On Mar 25, 2008, at 2:57 PM, Evert Lammerts wrote:
I might be way off here. Php.net tells me that:
[quote]
mysql_real_escape_string — Escapes special characters in a string
for use in a SQL statement
string **mysql_real_escape_string** ( string $unescaped_string [,
resource $link_identifier ] )
[/quote]
and you use
[quote]
mysqli_real_escape_string($chpwpostlink, $_POST['txtLoginName']);
[/quote]
I can't imagine that $_POST['txtLoginName'] is a resource identifier
(which is the actual connection to your database).
It's not... see: http://us2.php.net/manual/en/function.mysqli-real-escape-string.php
Notice the I after mysql
Also, this condition:
[quote]
if (!isset($_POST['txtLoginName']) || empty($_POST['txtLoginName']))
[/quote]
is true if and only if no form element by the name txtLoginName
existed on the previous page - and on top of that, empty() does the
same as isset() and apart from that also checks whether, if the
variable has been set, it has a value (0, "", NULL or FALSE) that
evaluates to FALSE.
I don't understand why you'd want to fill the username with a tab
either: "\t".
I didn't want to... What I am attempting to do is if the field is NOT
changed, don't touch it in the database. The main issue I had was with
the password field for updating a password since I"m not going to read
a MD5 hash back to the user to be edited.
Maybe you can post your full code?
Evert
Daniel Brown wrote:
On Tue, Mar 25, 2008 at 1:14 PM, Jason Pruim <japruim@xxxxxxxxxx>
wrote:
the actual query I'm using is this:
$chpwsql = "UPDATE current SET customerName='$customerName',
loginName='$loginName', loginPassword='$PW', email='$email',
adminLevel='$adminLevel' WHERE Record='$Record1'";
What it is doing now is if I don't set a a field I am replacing the
content of it with a tab, which isn't what I want. Basically what
I'm
looking for is if loginPassword hasn't changed... don't clear the
contents of it. if it has changed, then update loginPassword
Okay, since you won't only want to rely on isset() here (in case
someone accidentally hits a key into the field), try this:
// NOTE: This assumes prior sanity checks and cleansing
// of variables, and is written like so to avoid breaking
// of the query due to mail client-enforced line breaks.
$chpwsql = "UPDATE current SET ";
$chpwsql .= "customerName='".$customername."',";
$chpwsql .= "loginName='".$loginName."',";
if(preg_match('/^[a-z0-9]{5,16}$/i',$PW)) {
// If it's between 5-16 case-insensitive alphanumeric
// characters, it's all good. If you want to allow symbols,
// simply modify the regexp accordingly.
$chpwsql .= "loginPassword='".$PW."',";
}
$chpwsql .= "email='".$email."',";
$chpwsql .= "adminLevel='".$adminLevel',";
$chpwsql .= " WHERE Record='".$Record1."'";
$chpwsql .= " LIMIT 1";
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
japruim@xxxxxxxxxx
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
