[PHP] mysql_trouble (check fast!)

[FredrikAT]

$na_pw is the active password...
..if pw is blank or wrong i want to output a error message...
...iknow that I could do if (empty($na_pw) and $na_pw  $pw), but then I
would have to send another query to MySQL..

I thought that q_updateresult would say (when i echo) 0 when password is
bad, but it echos 1.

Any tips?

CODE:
$q_updatequery = UPDATE brukerinfo SET navn=\$ny_navn\, tlf=\$ny_tlf\,
pw=PASSWORD('$ny_pw') WHERE brukerID=\$id\ and pw=PASSWORD('$na_pw')\n;

$q_updateresult = mysql_db_query ($db, $q_updatequery);

-
Fredrik A. Takle
[EMAIL PROTECTED]




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

RE: [PHP] mysql_trouble (check fast!)

[Matt Schroebel]

You have to check for a db result with either $count = mysql_num_rows($q_updateresult) 
or 
if ($row = mysql_fetch_array($q_updateresult)).

mysql_query returns a 1 or 0 to indicate if the query was sucessful.  One might 
typically query a db before inserting a record to make sure it's not there first. If 
it's not there, there wouldn't be a result, but the query was okay.

 From: FredrikAT [mailto:[EMAIL PROTECTED]]

 $na_pw is the active password...
 ..if pw is blank or wrong i want to output a error message...
 ...iknow that I could do if (empty($na_pw) and $na_pw  
 $pw), but then I
 would have to send another query to MySQL..
 
 I thought that q_updateresult would say (when i echo) 0 when 
 password is bad, but it echos 1.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] mysql_trouble (check fast!)

[James, Yz]

Hi Fredrik,

Always check whether or not the required variables are there BEFORE querying
the database.  And make sure that the negatives are dealt with first.
That's my opinion.  I'd probably also check whether the original username /
password is in the database before proceeding.  Probably more work on the
db's part than needed, but still.  Gotta make sure everything's correct:

?

if (!is_set($new_password)) {
echo You haven't assigned a new password. Please go back.;
} else {
$sql_check = SELECT id FROM users WHERE username = '$username' AND
password = '$password';

$result_check = @mysql_query($sql_check, $connection)
or die (some graceful error);

if (mysql_num_rows($result_check) == 0) {
echo The username and original password you entered did not match
anything in the database. Please go back and try again.;
} else {
$sql_update = UPDATE users SET
password = '$new_password'
WHERE username = '$username';

$result_update = @mysql_query($sql_update, $connection)
or die(Another graceful error.);

echo Your new password has been saved.;
}
}

?

James.

FredrikAT [EMAIL PROTECTED] wrote in message
9d9jll$fic$[EMAIL PROTECTED]">news:9d9jll$fic$[EMAIL PROTECTED]...
 $na_pw is the active password...
 ..if pw is blank or wrong i want to output a error message...
 ...iknow that I could do if (empty($na_pw) and $na_pw  $pw), but then I
 would have to send another query to MySQL..

 I thought that q_updateresult would say (when i echo) 0 when password is
 bad, but it echos 1.

 Any tips?

 CODE:
 $q_updatequery = UPDATE brukerinfo SET navn=\$ny_navn\,
tlf=\$ny_tlf\,
 pw=PASSWORD('$ny_pw') WHERE brukerID=\$id\ and pw=PASSWORD('$na_pw')\n;

 $q_updateresult = mysql_db_query ($db, $q_updatequery);

 -
 Fredrik A. Takle
 [EMAIL PROTECTED]




 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]