I have a code below where it displays a list of students in a drop down menu:
$validSubmission = isset($_POST['resetpass']) && $_POST['students'] && $_POST['newpass'] && $_POST['confirmpass'];
$sql = "SELECT StudentUsername, StudentForename, StudentSurname FROM Student ORDER BY StudentUsername";
$sqlstmt=$mysqli->prepare($sql);
$sqlstmt->execute();
$sqlstmt->bind_result($dbStudentUsername, $dbStudentForename, $dbStudentSurname);
$students = array(); // easier if you don't use generic names for data
$studentHTML = "";
$studentHTML .= '<select name="students" id="studentsDrop">'.PHP_EOL;
$studentHTML .= '<option value="">Please Select</option>'.PHP_EOL;
$outputstudent = "";
while($sqlstmt->fetch())
{
$student = $dbStudentUsername;
$firstname = $dbStudentForename;
$surname = $dbStudentSurname;
if (!$validSubmission && isset($_POST['students']) && $student == $_POST['students'])
{
$studentHTML .= "<option value='".$student."' selected='selected'>" . $student . " - " . $firstname . " " . $surname . "</option>".PHP_EOL;
}else{
$studentHTML .= "<option value='".$student."'>" . $student . " - " . $firstname . " " . $surname . "</option>".PHP_EOL;
}
}
$studentHTML .= '</select>';
Now further down the script I have another block of code where it resets the student’s password and then performs a select statement to find the student whose password has been changed and then displays the success message:
$errormsg = (isset($errormsg)) ? $errormsg : '';
if(isset($_POST['resetpass'])){
//get the form data
$studentdrop = (isset($_POST['students'])) ? $_POST['students'] : '';
$newpass = (isset($_POST['newpass'])) ? $_POST['newpass'] : '';
$confirmpass = (isset($_POST['confirmpass'])) ? $_POST['confirmpass'] : '';
//make sure all data was entered
if($studentdrop != ""){
if($newpass){
if (strlen($newpass) <= 5){
$errormsg = "Your Password must be a minimum of 6 characters or more";
}else{
if($confirmpass){
if($newpass === $confirmpass){
//Make sure password is correct
$query = "SELECT StudentUsername FROM Student WHERE StudentUsername = ?";
// prepare query
$stmt=$mysqli->prepare($query);
// You only need to call bind_param once
$stmt->bind_param("s",$studentdrop);
// execute query
$stmt->execute();
// get result and assign variables (prefix with db)
$stmt->bind_result($dbStudentUsername);
//get number of rows
$stmt->store_result();
$numrows = $stmt->num_rows();
if ($numrows == 1){
//encrypt new password
$newpassword = md5(md5("93w".$newpass."ed0"));
//update the db
$updatesql = "UPDATE Student SET StudentPassword = ? WHERE StudentUsername = ?";
$update = $mysqli->prepare($updatesql);
$update->bind_param("ss", $newpassword, $studentdrop);
$update->execute();
//make sure the password is changed
$query = "SELECT StudentUsername, StudentForename, StudentSurname, StudentPassword FROM Student WHERE StudentUsername = ? AND StudentPassword = ?";
// prepare query
$stmt=$mysqli->prepare($query);
// You only need to call bind_param once
$stmt->bind_param("ss",$studentdrop,$newpassword);
// execute query
$stmt->execute();
// get result and assign variables (prefix with db)
$stmt->bind_result($dbStudentUsername, $dbStudentForename, $dbStudentSurname, $dbStudentPassword);
//get number of rows
$stmt->store_result();
$numrows = $stmt->num_rows();
if ($numrows == 1){
$errormsg = "<span style='color: green'>Student " . $studentdrop . " - " . $dbStudentForename . " ". $dbStudentSurname . " has been Registered</span>";
}
else{
$errormsg = "An error has occured, the Password was not Reset";
}
}
The problem I am getting is my success message.
If I select student: u0867587 - Bill Wright from the drop down menu, it is displaying in the success message:
Student u0867587 - Jack Trone has been Registered
The student’s username is correct in the success message but the name is wrong, it should say:
Student u0867587 - Bill Wright has been Registered
Why is it displaying the wrong name in the success meassage and how can I get it to display the correct name?