_Status',
`Fax`='$Fax',
`type`='$type',
`make`='$make',
`Categories`='$Categories',
`Keyword`='$Keyword',
`Picture1`='$Picture1',
`Headline`='$Headline',
`Slogan2`='$Slogan2',
`Description1`='$Description1',
`Description2`='$Description2',
`Description3`= '$Description3',
`Contact2`='$Contact2',
`Picture2`='$Picture2',
`Picture3`='$Picture3',
`User_Name` ='User_Name',
`Password`='$Password' WHERE `User_Name`='$User_Name'";
$result = mysql_query($query) or die (mysql_error());
}
else
{
echo "Incorrect Password or User Name Try again ";
exit;
}
?>
RobertGonzalez
Site Administrator
Posts: 14293 Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA
Post
by RobertGonzalez » Tue Oct 17, 2006 1:36 pm
First remark of mine is 'Why are you storing passwords in plain text?'. Next thing, this conditional:
Is evaluating to false. I would maybe check their values to make sure they are matching up. This is why you are getting the notice you are getting.
franknu
Forum Contributor
Posts: 146 Joined: Sun May 28, 2006 9:29 am
Post
by franknu » Tue Oct 17, 2006 1:42 pm
what i am storing is simple data so i dont need any security.
I try using
If (Password=== Password)
i was still getting the same message i have done everything, i could..
i was also noticing do i need to create another HTML form for updates or would this automaticly go to the database itself and update from there
RobertGonzalez
Site Administrator
Posts: 14293 Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA
Post
by RobertGonzalez » Tue Oct 17, 2006 1:47 pm
This:
Code: Select all
$Password = (isset($_POST['Password']));
... is setting $Password to either true or false, as are all the other vars that are being assigned a value of isset($_POST['fieldname']). What you need to do with this is:
Code: Select all
$Password = isset($_POST['Password']) ? $_POST['Pasword'] : '';
Obadiah
Forum Regular
Posts: 580 Joined: Mon Jul 31, 2006 9:13 am
Location: Ashland, KY
Contact:
Post
by Obadiah » Tue Oct 17, 2006 2:00 pm
this is the way i did it
Code: Select all
session_start();
include("functions_main.inc");
$table_name = "Customer";
$next_program = "../Log_In/yea/that_place.php";
switch (@$_POST['Button'])
{
case "Login":
$cxn = Connect_to_db("trove.inc");
$sql = "SELECT user_name FROM $table_name
WHERE user_name='$_POST[fusername]'";
$result = mysqli_query($cxn,$sql)
or die("Couldn't execute query 1");
$num = mysqli_num_rows($result);
if($num == 1)
{
$sql = "SELECT user_name FROM $table_name
WHERE user_name='".mysqli_real_escape_string($cxn,$_POST['fusername'])."'
AND password=md5('$_POST[fpassword]')";
$result2 = mysqli_query($cxn,$sql)
or die("Couldn't execute query 2.");
$row = mysqli_fetch_assoc($result2);
if($row)
{
$_SESSION['auth']="yes";
$_SESSION['logname'] = mysqli_real_escape_string($cxn,$_POST['fusername']);
header("Location: $next_program?user='.$user_name");
}
else
{
$message_1="The Login Name, '$_POST[fusername]'
exists, but you have not entered the
correct password! Please try again.<br>";
extract($_POST);
}
}
elseif ($num == 0) // login name not found
{
$message_1 = "The User Name you entered does not
exist! Please try again.<br>";
}
break;
in the head you can create a function that will open up a connection to the databace like so
Code: Select all
function doDB()
{
$conn = mysql_connect("localhost","Obi","thepassword") or die(mysql_error());
mysql_select_db("customerdirectory",$conn) or die(mysql_error());
return $conn;
}
i just chose to do it as a seperate file....either should work fine though
franknu
Forum Contributor
Posts: 146 Joined: Sun May 28, 2006 9:29 am
Post
by franknu » Tue Oct 17, 2006 2:14 pm
i made changes
Code: Select all
<?
