Comparing two values doesn't seem to work in this case...

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
tomface
Forum Newbie
Posts: 7
Joined: Wed Apr 08, 2009 4:37 pm

Comparing two values doesn't seem to work in this case...

Post by tomface »

I have a form for creating new users on a database. The form has 3 fields; Username; Password and Confirm Password. In the script that follows the form i check to make sure that both passwords are the same. Now i've fiddled around with the code a little bit, but it doesn't seem to want to validate it. I can put anything in the two fields (completely different) but it still goes through to the database anwyay.
This is code i've used:

Code: Select all

if(empty($username) ||  empty($password) || empty($confirm_password)) 
    { 
    echo "Fields are empty"; 
    } 
else 
    { 
    //?????????????????????????????????????????????????// 
    //???Problem comparing first and second password???// 
    //?????????????????????????????????????????????????// 
    if($password != $confirm_password) 
        { 
        echo "New passwords did not match'"; 
        } 
    else 
        { 
        //Turn posted fields into sha1 values 
        $password = sha1($password); 
        $confirm_password = sha1($confirm_password); 
         
        //Determine what the ID number will be 
        $sql = "SELECT * FROM $tbl_name"; 
        $result = mysql_query($sql,$con); 
        $num_rows = mysql_num_rows($result); 
        $num_rows ++; 
         
        //Enter new user into database 
        $create = "INSERT INTO $tbl_name (id, username, password)  
        VALUES('$num_rows', '$username', '$password')"; 
        mysql_query($create,$con); 
         
        //Take user to Success! page 
        header("location:****.php"); 
        } 
    }  
 
Reviresco
Forum Contributor
Posts: 172
Joined: Tue Feb 19, 2008 4:18 pm
Location: Milwaukee

Re: Comparing two values doesn't seem to work in this case...

Post by Reviresco »

I would check to make sure you've got the names of the form inputs right, and their values when you create the two password variables.
tomface
Forum Newbie
Posts: 7
Joined: Wed Apr 08, 2009 4:37 pm

Re: Comparing two values doesn't seem to work in this case...

Post by tomface »

Well i've turned the posted data into variables in this bit just above:

Code: Select all

//Catch data from form
$username = $_POST['username'];
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];
And the script has no trouble putting the data onto MySQL, because i've then tested it with a login system to make sure the ones added work. Just can't get my head round it >=(.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Comparing two values doesn't seem to work in this case...

Post by John Cartwright »

Code: Select all

//Determine what the ID number will be
$sql = "SELECT * FROM $tbl_name";
$result = mysql_query($sql,$con);
$num_rows = mysql_num_rows($result);
$num_rows ++;
 
//Enter new user into database
$create = "INSERT INTO $tbl_name (username, password)  
VALUES('$username', '$password')";
mysql_query($create,$con);
The select statement is completely unncessary in this case, and will not function correctly if you have deleted any rows in your users table. Instead, you can omit the select statement and get the newly inserted rows id by using mysql_insert_id() after the insert query. You should never have the specify the id, since your primary key should typically set to auto_increment, to assure each row has a unique PK.

Code: Select all

 
//Enter new user into database
$create = "INSERT INTO $tbl_name (id, username, password)  
VALUES('$num_rows', '$username', '$password')";
mysql_query($create,$con);
 
$id = mysql_insert_id();
 
tomface
Forum Newbie
Posts: 7
Joined: Wed Apr 08, 2009 4:37 pm

Re: Comparing two values doesn't seem to work in this case...

Post by tomface »

Thanks for that John. So i can just get rid of that whole chunk of code?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Comparing two values doesn't seem to work in this case...

Post by John Cartwright »

Right, and remove the id column in the insert query.
tomface
Forum Newbie
Posts: 7
Joined: Wed Apr 08, 2009 4:37 pm

Re: Comparing two values doesn't seem to work in this case...

Post by tomface »

Okay i've done that, but i still can't get it to validate that both the password and confirm_password fields are the same. Here's the whole script in it's amateurish entirety:

Code: Select all

<?php
//Check user is logged in in first place
session_start();
 
if(!isset($_SESSION['logged']))
    {
    header("location:login/main_login.htm");
    }
 
//Stores mysql login details
$host="localhost"; // Host name 
$sql_username="****"; // Mysql username 
$sql_password="****"; // Mysql password 
$db_name="****"; // Database name 
$tbl_name="***"; // Table name 
 
//Catch data from form
$username = $_POST['username'];
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];
 
//Protect against MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$confirm_password = stripslashes($confirm_password);
$username = mysql_escape_string($username);
$password = mysql_escape_string($password);
$confirm_password = mysql_escape_string($confirm_password);
 
//MySQL Connect variable
$con = mysql_connect("$host","$sql_username","$sql_password");
 
//If the mysql connect variable can't connect, die
if(!$con)
    {
    die('Could not connect: ' . mysql_error());
    }
 
//Database select
mysql_select_db($db_name, $con);
 
//Validates form was not empty
if(empty($username) ||  empty($password) || empty($confirm_password))
    {
    echo "Fields are empty";
    }
else
    {
    //?????????????????????????????????????????????????//
    //???Problem comparing first and second password???//
    //?????????????????????????????????????????????????//
    if($password != $confirm_password)
        {
        echo "New passwords did not match'";
        }
    else
        {
        //Turn posted fields into sha1 values
        $password = sha1($password);
        $confirm_password = sha1($confirm_password);
        
        //Enter new user into database
        $create = "INSERT INTO $tbl_name (username, password) 
        VALUES('$username', '$password')";
        mysql_query($create,$con);
        
        //Take user to Success! page
        header("location:user_create_success.php");
        }
    }   
?>
The form preceeding it had 3 $_POST values: username, password and confirm_password.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Comparing two values doesn't seem to work in this case...

Post by John Cartwright »

Add the following right before you make the comparison.

Code: Select all

echo 'Password1 = '; var_dump($password); 
echo '<br />';
echo 'Password2 = '; var_dump($confirm_password);
tomface
Forum Newbie
Posts: 7
Joined: Wed Apr 08, 2009 4:37 pm

Re: Comparing two values doesn't seem to work in this case...

Post by tomface »

Okay so would it be:

Code: Select all

//Validates form was not empty
if(empty($username) ||  empty($password) || empty($confirm_password))
    {
    echo "Fields are empty";
    }
else
    {
    echo 'Password1 = '; var_dump($password); 
    echo '<br />';
    echo 'Password2 = '; var_dump($confirm_password);
    if($password != $confirm_password)
        {
        echo "New passwords did not match'";
        }
    else
        {
        //Turn posted fields into sha1 values
        $password = sha1($password);
        $confirm_password = sha1($confirm_password);
        
        //Enter new user into database
        $create = "INSERT INTO $tbl_name (username, password) 
        VALUES('$username', '$password')";
        mysql_query($create,$con);
        
        //Take user to Success! page
        header("location:user_create_success.php");
        }
    }   
?>
Also, i've only been learning PHP for a month or so now, and i've been teaching myself.

What exactly does var_dump do?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Re: Comparing two values doesn't seem to work in this case...

Post by John Cartwright »

I meant for you to add it to the code, run the code, and report to us the output.

What does var_dump() do? Check the manual ;)
Post Reply