Using UPDATE, no error returned, but returns false

Mordecai

This is my query: "UPDATE users SET password=PASSWORD('".$POST["newpassword"]."') WHERE username='".$username."' AND password=PASSWORD('".$POST["oldpassword"]."')"

Immediately after, I use:
if (mysql_num_rows($result) >= 1) { }

The mysql_query does not print out an error, but mysql_num_rows says $result is not a valid MySQL result. Everything inside is working correctly--I have echoed out the query, and it appears fine.

I've tried putting the PASSWORD() functions inside quotes, but that returned an error using mysql_query().

Any clues? I'm not the best at databases...

Sphynx

Looks to me like you've named a field in your table (password) after a function (PASSWORD). Try changing the field name to something like PWD instead.

I'm guessing PHP is happy, but mysql is just... confused.
😉

laserlight

Maybe you could give us the code snippet so we can examine it?

I dont think mysql is 'confused', since there was no error from mysql as you mentioned, and using 'password' as an identifier is acceptable though not entirely advisable.

EDIT:
actually, I dont see what really is wrong about using 'password' as an identifier as long as one is careful.
I just remembered that some of my own login systems store the password as password, and there didnt seem to be a problem at all...
hmm...

Sphynx

Yeah, I see what you're saying. Just my pref not to do that. Mysql might not be confused, but I am! :p

kevinsequeira

from the manual

http://www.php.net/manual/en/function.mysql-num-rows.php
mysql_num_rows() returns the number of rows in a result set. This command is only valid for SELECT statements. To retrieve the number of rows affected by a INSERT, UPDATE or DELETE query, use mysql_affected_rows().

hope this helps
reg
kevin

Mordecai

Ack! Only for select! I didn't know that... Thanks!
I didn't even bother to check that.