Daniel Brown wrote:
On Tue, Feb 26, 2008 at 8:55 AM, Henry Felton <hdcfelton@xxxxxxxxx> wrote:
Hi everyone,
I'm just getting into PHP at the moment and was wondering; what code would I
need to look at a field value entered in a form, then if that value is found
in my table, enter all the other information entered in the form, to the
other fields on that record.
Basically, what I'm trying to do is give a load of users an individual
password that they enter, with various other pieces of information such as
year of birth, single/married or whatever, into a form. In MySQL I have a
table with three fields, but only the password one has any data in them. A
script will then took in the table to find the password entered in the form,
and then append all the other information (i.e. data for the other two
fields) to the particular record that holds the password value entered.
Henry (AKA: "Max"),
Try this:
<?
include('config.php'); // Your database configuration and connection
information....
if($_POST) {
$dob = mysql_real_escape_string($_POST['dob']);
$married = mysql_real_escape_string($_POST['married']);
$pass = mysql_real_escape_string($_POST['pass']);
// When designing the database, call the password field `pass`
(without quotes).
// The word `password` is a MySQL reserved word and could cause errors.
$sql = "UPDATE table_name SET dob='".$dob."',
married='".$married."' WHERE
pass='".$pass."' LIMIT 1";
mysql_query($sql) or die("Incorrect password specified. Please
try again.");
// If we've reached here, then we can do whatever we want to acknowledge.
// Let's redirect to a thank you page, sending the variables as a
GET request
// to be parsed by the thank you page script.
header("Location: thankyou.php?dob=".$dob."&married=".$married);
exit;
}
?>
<form method="post" action="<?=$_SERVER['PHP_SELF'];?>" />
Password: <input type="password" name="pass" /><br />
Date of birth (mm/dd/yyyy): <input type="text" name="dob" /><br />
Status: <input type="radio" name="married" value="Married" />Married
<input type="radio" name="married" value="Single" />Single
<input type="radio" name="married" value="Widowed" />Widowed
<input type="radio" name="married" value="Divorced" />Divorced
<input type="radio" name="married" value="Wishing"
/>Wishing I Was Single<br />
<input type="submit" value="Process Now" />
</form>
Consider this, if you have not already:
What if two users happen to have the same password?
It is wrong to assume that no two users will never have the same
password. Doing an update like that, just based on the password column,
is an accident waiting to happen.
You should have a uniquely distinguished name or designation for each
user, and validate the user and password combination. Also, such a
designation should be unique, and keeping entries in a column unique can
be enforced with MySQL.
/Tobias
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
