SitePoint Sponsor

User Tag List

Results 1 to 15 of 15
  1. #1
    SitePoint Enthusiast
    Join Date
    Mar 2011
    Posts
    90
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    What is the best way to check an existing value in a table when updating a record?

    Hey guys, I am creating a form that allows a logged in user to enter a new password for their, account, I already have the query set up to update the password, but in my form I have the first input set to take the existing password, which must match the existing value of password in the database before the update will be performed. I cannot figure out how to do this check, the whole thing must be done with one POST submit. Check the entered password matches the one currently in the database and if it matches then updates the current value to that of the passwordnew value. here is my form:

    Code:
    <fieldset>
    
    	<legend>Change Password</legend>
    
    	<form action="changepass.php" method="POST">
    			<label>Current Password :</label>
    			<input type="password" name="password" /><br />
    			<label>New Password :</label>
    			<input type="password" name="passwordnew" /><br/>
    			<label>Repeat New Password :</label>
    			<input type="password" name="passwordnewRepeat" /><br/>
    			<input class="signbutt" type="submit" value="Save"/><br />
    
    	</form>
    
    </fieldset>

    here is the SQL i have for the password update:



    Code:
    $userid = $_SESSION['userID'];
    
    
    
    
    	$passwordnew=$_POST['passwordnew'];
    	$password=$_POST['password'];
    	
    			
    		$password_hash = md5($passwordnew); 	
    			
    			
    			if ($password)
    						
    				$sql = "UPDATE cryptuser  SET password='" . $password_hash."'  WHERE userID ='" . $userid ."' ";	
    				
    				
    				
    				//Check SQL Query		
    				$stmt = sqlsrv_query( $conn, $sql,array(), array( "Scrollable" => SQLSRV_CURSOR_KEYSET ));
    				if(!$stmt) 
    				{
    					die('An error has occured with your registration. If this is an indeliberate occurance, 
    						 please report this to us through the contact us page with details of the error.');
    				}
    				else{
    				echo'Your password was changed';
    				
    				}
    I have a third input which I will later use JavaScript to compare the new password with a re-enter.


    If anyone can help me figure out how to do this that would be great!


    Thanks

  2. #2
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    69 Post(s)
    Tagged
    0 Thread(s)
    WHERE password = '".md5($password)." AND userID = '".$userid."'";

    then add a line for checking if sqlsrv_rows_affected == 1.
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.

  3. #3
    SitePoint Enthusiast
    Join Date
    Mar 2011
    Posts
    90
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hey Starlion, could you please explain the check part I have been trying to get it the way you suggested and I cant output the result: Here is my updated code:

    Code:
    	$passwordnew=$_POST['passwordnew'];
    	$password=$_POST['password'];
    	
    			
    		$password_hash = md5($passwordnew); 	
    			
    			
    			
    						
    				$sql = "UPDATE cryptuser  SET password='" . $password_hash."'  WHERE  password = '".md5($password)."' AND userID ='" . $userid ."' ";	
    				
    				
    				
    				//Check SQL Query		
    				$stmt = sqlsrv_query( $conn, $sql,array(), array( "Scrollable" => SQLSRV_CURSOR_KEYSET ));
    				
    				if(!$stmt) 
    				{
    					die('An error has occured with your registration. If this is an indeliberate occurance, 
    						 please report this to us through the contact us page with details of the error.');
    				}
    				
    				if ($password_hash != md5($passwordnew))
    				{
    					echo'password not match';
    				
    				}
    				
    				elseif ($password_hash == md5($passwordnew)){
    				echo'Your password was changed';
    				
    				}

  4. #4
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    69 Post(s)
    Tagged
    0 Thread(s)
    sqlsrv_rows_affected will tell you how many rows were affected by the previous UPDATE query. If the person gave a bad 'current password', then the WHERE clause would cause the update query to update 0 rows. If they gave a correct current password, then the UPDATE query would have affected 1 row.
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.

  5. #5
    SitePoint Enthusiast
    Join Date
    Mar 2011
    Posts
    90
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think I am almost there I always get password incorrect whether the row was updated or not, any suggestions why?


