Results 1 to 5 of 5
  1. #1
    Join Date
    May 2005
    Location
    United Kingdom / England
    Posts
    557

    * small php if/else problem

    Hi all i have this peice of code which allows my users to edit their profile details they can easily change and edit.. and if they dont fill in a field it gives them a "field missing error" and to retry.. all of that works.

    Now here is my peice of code

    PHP Code:
    <?php
      
    include "../../config.php";
      
    $firstname $_POST['firstname'];
      
    $password $_POST['password'];
      
    $n_firstname $_POST['new_firstname'];
      
    $update $_POST['update'];
      if ((!
    $firstname) || (!$n_firstname) || (!$password)){
       include 
    'fieldmissing.php';
       exit();
      }
        
    $connection mysql_connect("**************","****","****");
        
    mysql_select_db("****"$connection);
        if ( 
    $firstname && $password && $n_firstname && $update ) {
        
    mysql_query("UPDATE cms_members SET firstname='$n_firstname' WHERE firstname='$firstname' AND password='$password'"$connection);
        
    mysql_close($connection);
        include 
    'successfulchange.php';
        }
    ?>
    Thats a working validation script.. as you can see when the user puts in her old firstname and then her new first name and then her current password it updates and sends them to the successful page, if they miss out a field it tells them field is missing etc..

    But when the user fills out the field but with the wrong information i.e. wrong password or firstname etc it dosent update but goes to the succuessful page?? I want it to go to another page if the password or current username is incorrect.. how can i do this?

    If tried putting other if and else statements in between but dosent work.. it seems to be a very small problem i dont know how to fix.

    Thanks in advance.
    Kayz

  2. #2
    Join Date
    Dec 2007
    Location
    Lebanon
    Posts
    413
    after this line

    PHP Code:
    mysql_query("UPDATE cms_members SET firstname='$n_firstname' WHERE firstname='$firstname' AND password='$password'"$connection); 

    if(
    mysql_affected_rows()<1){
               
    //do what u want to do if the info were wrong
    }
    else {
           include 
    'successfulchange.php';


  3. #3
    Join Date
    Feb 2006
    Location
    Buffalo NY
    Posts
    1,348
    Or you can do something along the lines of:

    PHP Code:
    $query mysql_query("SELECT BLAH FROM BLAH");

    if (
    mysql_num_rows($query) <= 0))
    {
        die(
    "Invalid login!");

    either way they're both the same. You're not sanitizing your input at all though so theres SQL injections. Wrap all of the stuff you're passing through MySQL with mysql_real_escape_string.

    Also a better way to make sure theres input is use isset().

    EX:

    PHP Code:
    if (!isset($_POST['username']) || !isset($_POST['password']))
    {
        die(
    "Missing fields!");

    Any who good luck with your CMS / script !
    Cody R.
    Hawk Host Inc. Proudly Serving websites since 2004.
    Let's Encrypt Sponsor.

  4. #4
    Join Date
    Apr 2004
    Location
    SF Bay Area
    Posts
    877
    Quote Originally Posted by kayz View Post
    But when the user fills out the field but with the wrong information i.e. wrong password or firstname etc it dosent update but goes to the succuessful page?? I want it to go to another page if the password or current username is incorrect.. how can i do this?
    I would strongly suggest you look at HTML_QuickForm. It has embedded error checking and the ability to create custom error check functions. It makes for extremely clean coding when it comes to creating and managing forms. You will never go back to hand-coding your own error-checking and form handling mechanisms. Spending a few hours to learn it will save you many, many more hours you'll spend writing and debugging many more lines of code than you really need.

    This is a very good "getting started" guide here to HTML_QuickForm that helped me a lot to learn it:

    http://midnighthax.com/quickform.php

  5. #5
    Join Date
    May 2005
    Location
    United Kingdom / England
    Posts
    557
    I would like to thankyou both Codebird and Empathogen, it is working now cheers (:

    Quote Originally Posted by serverminds View Post
    I would strongly suggest you look at HTML_QuickForm. It has embedded error checking and the ability to create custom error check functions. It makes for extremely clean coding when it comes to creating and managing forms. You will never go back to hand-coding your own error-checking and form handling mechanisms. Spending a few hours to learn it will save you many, many more hours you'll spend writing and debugging many more lines of code than you really need.

    This is a very good "getting started" guide here to HTML_QuickForm that helped me a lot to learn it:

    http://midnighthax.com/quickform.php
    Thankyou serverminds i will most certainly look into it.

    Cheers to you all once again.
    Kayz

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •