Hi all i have this peice of code which allows my users to edit their profile details they can easily change and edit.. and if they dont fill in a field it gives them a "field missing error" and to retry.. all of that works.

Now here is my peice of code


<?php
include "../../config.php";
$firstname = $_POST['firstname'];
$password = $_POST['password'];
$n_firstname = $_POST['new_firstname'];
$update = $_POST['update'];
if ((!$firstname) || (!$n_firstname) || (!$password)){
include 'fieldmissing.php';
exit();
}
$connection = mysql_connect("**************","****","****");
mysql_select_db("****", $connection);
if ( $firstname && $password && $n_firstname && $update ) {
mysql_query("UPDATE cms_members SET firstname='$n_firstname' WHERE firstname='$firstname' AND password='$password'", $connection);
mysql_close($connection);
include 'successfulchange.php';
}
?>


Thats a working validation script.. as you can see when the user puts in her old firstname and then her new first name and then her current password it updates and sends them to the successful page, if they miss out a field it tells them field is missing etc..

But when the user fills out the field but with the wrong information i.e. wrong password or firstname etc it dosent update but goes to the succuessful page?? I want it to go to another page if the password or current username is incorrect.. how can i do this?

If tried putting other if and else statements in between but dosent work.. it seems to be a very small problem i dont know how to fix.

Thanks in advance.

after this line


mysql_query("UPDATE cms_members SET firstname='$n_firstname' WHERE firstname='$firstname' AND password='$password'", $connection);

if(mysql_affected_rows()<1){
//do what u want to do if the info were wrong
}
else {
include 'successfulchange.php';
}

Or you can do something along the lines of:


$query = mysql_query("SELECT BLAH FROM BLAH");

if (mysql_num_rows($query) <= 0))
{
die("Invalid login!");
}


either way they're both the same. You're not sanitizing your input at all though so theres SQL injections. Wrap all of the stuff you're passing through MySQL with mysql_real_escape_string (http://www.php.net/mysql_real_escape_string).

Also a better way to make sure theres input is use isset() (http://www.php.net/isset).

EX:


if (!isset($_POST['username']) || !isset($_POST['password']))
{
die("Missing fields!");
}


Any who good luck with your CMS / script :)!

But when the user fills out the field but with the wrong information i.e. wrong password or firstname etc it dosent update but goes to the succuessful page?? I want it to go to another page if the password or current username is incorrect.. how can i do this?
I would strongly suggest you look at HTML_QuickForm. It has embedded error checking and the ability to create custom error check functions. It makes for extremely clean coding when it comes to creating and managing forms. You will never go back to hand-coding your own error-checking and form handling mechanisms. Spending a few hours to learn it will save you many, many more hours you'll spend writing and debugging many more lines of code than you really need.

This is a very good "getting started" guide here to HTML_QuickForm that helped me a lot to learn it:

http://midnighthax.com/quickform.php

I would like to thankyou both Codebird and Empathogen, it is working now cheers (:

I would strongly suggest you look at HTML_QuickForm. It has embedded error checking and the ability to create custom error check functions. It makes for extremely clean coding when it comes to creating and managing forms. You will never go back to hand-coding your own error-checking and form handling mechanisms. Spending a few hours to learn it will save you many, many more hours you'll spend writing and debugging many more lines of code than you really need.

This is a very good "getting started" guide here to HTML_QuickForm that helped me a lot to learn it:

http://midnighthax.com/quickform.php

Thankyou serverminds i will most certainly look into it.

Cheers to you all once again. :) :agree: