|
Welcome
Guest
|
Register
| Login
|
|
|
| Index | Recent Threads | Unanswered Threads | Who's Online | User List | Help |
Killersites.com Forum
Programming
PHP Programming
Thread: query problem
|
| No member browsing this thread |
|
Thread Status: Active Total posts in this thread: 5
|
|
| Author |
|
omarali
Stranger Joined: Dec 8, 2008 Post Count: 3 Status: Offline |
Hi everyone, I am new to PHP, I wrote a script to update record suing the php script to change pssword which has been entered into database before by anothere script created for this purpose. when the password script runs it gave me an error, I know it comes from the query but it drive me crazy anyone help please. <?php // This page lets a user change their password. $page_title = 'Change Your Password'; include ('includes/header1.html'); // Check if the form has been submitted: if (isset($_POST['submitted'])) { // connect ot database require_once('../mysql_connection.php'); $errors = array(); // Initialize an error array. // Check for an email address: if (empty($_POST['email'])) { $errors[] = 'You forgot to enter your email address.'; } else { $e = escape_data($_POST['email']); } // Check for the current password: if (empty($_POST['password'])) { $errors[] = 'You forgot to enter your current password.'; } else { $p = escape_data($_POST['password']); } // Check for a new password and match // against the confirmed password: if (!empty($_POST['password1'])) { if ($_POST['password1'] != $_POST['password2']) { $errors[] = 'Your new password did not match the confirmed password.'; } else { $np = escape_data($_POST['password1']); } } else { $errors[] = 'You forgot to enter your new password.'; } if (empty($errors)) { // If everything's OK. // Check that they've entered the right email address/password combination: $query = "SELECT user_id FROM users WHERE (email='$e' AND password=SHA1('$p'))"; //run the query $result = @mysql_query($query) or die ('Can not run the query?' . mysql_error()); //get the result $num = @mysql_num_rows($result); if ($num == 1) { // Match was made. // Get the user_id: $row = mysql_fetch_array($result , MYSQLI_NUM); // Make the UPDATE query: $query= "UPDATE users SET password=SHA('$np') WHERE user_id= $row[0]"; $result = @mysql_query($query); if($result) { echo yes; } else { echo no;} if (mysql_affected_rows() == 1) { // If it ran OK. // Print a message. echo '<h1>Thank you!</h1> <p>Your password has been updated. In Chapter 11 you will actually be able to log in!</p><p><br /></p>'; include('./includes/footer.html'); exit(); } else { // If it did not run OK. // Public message: echo '<h1>System Error</h1> <p class="error">Your password could not be changed due to a system error. We apologize for any inconvenience.</p>'; // Debugging message: echo '<p>' . mysql_error() . '<br /><br />Query: ' . $q . '</p>'; include('./includes/footer.html'); exit(); } } else { // Invalid email address/password combination. echo '<h1>Error!</h1> <p class="error">The email address and password entered do not match those on file!!!!.</p><p><br /></p>'; } } else { // Report the errors. echo '<h1>Error!</h1> <p class="error">The following error(s) occurred:<br />'; foreach ($errors as $msg) { // Print each error. echo " - $msg<br />\n"; } echo '</p><p>Please try again.</p><p><br /></p>'; } // End of if (empty($errors)) IF. mysql_close(); // Close the database connection. } // End of the main Submit conditional. ?> <h1>Change Your Password</h1> <form action="password.php" method="post"> <p>Email Address: <input type="text" name ="email" size="30" maxlength="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /> </p> <p>Current Password: <input type="password" name ="password" size="30" maxlength="40" /></p> <p>New Password: <input type="password" name="password1" size="30" maxlength="40" /></p> <p>Confirm New Password: <input type="password" name="password2" size="30" maxlength="40" /></p> <p><input type="submit" name="submit" value="Change Password" /></p> <input type="hidden" name="submitted" value="TRUE" /> </form> <?php include ('includes/footer.html'); ?> |
||
|
|
falkencreative
Advanced Member USA Joined: Aug 14, 2007 Post Count: 1129 Status: Offline |
Can you include what the error is? ---------------------------------------- Benjamin Falk | student : designer : developer Twitter: falkencreative |
||
|
|
falkencreative
Advanced Member USA Joined: Aug 14, 2007 Post Count: 1129 Status: Offline |
Your error may be in this line: $query = "SELECT user_id FROM users WHERE (email='$e' AND password=SHA1('$p'))"; try using this instead: $query = "SELECT user_id FROM users WHERE email=$e AND password=SHA1($p)"; ---------------------------------------- Benjamin Falk | student : designer : developer Twitter: falkencreative |
||
|
|
omarali
Stranger Joined: Dec 8, 2008 Post Count: 3 Status: Offline |
Thanks for replay, I did what you said and caused to display this Can not run the query?You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@hotmail.com AND password=SHA1(omar0666)' at line 1 |
||
|
|
omarali
Stranger Joined: Dec 8, 2008 Post Count: 3 Status: Offline |
Thanks a lot, the actual error massage is : The email address and password entered do not match those on file!!!! |
||
|
|
|
|
Current timezone is GMT Mar 12, 2010 2:12:02 AM |