$host = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";
$db = mysql_connect($host, $username, $password);
mysql_select_db($database);
$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : "");
$Slogan = (isset($_POST['Slogan']));
$Business_Address = (isset($_POST['Business_Address']));
$Tel = (isset($_POST['Tel']));
$Website = (isset($_POST['Website']));
$Email = (isset($_POST['Email']));
$Member_Status = (isset($_POST['Member_Status']));
$Fax =(isset($_POST['Fax']));
$type = (isset($_POST['type']));
$make = (isset($_POST['make']));
$Categories = (isset($_POST['Categories']));
$Keyword = (isset($_POST['Keyword']));
$Picture1 = (isset($_POST['Picture1']));
$Headline = (isset($_POST['Headline']));
$Slogan2 = (isset($_POST['Slogan2']));
$Description1 = (isset($_POST['Description1']));
$Description2 = (isset($_POST['Description2']));
$Description3= (isset($_POST['Description3']));
$Contact2 = (isset($_POST['Contact2']));
$Picture2 = (isset($_POST['Picture2']));
$Picture3 = (isset($_POST['Picture3']));
$Picture4 = (isset($_POST['Picture4']));
$User_Name = (isset($_POST['User_Name']));
$Password = isset($_POST['Password']) ? $_POST['Password'] : '';
$checkp = mysql_query("SELECT `Password` FROM `Business_Info` WHERE `User_Name` = '$User_Name'");
$Password1 = mysql_fetch_row($checkp);
$Password2 = $Password1['Password'];
if($Password === $Password)
{
$query = "UPDATE Business_Info SET
`BusinessName`= '$BusinessName',
`Slogan`='$Slogan',
`Business_Address`='$Business_Address',
`Tel`='$Tel',
`Website`='$Website',
`Email`='$Email',
`Member_Status`='$Member_Status',
`Fax`='$Fax',
`type`='$type',
`make`='$make',
`Categories`='$Categories',
`Keyword`='$Keyword',
`Picture1`='$Picture1',
`Headline`='$Headline',
`Slogan2`='$Slogan2',
`Description1`='$Description1',
`Description2`='$Description2',
`Description3`= '$Description3',
`Contact2`='$Contact2',
`Picture2`='$Picture2',
`Picture3`='$Picture3',
`User_Name` ='User_Name',
`Password`='$Password' WHERE `User_Name`='$User_Name'";
$result = mysql_query($query) or die (mysql_error());
}
else
{
echo "Incorrect Password or User Name Try again ";
exit;
}
?>
when i type in the password it seems to go through and then a blank page appears
anything i need to do
RobertGonzalez
Site Administrator
Posts: 14293 Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA
Post
by RobertGonzalez » Tue Oct 17, 2006 2:18 pm
Everah wrote: This:
Code: Select all
$Password = (isset($_POST['Password']));
... is setting $Password to either true or false,
as are all the other vars that are being assigned a value of isset($_POST['fieldname']) . What you need to do with this is:
Code: Select all
$Password = isset($_POST['Password']) ? $_POST['Pasword'] : '';
You need to change every variable assignment in that group of vars. Right now almost everything is being set to true or false. Even $User_Name.
franknu
Forum Contributor
Posts: 146 Joined: Sun May 28, 2006 9:29 am
Post
by franknu » Tue Oct 17, 2006 2:40 pm
that is what i did as you can see in the new code i sent you....
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Tue Oct 17, 2006 2:47 pm
You didn't do every single one.
RobertGonzalez
Site Administrator
Posts: 14293 Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA
Post
by RobertGonzalez » Tue Oct 17, 2006 3:29 pm
This is a snip of your code, with comments...
Code: Select all
<?php
$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : ""); // Sets to either empty or $_POST['BusinessName']
$Slogan = (isset($_POST['Slogan'])); // sets to true or false - probably true
$Business_Address = (isset($_POST['Business_Address'])); // sets to true or false - probably true
$Tel = (isset($_POST['Tel'])); // sets to true or false - probably true
$Website = (isset($_POST['Website'])); // sets to true or false - probably true
$Email = (isset($_POST['Email'])); // sets to true or false - probably true
$Member_Status = (isset($_POST['Member_Status'])); // sets to true or false - probably true
$Fax =(isset($_POST['Fax'])); // sets to true or false - probably true
$type = (isset($_POST['type'])); // sets to true or false - probably true
$make = (isset($_POST['make'])); // sets to true or false - probably true
$Categories = (isset($_POST['Categories'])); // sets to true or false - probably true
$Keyword = (isset($_POST['Keyword'])); // sets to true or false - probably true
$Picture1 = (isset($_POST['Picture1'])); // sets to true or false - probably true
$Headline = (isset($_POST['Headline'])); // sets to true or false - probably true
$Slogan2 = (isset($_POST['Slogan2'])); // sets to true or false - probably true
$Description1 = (isset($_POST['Description1'])); // sets to true or false - probably true
$Description2 = (isset($_POST['Description2'])); // sets to true or false - probably true
$Description3= (isset($_POST['Description3'])); // sets to true or false - probably true
$Contact2 = (isset($_POST['Contact2'])); // sets to true or false - probably true
$Picture2 = (isset($_POST['Picture2'])); // sets to true or false - probably true
$Picture3 = (isset($_POST['Picture3'])); // sets to true or false - probably true
$Picture4 = (isset($_POST['Picture4'])); // sets to true or false - probably true
$User_Name = (isset($_POST['User_Name'])); // sets to true or false - probably true
$Password = isset($_POST['Password']) ? $_POST['Password'] : ''; // sets to either empty or $_POST['Password']
?>
franknu
Forum Contributor
Posts: 146 Joined: Sun May 28, 2006 9:29 am
Post
by franknu » Tue Oct 17, 2006 6:18 pm
new changes made
Code: Select all
<?