    Code:
    $passwordnew=$_POST['passwordnew'];
    	$password=$_POST['password'];
    	
    			
    		$password_hash = md5($passwordnew); 	
    			
    			
    			
    						
    				$sql = "UPDATE cryptuser  SET password='" . $password_hash."'  WHERE  password = '".md5($password)."' AND userID ='" . $userid ."' ";	
    				
    				
    				
    				//Check SQL Query		
    				$stmt = sqlsrv_query( $conn, $sql,array(), array( "Scrollable" => SQLSRV_CURSOR_KEYSET ));
    					
    				
    				
    					$rows_affected = sqlsrv_rows_affected( $stmt);
    					
    					if( $rows_affected == 0) {
    						 die('password incorrect');
    					} 
    					
    					if( $rows_affected == 1) {
    					
    					
    					echo'Your password was changed';
    					
    					}
    				
    				
    				
    				if(!$stmt) 
    				{
    					die('An error has occured with your registration. If this is an indeliberate occurance, 
    						 please report this to us through the contact us page with details of the error.');
    				}

  6. #6
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    69 Post(s)
    Tagged
    0 Thread(s)
    Is the row updating? Have you verified that? Try making it === 0 instead of ==... (Might be returning FALSE)
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.

  7. #7
    SitePoint Enthusiast
    Join Date
    Mar 2011
    Posts
    90
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The row is definitely updating, I changed it to === now I am just getting a blank screen whether the password is correct or not, but when I enter the correct password it will change the password to the desired new password. I have no idea why the output isn't working

  8. #8
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    69 Post(s)
    Tagged
    0 Thread(s)
    sqlsrv for some reason is returning FALSE, despite actually completing the transaction. (you can verify this by doing var_dump(sqlsrv_rows_affected($stmt)); It should come up as bool(false))
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.

  9. #9
    SitePoint Enthusiast
    Join Date
    Mar 2011
    Posts
    90
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes you are right it is indeed returning bool(false)

    I have no idea why because I know the password is changing I am checking it every time.

  10. #10
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    69 Post(s)
    Tagged
    0 Thread(s)
    Yes, that's very strange....I'm going to tag a few people here....
    @Cups @r937 @guido2004 : Guys, any idea why this function might be throwing FALSE while still executing?
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.

  11. #11
    SitePoint Enthusiast
    Join Date
    Mar 2011
    Posts
    90
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I really appreciate your help with this!!

    Cheers!

  12. #12
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,494
    Mentioned
    161 Post(s)
    Tagged
    4 Thread(s)
    I never used the sqlsrv extension, but after reading the manual I'd advise you to try what you can see in example #1
    PHP Code:
    $rows_affected sqlsrv_rows_affected$stmt);
                        
    if( 
    $rows_affected === false) {
         die( 
    print_rsqlsrv_errors(), true));
    } elseif( 
    $rows_affected == -1) {
          echo 
    "No information available.<br />";
    } else {
          echo 
    $rows_affected." rows were updated.<br />";

    And see what happens.

  13. #13
    SitePoint Enthusiast
    Join Date
    Mar 2011
    Posts
    90
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Guido2004, my code originally came from the exact source you suggested. I have tried the exact same code as the manual and it still returns false, even when the password is being updated. Thanks for your input.

  14. #14
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,494
    Mentioned
    161 Post(s)
    Tagged
    4 Thread(s)
    Did you add the if-elseif-else? It should give you an error message if rows_affected is false.

  15. #15
    SitePoint Enthusiast
    Join Date
    Mar 2011
    Posts
    90
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I did add everything, and nothing changed, but now I deleted the last half of my statement now it is doing something else, it seems to be working, if I could just figure out how to convert it into "The password was changed" or "Incorrect password, try again"

    Here is my latest code:


    Code:
    	$passwordnew=$_POST['passwordnew'];
    	$password=$_POST['password'];
    	
    			
    		$password_hash = md5($passwordnew); 	
    
    $sql = "UPDATE cryptuser  SET password='" . $password_hash."'  WHERE  password = '".md5($password)."' AND userID ='" . $userid ."' ";	
    
    //Check SQL Query		
    $stmt = sqlsrv_query( $conn, $sql);
    	var_dump(sqlsrv_rows_affected($stmt));
    
    
    	$rows_affected = sqlsrv_rows_affected( $stmt);
    	
    	if( $rows_affected === false) {
    		 echo "Password incorrect.<br />";
    	} elseif( $rows_affected === true) {
    		 
    	 
    		  echo $rows_affected." Password was changed.<br />";
    	}
    
    
    
    				?>
    So now when the password is successfully changed I see this: int(1) and when it is not changed, I see: int(0)

    Perhaps this is because I am still dumping the sqlsrvrows_affected??

    Any suggestions how I can get it to output my strings ?


    Many thanks for all your help!


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •