Page 1 of 1
Comparing two values doesn't seem to work in this case...
Posted: Wed Apr 08, 2009 4:41 pm
by tomface
I have a form for creating new users on a database. The form has 3 fields; Username; Password and Confirm Password. In the script that follows the form i check to make sure that both passwords are the same. Now i've fiddled around with the code a little bit, but it doesn't seem to want to validate it. I can put anything in the two fields (completely different) but it still goes through to the database anwyay.
This is code i've used:
Code: Select all
if(empty($username) || empty($password) || empty($confirm_password))
{
echo "Fields are empty";
}
else
{
//?????????????????????????????????????????????????//
//???Problem comparing first and second password???//
//?????????????????????????????????????????????????//
if($password != $confirm_password)
{
echo "New passwords did not match'";
}
else
{
//Turn posted fields into sha1 values
$password = sha1($password);
$confirm_password = sha1($confirm_password);
//Determine what the ID number will be
$sql = "SELECT * FROM $tbl_name";
$result = mysql_query($sql,$con);
$num_rows = mysql_num_rows($result);
$num_rows ++;
//Enter new user into database
$create = "INSERT INTO $tbl_name (id, username, password)
VALUES('$num_rows', '$username', '$password')";
mysql_query($create,$con);
//Take user to Success! page
header("location:****.php");
}
}
Re: Comparing two values doesn't seem to work in this case...
Posted: Wed Apr 08, 2009 5:02 pm
by Reviresco
I would check to make sure you've got the names of the form inputs right, and their values when you create the two password variables.
Re: Comparing two values doesn't seem to work in this case...
Posted: Wed Apr 08, 2009 5:07 pm
by tomface
Well i've turned the posted data into variables in this bit just above:
Code: Select all
//Catch data from form
$username = $_POST['username'];
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];
And the script has no trouble putting the data onto MySQL, because i've then tested it with a login system to make sure the ones added work. Just can't get my head round it >=(.
Re: Comparing two values doesn't seem to work in this case...
Posted: Wed Apr 08, 2009 5:10 pm
by John Cartwright
Code: Select all
//Determine what the ID number will be
$sql = "SELECT * FROM $tbl_name";
$result = mysql_query($sql,$con);
$num_rows = mysql_num_rows($result);
$num_rows ++;
//Enter new user into database
$create = "INSERT INTO $tbl_name (username, password)
VALUES('$username', '$password')";
mysql_query($create,$con);
The select statement is completely unncessary in this case, and will not function correctly if you have deleted any rows in your users table. Instead, you can omit the select statement and get the newly inserted rows id by using mysql_insert_id() after the insert query. You should never have the specify the id, since your primary key should typically set to auto_increment, to assure each row has a unique PK.
Code: Select all
//Enter new user into database
$create = "INSERT INTO $tbl_name (id, username, password)
VALUES('$num_rows', '$username', '$password')";
mysql_query($create,$con);
$id = mysql_insert_id();
Re: Comparing two values doesn't seem to work in this case...
Posted: Wed Apr 08, 2009 5:28 pm
by tomface
Thanks for that John. So i can just get rid of that whole chunk of code?
Re: Comparing two values doesn't seem to work in this case...
Posted: Wed Apr 08, 2009 5:43 pm
by John Cartwright
Right, and remove the id column in the insert query.
Re: Comparing two values doesn't seem to work in this case...
Posted: Wed Apr 08, 2009 6:09 pm
by tomface
Okay i've done that, but i still can't get it to validate that both the password and confirm_password fields are the same. Here's the whole script in it's amateurish entirety:
Code: Select all
<?php
//Check user is logged in in first place
session_start();
if(!isset($_SESSION['logged']))
{
header("location:login/main_login.htm");
}
//Stores mysql login details
$host="localhost"; // Host name
$sql_username="****"; // Mysql username
$sql_password="****"; // Mysql password
$db_name="****"; // Database name
$tbl_name="***"; // Table name
//Catch data from form
$username = $_POST['username'];
$password = $_POST['password'];
$confirm_password = $_POST['confirm_password'];
//Protect against MySQL injection
$username = stripslashes($username);
$password = stripslashes($password);
$confirm_password = stripslashes($confirm_password);
$username = mysql_escape_string($username);
$password = mysql_escape_string($password);
$confirm_password = mysql_escape_string($confirm_password);
//MySQL Connect variable
$con = mysql_connect("$host","$sql_username","$sql_password");
//If the mysql connect variable can't connect, die
if(!$con)
{
die('Could not connect: ' . mysql_error());
}
//Database select
mysql_select_db($db_name, $con);
//Validates form was not empty
if(empty($username) || empty($password) || empty($confirm_password))
{
echo "Fields are empty";
}
else
{
//?????????????????????????????????????????????????//
//???Problem comparing first and second password???//
//?????????????????????????????????????????????????//
if($password != $confirm_password)
{
echo "New passwords did not match'";
}
else
{
//Turn posted fields into sha1 values
$password = sha1($password);
$confirm_password = sha1($confirm_password);
//Enter new user into database
$create = "INSERT INTO $tbl_name (username, password)
VALUES('$username', '$password')";
mysql_query($create,$con);
//Take user to Success! page
header("location:user_create_success.php");
}
}
?>
The form preceeding it had 3 $_POST values: username, password and confirm_password.
Re: Comparing two values doesn't seem to work in this case...
Posted: Wed Apr 08, 2009 6:13 pm
by John Cartwright
Add the following right before you make the comparison.
Code: Select all
echo 'Password1 = '; var_dump($password);
echo '<br />';
echo 'Password2 = '; var_dump($confirm_password);
Re: Comparing two values doesn't seem to work in this case...
Posted: Wed Apr 08, 2009 7:13 pm
by tomface
Okay so would it be:
Code: Select all
//Validates form was not empty
if(empty($username) || empty($password) || empty($confirm_password))
{
echo "Fields are empty";
}
else
{
echo 'Password1 = '; var_dump($password);
echo '<br />';
echo 'Password2 = '; var_dump($confirm_password);
if($password != $confirm_password)
{
echo "New passwords did not match'";
}
else
{
//Turn posted fields into sha1 values
$password = sha1($password);
$confirm_password = sha1($confirm_password);
//Enter new user into database
$create = "INSERT INTO $tbl_name (username, password)
VALUES('$username', '$password')";
mysql_query($create,$con);
//Take user to Success! page
header("location:user_create_success.php");
}
}
?>
Also, i've only been learning PHP for a month or so now, and i've been teaching myself.
What exactly does var_dump do?
Re: Comparing two values doesn't seem to work in this case...
Posted: Wed Apr 08, 2009 7:30 pm
by John Cartwright
I meant for you to add it to the code, run the code, and report to us the output.
What does
var_dump() do? Check the manual