$host = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";
$db = mysql_connect($host, $username, $password);
mysql_select_db($database);
$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : '');
$Slogan = (isset($_POST['Slogan']) ? $_POST['Slogan']:'');
$Business_Address = (isset($_POST['Business_Address']) ? $_POST['Business_Address']:'');
$Tel = (isset($_POST['Tel']) ? $_POST['Tel']:'');
$Website = (isset($_POST['Website']) ? $_POST['Website']:"");
$Email = (isset($_POST['Email']) ? $_POST['Email']:'');
$Member_Status = (isset($_POST['Member_Status']) ? $_POST['Member_Status']:'');
$Fax =(isset($_POST['Fax']) ? $_POST['Fax']:'');
$type = (isset($_POST['type']) ? $_POST['type']:'');
$make = (isset($_POST['make']) ? $_POST['make']:'');
$Categories = (isset($_POST['Categories']) ? $_POST['Categories']:'');
$Keyword = (isset($_POST['Keyword']) ? $_POST['Keyword']:'');
$Picture1 = (isset($_POST['Picture1']) ? $_POST['Picture1']:'');
$Headline = (isset($_POST['Headline']) ? $_POST['Headline']:'');
$Slogan2 = (isset($_POST['Slogan2']) ? $_POST['Slogan2']:'');
$Description1 = (isset($_POST['Description1']) ? $_POST['Description1']:'');
$Description2 = (isset($_POST['Description2']) ? $_POST['Description2'] :'');
$Description3= (isset($_POST['Description3']) ? $_POST['Description3']:'');
$Contact2 = (isset($_POST['Contact2']) ? $_POST['Contact2']:'');
$Picture2 = (isset($_POST['Picture2']) ? $_POST['Picture3']:'');
$Picture3 = (isset($_POST['Picture3']) ? $_POST['Picture3']:'');
$Picture4 = (isset($_POST['Picture4']) ? $_POST['Picture4']:'');
$User_Name = (isset($_POST['User_Name'])? $_POST['User_Name']:'');
$Password = (isset($_POST['Password']) ? $_POST['Password'] : '');
$checkp = mysql_query("SELECT `Password` FROM `Business_Info` WHERE `User_Name` = '$User_Name'");
$Password1 = mysql_fetch_row($checkp);
$Password2 = $Password1['Password'];
if($Password === $Password)
{
$query = "UPDATE Business_Info SET
`BusinessName`= '$BusinessName',
`Slogan`='$Slogan',
`Business_Address`='$Business_Address',
`Tel`='$Tel',
`Website`='$Website',
`Email`='$Email',
`Member_Status`='$Member_Status',
`Fax`='$Fax',
`type`='$type',
`make`='$make',
`Categories`='$Categories',
`Keyword`='$Keyword',
`Picture1`='$Picture1',
`Headline`='$Headline',
`Slogan2`='$Slogan2',
`Description1`='$Description1',
`Description2`='$Description2',
`Description3`= '$Description3',
`Contact2`='$Contact2',
`Picture2`='$Picture2',
`Picture3`='$Picture3',
`User_Name` ='User_Name',
`Password`='$Password' WHERE `User_Name`='$User_Name'";
$result = mysql_query($query) or die (mysql_error());
}
else
{
echo "Incorrect Password or User Name Try again ";
exit;
}
?>
when i type in password and user
just a blank page came up please help
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Tue Oct 17, 2006 6:55 pm
is pretty much always true.
