I might be way off here. Php.net tells me that:
[quote]
mysql_real_escape_string — Escapes special characters in a string for
use in a SQL statement
string **mysql_real_escape_string** ( string $unescaped_string [,
resource $link_identifier ] )
[/quote]
and you use
[quote]
mysqli_real_escape_string($chpwpostlink, $_POST['txtLoginName']);
[/quote]
I can't imagine that $_POST['txtLoginName'] is a resource identifier
(which is the actual connection to your database).
Also, this condition:
[quote]
if (!isset($_POST['txtLoginName']) || empty($_POST['txtLoginName']))
[/quote]
is true if and only if no form element by the name txtLoginName existed
on the previous page - and on top of that, empty() does the same as
isset() and apart from that also checks whether, if the variable has
been set, it has a value (0, "", NULL or FALSE) that evaluates to FALSE.
I don't understand why you'd want to fill the username with a tab
either: "\t".
Maybe you can post your full code?
Evert
Daniel Brown wrote:
On Tue, Mar 25, 2008 at 1:14 PM, Jason Pruim <japruim@xxxxxxxxxx> wrote:
the actual query I'm using is this:
$chpwsql = "UPDATE current SET customerName='$customerName',
loginName='$loginName', loginPassword='$PW', email='$email',
adminLevel='$adminLevel' WHERE Record='$Record1'";
What it is doing now is if I don't set a a field I am replacing the
content of it with a tab, which isn't what I want. Basically what I'm
looking for is if loginPassword hasn't changed... don't clear the
contents of it. if it has changed, then update loginPassword
Okay, since you won't only want to rely on isset() here (in case
someone accidentally hits a key into the field), try this:
// NOTE: This assumes prior sanity checks and cleansing
// of variables, and is written like so to avoid breaking
// of the query due to mail client-enforced line breaks.
$chpwsql = "UPDATE current SET ";
$chpwsql .= "customerName='".$customername."',";
$chpwsql .= "loginName='".$loginName."',";
if(preg_match('/^[a-z0-9]{5,16}$/i',$PW)) {
// If it's between 5-16 case-insensitive alphanumeric
// characters, it's all good. If you want to allow symbols,
// simply modify the regexp accordingly.
$chpwsql .= "loginPassword='".$PW."',";
}
$chpwsql .= "email='".$email."',";
$chpwsql .= "adminLevel='".$adminLevel',";
$chpwsql .= " WHERE Record='".$Record1."'";
$chpwsql .= " LIMIT 1";
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
