That's great. I've looked over it and still can't answer my own question. Here's my code:
<?php
// includes
include("db-conn-ex.php");
// form not yet submitted
// display initial form with values pre-filled
if (!$submit)
{
// open database connection
$connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!");
// select database
mysql_select_db($db) or die ("Unable to select database!");
// generate and execute query
$query = "SELECT * FROM users WHERE userid = '$userid '";
$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
// if a result is returned
if (mysql_num_rows($result) > 0)
{
// turn it into an object
$row = mysql_fetch_object($result);
// print form with values pre-filled
?>
<table cellspacing="5" cellpadding="5">
<form action="<?php echo $PHP_SELF; ?>" method="POST" name="theform" id="theform">
<input type="hidden" name="userid " value="<?php echo $userid ; ?>">
<tr>
<td valign="middle"><b><?php echo $row->username; ?></b></td>
<td></td>
</tr>
<tr>
<td valign="top"><font class="text-blog"><b>New Password: </b></font></td>
<td><input size="40" maxlength="250" type="password" name="password"></td>
</tr>
<tr>
<td colspan=2 align="center"><input type="Submit" name="submit" value="Update">
</td>
</tr>
</form>
</table>
<?
}
// no result returned
// print graceful error message
else
{
echo "<font class='text-blog'>The user you are looking for cannot be found in out database.</font>";
}
}
// form submitted
// start processing it
else
{
// set up error list array
$errorList = array();
$count = 0;
// validate text input fields
if (!$password) { $errorList[$count] = "Invalid entry: Password"; $count++; }
// check for errors
// if none found...
if (sizeof($errorList) == 0)
{
// open database connection
$connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!");
// select database
mysql_select_db($db) or die ("Unable to select database!");
// generate and execute query
$encrypted_password = md5($_POST["password"]);
$query = "UPDATE users SET PASSWORD = '$encrypted_password' WHERE userid = '$userid'";
$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
// print result
echo "<font class='text-blog'>Your blog was successfully edited and saved to the database. </font><a href='main.php'>Go back to the control panel menu</a>.</font>";
// close database connection
mysql_close($connection);
}
else
{
// errors occurred
// print as list
echo "<font size=-1>The following errors were encountered: <br>";
echo "<ul>";
for ($x=0; $x<sizeof($errorList); $x++)
{
echo "<li>$errorList[$x]";
}
echo "</ul></font>";
}
}
?>