RobertGonzalez
Site Administrator
Posts: 14293 Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA
Post
by RobertGonzalez » Tue Oct 17, 2006 7:23 pm
A blank page is a syntax error. Check for unclosed parens, brackets, braces or missing semicolons.
franknu
Forum Contributor
Posts: 146 Joined: Sun May 28, 2006 9:29 am
Post
by franknu » Tue Oct 17, 2006 8:38 pm
i made all the necessary changes
here is the code:
Code: Select all
<?
$host = "localhost";
$username = "localhost";
$password = "abc123";
$database = "contacts";
$db = mysql_connect($host, $username, $password);
mysql_select_db($database);
$BusinessName = (isset($_POST['BusinessName']) ? $_POST['BusinessName'] : '');
$Slogan = (isset($_POST['Slogan']) ? $_POST['Slogan']:'');
$Business_Address = (isset($_POST['Business_Address']) ? $_POST['Business_Address']:'');
$Tel = (isset($_POST['Tel']) ? $_POST['Tel']:'');
$Website = (isset($_POST['Website']) ? $_POST['Website']:'');
$Email = (isset($_POST['Email']) ? $_POST['Email']:'');
$Member_Status = (isset($_POST['Member_Status']) ? $_POST['Member_Status']:'');
$Fax =(isset($_POST['Fax']) ? $_POST['Fax']:'');
$type = (isset($_POST['type']) ? $_POST['type']:'');
$make = (isset($_POST['make']) ? $_POST['make']:'');
$Categories = (isset($_POST['Categories']) ? $_POST['Categories']:'');
$Keyword = (isset($_POST['Keyword']) ? $_POST['Keyword']:'');
$Picture1 = (isset($_POST['Picture1']) ? $_POST['Picture1']:'');
$Headline = (isset($_POST['Headline']) ? $_POST['Headline']:'');
$Slogan2 = (isset($_POST['Slogan2']) ? $_POST['Slogan2']:'');
$Description1 = (isset($_POST['Description1']) ? $_POST['Description1']:'');
$Description2 = (isset($_POST['Description2']) ? $_POST['Description2']:'');
$Description3= (isset($_POST['Description3']) ? $_POST['Description3']:'');
$Contact2 = (isset($_POST['Contact2']) ? $_POST['Contact2']:'');
$Picture2 = (isset($_POST['Picture2']) ? $_POST['Picture3']:'');
$Picture3 = (isset($_POST['Picture3']) ? $_POST['Picture3']:'');
$Picture4 = (isset($_POST['Picture4']) ? $_POST['Picture4']:'');
$User_Name = (isset($_POST['User_Name']) ? $_POST['User_Name']:'');
$Password = (isset($_POST['Password']) ? $_POST['Password']: '');
$checkp = mysql_query("SELECT `Password` FROM `business_info` WHERE `User_Name` = '$User_Name'");
$Password1 = mysql_fetch_row($checkp);
$Password2 = $Password1['Password'];
if($Password === $Password1)
{
$query = "UPDATE business_info SET
`BusinessName`= '$BusinessName',
`Slogan`='$Slogan',
`Business_Address`='$Business_Address',
`Tel`='$Tel',
`Website`='$Website',
`Email`='$Email',
`Member_Status`='$Member_Status',
`Fax`='$Fax',
`type`='$type',
`make`='$make',
`Categories`='$Categories',
`Keyword`='$Keyword',
`Picture1`='$Picture1',
`Headline`='$Headline',
`Slogan2`='$Slogan2',
`Description1`='$Description1',
`Description2`='$Description2',
`Description3`= '$Description3',
`Contact2`='$Contact2',
`Picture2`='$Picture2',
`Picture3`='$Picture3',
`User_Name` ='User_Name',
`Password`='$Password' WHERE `User_Name`='$User_Name'";
$result = mysql_query($query) or die (mysql_error());
}
else
{
echo "Incorrect Password or User Name Try again ";
exit;
}
?>
my display is
Incorrect Password or User Name Try again
why
John Cartwright
Site Admin
Posts: 11470 Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:
Post
by John Cartwright » Tue Oct 17, 2006 8:41 pm
try changing that to
Also, at minimum when dealing with user input into queries, you should pass the variable through mysql_real_escape_string()
Code: Select all
$checkp = mysql_query("SELECT `Password` FROM `business_info` WHERE `User_Name` = '". mysql_real_escape_string($User_Name)."'");