PHP update problem

Signaler
Messages postés
2
Date d'inscription
samedi 30 avril 2011
Statut
Membre
Dernière intervention
19 juin 2011
-
Messages postés
2
Date d'inscription
samedi 30 avril 2011
Statut
Membre
Dernière intervention
19 juin 2011
-
[b]HI,
I have an application for creating accounts with :
"Name" / "email"/ "password" (I use sha1 to hash it) , I created a diferent page to update these info, but if i update name or email only the password gets encrypted a second time./b
--------------------------------------------------------------------------

Below is my code for the update page, I want to update the password only when it is changed.

***********************************************************************
<?php require_once('../../Connections/myDB.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue "", $theNotDefinedValue "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "loginForm")) {
$updateSQL = sprintf("UPDATE userTbl SET Name=%s, Email=%s, Password=sha(%s) WHERE id=%s",
GetSQLValueString($_POST['Name'], "text"),
GetSQLValueString($_POST['Email'], "text"),
GetSQLValueString($_POST['Password'], "text"),
GetSQLValueString($_POST['userId'], "int"));

mysql_select_db($database_myDB, $myDB);
$Result1 = mysql_query($updateSQL, $myDB) or die(mysql_error());

$updateGoTo = "accounts.php";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}

$colname_rsUp = "1";
if (isset($_GET['id'])) {
$colname_rsUp = (get_magic_quotes_gpc()) ? $_GET['id'] : addslashes($_GET['id']);
}
mysql_select_db($database_myDB, $myDB);
$query_rsUp sprintf("SELECT * FROM userTbl WHERE id %s", $colname_rsUp);
$rsUp = mysql_query($query_rsUp, $myDB) or die(mysql_error());
$row_rsUp = mysql_fetch_assoc($rsUp);
$totalRows_rsUp = mysql_num_rows($rsUp);
?>

<form action="<?php echo $editFormAction; ?>" id="updateForm" name="loginForm" method="POST">

Name : |
" size ="30" />,

----

Email: |

" size= "30" />,

----

Password: |
" size ="30" />,

----

,

,


" />

</form>
<?php
mysql_free_result($rsUp);
?>
**************************************************************************

Thank you.

2 réponses

Messages postés
1654
Date d'inscription
dimanche 7 septembre 2008
Statut
Membre
Dernière intervention
11 septembre 2013
16
bonjour
try something like
a++
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "loginForm")) { 
$a = sprintf("UPDATE userTbl SET Name=%s, Email=%s, Password=sha(%s) WHERE id='%s'", 
$b = sprintf("UPDATE userTbl SET Name=%s, Email=%s, WHERE id='%s'", 
GetSQLValueString($_POST['Name'], "text"), 
GetSQLValueString($_POST['Email'], "text"), 
GetSQLValueString($_POST['Password'], "text"), 
GetSQLValueString($_POST['userId'], "int")); 

$sql=sprintf("select * from userTbl where WHERE id='%s' ");
$r=mysql_fecth_row(mysql_query($sql));
//sha() or sha1() with php ... i thing ?
if($r['Password']===sha($_POST['password'])){
$updateSQL=$a;
}else{
$updateSQL=$b; //without password
}


mysql_select_db($database_myDB, $myDB); 
$Result1 = mysql_query($updateSQL, $myDB) or die(mysql_error());


Bonne programmation !
Messages postés
2
Date d'inscription
samedi 30 avril 2011
Statut
Membre
Dernière intervention
19 juin 2011

Thank you very much, I will try it immediately, I truly appreciate your help