SQL Problem - I think.. - PHPBuilder Forums

SQL Problem - I think..

Shuriken1

Hi, I was happily coding away earlier producing a update script so my users can change any of their details if and when necessary, this is what I made:

$dob and $username_update are set from the DB record itself so they act as a link to ensure the correct record is being updated. They are being sent successfully.

$md5_password_update = md5($password_update);

//Connect to DB
include("includes/db_selection.php");

//Include Table Refs
include("includes/db_tables.php");

$sql = "SELECT * FROM ".$LOGIN_TABLE." WHERE dob = '$dob'"; // Select the record
$result = mysql_query($sql) or die(mysql_error());
$num = mysql_num_rows($result);
$myrow = mysql_fetch_array($result); 
if ($num > 0) { // If there is a result
	if ($md5_password_update == $myrow['password']) { // If password entered matches password in record
		if (empty($username_update) || empty($password_update) || empty($password_update_confirm) || empty($first_name_update) || empty($email_update) || empty($connection_update)) { // Any fields empty - redirect
			//Redirect
			redirect("error", "empty");			
		} elseif ($password_update != $password_update_confirm) { // Password fields don't match - redirect
			//Redirect
			redirect("error", "mismatch");
		}

			$sql = "UPDATE ".$LOGIN_TABLE." SET username = '$username_update', password = '$md5_password_update', first_name = '$first_name_update', surname = '$surname_update', email = '$email_update', location = '$location_update', connection = '$connection_update', favourite_weapon = '$favourite_weapon_update', quote = '$quote_update' LIMIT 1"; // Update the record
			$result = mysql_query($sql) or die(mysql_error());

	} else {
		redirect("error", "invalid_password");
	}
} else {
	redirect("error", "user_not_found");
}

Now, the problem is that it doesn't seem to be selecting the right record as, when I ran it, it updated the first record in the table (probably would have carried on without the LIMIT 1). I am not sure what I am doing wrong, it is a relatively simple script - it has bafffled me.
Oh, redirect(); is a self made function so thats not the problem either.
Any help will be greatly appreciated.

Shuriken1.

Shrike

You need to add a WHERE clause to your UPDATE statment, using $dob and $username_update as you mentioned at the start.

By the way md5() is not really meant for encrypting strings, use crypt() instead.

HTH

Shuriken1

Argh, had to be something silly! Thanks for the help and thanks for the crypt() tip 🙂.

Shuriken1.