CODEWITHSUNDEEP
phpmysql
Philipp K aus M.
Philipp K aus M.

Reputation: 86

SQL UPDATE IF password is correct

I have the following code :

$userpass = $row->userpass;
$gesamtpass = $pass.$chili;
$pwdata = mysql_query("SELECT MD5('".$gesamtpass."') AS newpass");
$pwk = mysql_fetch_object($pwdata);
$pwkey = $pwk->newpass;

$_POST["email"] = $email;
$_POST["fbuid"] = $fbuid;

if ($userpass == $pwkey){
  $result_update = mysql_query("UPDATE member SET (fbuid = '".mysql_real_escape_string($_POST["fbuid"])."')  WHERE email = '".mysql_real_escape_string($_POST['email'])."'") or die("not possible");}

I don´t get this code work updating my data.

Upvotes: 1

Views: 242

Answers (3)

sockeqwe
sockeqwe

Reputation: 15929

Whats the error message?

1) You can generate MD5 hashes in php directly (md5 In php) which should reach a better performance.

2) Have you checked (by a simple echo ) if $userpass == $pwkey is true?

3) try to remove the

or die("not possible");

part, to get a sql error (if there is one)

4) It seems to me, that you did not understand how to use $_POST[] Variables, bcause you assign them values!?!?!?!

Upvotes: 0

DaveRandom
DaveRandom

Reputation: 88697

This code does what you want to do in a tidier way. It also outputs some useful error messages when things go wrong. Obviously, you should not output these directly to the user in production, but it will help you debug the problem while developing.

// Is this already an MD5 hash?
$userpass = $row->userpass;
// MUCH simpler way to do MD5
$pwkey = md5($pass.$chili);

if ($userpass == $pwkey) { // Compare the passwords
  // If they match, do the query
  $query = "UPDATE member
            SET fbuid = '".mysql_real_escape_string($fbuid)."'
            WHERE email = '".mysql_real_escape_string($email)."'";
  mysql_query($query) or die("MySQL Query Error: ".mysql_error());
} else {
  // They don't match, lets look at the data and find out why
  die("They don't match! $userpass != $pwkey");
}

Upvotes: 2

Boopathi
Boopathi

Reputation: 166

$userpass = $row->userpass;
$gesamtpass = $pass.$chili;
$pwdata = mysql_query("SELECT MD5('".$gesamtpass."') AS newpass");
$pwk = mysql_fetch_object($pwdata);
$pwkey = $pwk->newpass;

$_POST["email"] = $email;
$_POST["fbuid"] = $fbuid;

if ($userpass == $pwkey)
{
  $result_update = mysql_query("UPDATE member SET fbuid = '".mysql_real_escape_string($_POST["fbuid"])."'  WHERE email = '".mysql_real_escape_string($_POST['email'])."'") or die("not possible");
 }

without using braces() for the fields to update

Upvotes: -1

Related Questions