[RESOLVED] mysql_result help

transfield

Hello,
I've written a code for users to update their username & password. This code interacts with a MySql database. For some reason, the code is not updating the MySql database though there is no error message displayed. I suspect it has got something to do with the following statement I'm using:-

if ((mysql_result($result,0,"email")=='$email')&&(mysql_result $result,0,"password")=='$pass3')){

Anyway, I've posted my full code below for you to see the big picture. I appreciate your guidance on this matter.

<head>
<title>Untitled Document</title>
</head>
<body>
<form name="form1" method="post" action="">
  <p>
    <input name="username" type="text" id="username" size="20">
  Type a username of your choice </p>
  <p>
    <input name="password1" type="password" id="password1" size="20"> 
    Type a password of your choice</p>
  <p>
    <input name="password2" type="password" id="password2" size="20">
Re-confirm password </p>
  <p>
    <input name="password3" type="password" id="password3" size="20">
    Key in your old password 
  </p>
  <p>
    <input name="email" type="text" id="email" size="20">
  Your registered email address </p>
  <p>
    <input name="Submit1" type="submit" id="Submit1" value="Submit">
  </p>
  <p>
<?php
$username="abc123";
$password="abc123";
$database="abc123";
$host="localhost";
$user=$_POST['username'];
$pass1=$_POST['password1'];
$pass2=$_POST['password2'];
$pass3=$_POST['password3'];
$email=$_POST['email'];
$Submit1=$_POST['Submit1'];

if(isset($Submit1))
{
	if (($user != '')&&($pass1 != ''))
	{

if ($pass1 == $pass2)
{
	mysql_connect ("$host","$username","$password");
	mysql_select_db($database) or die( "Where's the database man?");
	$query = "SELECT * FROM customers WHERE email = '$email' AND password = '$pass3'";
	$result = mysql_query($query);
	$numrows = mysql_num_rows($result);
	if ($numrows > 0)
	{
		if ((mysql_result($result,0,"email")=='$email')&&(mysql_result($result,0,"password")=='$pass3'))
		{

			$query="UPDATE customers SET username = '$user', password = '$pass1' WHERE email='$email' AND password = '$pass3'";

			mysql_query($query);
			echo "Excellent! Your new username & password have been updated!";
		}
		else
		{
			echo "Something's not right somewhere :-)";
		}

	}
	else
	{
		echo "You are not a registered user";
	}

}
else
{
	echo "Password does not match";
}

}
else
{
	echo "The fields are blank!";
}
}
?>
  </p>
</form>

</body>
</html>

bpat1434

That's a little redundant:
If either $email or $pass3 aren't in the database, the query will fail. So if your query doesn't fail, why check again that they are indeed equivalent?

And as a tip, for future reference, you should always do error checking before posting:

mysql_query($query);

I see no error checking when you run the UPDATE query....:

mysql_query($query) or die('Error: '.mysql_errno().'<br>'.mysql_error());

My guess is, there's something wrong with the query, and mySQL is reporting it, but php isn't catching it because there's nothing there for your script to catch!

transfield

Thank you for your reply bpat.

I've added the error checking in my code but there is still no error message appearing. My full code is posted below.

If either $email or $pass3 aren't in the database, the query will fail. So if your query doesn't fail, why check again that they are indeed equivalent?

With regards to your quote above, here's how the code is supposed to work:-

The code needs to check whether this person is a registered customer or not before allowing him/her to update his/her username/password. The code does this checking by confirming if $pass3(the customer's old password) and $email(the customer's email address) is already existent in the MySql database.

Sorry if I sound confused. I am :-)

<head>
<title>Untitled Document</title>
</head>
<body>
<form name="form1" method="post" action="">
  <p>
    <input name="username" type="text" id="username" size="20">
  Type a username of your choice </p>
  <p>
    <input name="password1" type="password" id="password1" size="20"> 
    Type a password of your choice</p>
  <p>
    <input name="password2" type="password" id="password2" size="20">
Re-confirm password </p>
  <p>
    <input name="password3" type="password" id="password3" size="20">
    Key in your old password 
  </p>
  <p>
    <input name="email" type="text" id="email" size="20">
  Your registered email address </p>
  <p>
    <input name="Submit1" type="submit" id="Submit1" value="Submit">
  </p>
  <p>
<?php
$username="abc123";
$password="abc123";
$database="abc123";
$host="localhost";
$user=$_POST['username'];
$pass1=$_POST['password1'];
$pass2=$_POST['password2'];
$pass3=$_POST['password3'];
$email=$_POST['email'];
$Submit1=$_POST['Submit1'];

if(isset($Submit1))
{
	if (($user != '')&&($pass1 != ''))
	{

if ($pass1 == $pass2)
{
	mysql_connect ("$host","$username","$password");
	mysql_select_db($database) or die( "Where's the database man?");
	$query = "SELECT * FROM customers WHERE email = '$email' AND password = '$pass3'";
	$result = mysql_query($query) or die('Error: '.mysql_errno().'<br>'.mysql_error());
	$numrows = mysql_num_rows($result);
	if ($numrows > 0)
	{
		if ((mysql_result($result,0,"email")=='$email')&&(mysql_result($result,0,"password")=='$pass3'))
		{

			$query="UPDATE customers SET username = '$user', password = '$pass1' WHERE email='$email' AND password = '$pass3'";

			mysql_query($query) or die('Error: '.mysql_errno().'<br>'.mysql_error());
			echo "Excellent! Your new username & password have been updated!";
		}
		else
		{
			echo "Something's not right somewhere :-)";
		}

	}
	else
	{
		echo "You are not a registered user";
	}

}
else
{
	echo "Password does not match";
}

}
else
{
	echo "The fields are blank!";
}
}
?>
  </p>
</form>

</body>
</html>

rincewind456

transfield wrote:
With regards to your quote above, here's how the code is supposed to work:-

The code needs to check whether this person is a registered customer or not before allowing him/her to update his/her username/password. The code does this checking by confirming if $pass3(the customer's old password) and $email(the customer's email address) is already existent in the MySql database.

Sorry if I sound confused. I am :-)

Yes but as Bpat was saying you have already checked that they exist by running the query, so checking again is a waste of time.

That is also where I think your problem may be, you may want to remove the quotes from around $email and $pass3 in this bit of code

if ((mysql_result($result,0,"email")=='$email')&&(mysql_result($result,0,"password")=='$pass3'))
{

But it would be easiest to remove that part completely as Bpat said.

transfield

Thank you for your reply rincewind.

Now I understand why what you and Bpat were talking about the code which was checking the same values twice. Thanks for the clarification.

I removed the quotes from around $email and $pass3 as you suggested & the code is working fine :-) I also tried removing the whole line & it worked fine as well.

If it's not too troublesome for you, could you please explain why you asked me to remove the quotes from around $email and $pass3?

I appreciate your guidance on this matter.

Warm Regards.

rincewind456

Well it's because when it had the single quotes around it $email becomes a string, so doing this

$email = 'me@home.com';

echo'$email';

will result in the word $email being printed to the screen, not it's contents "me@home.com".

Take a look at the manual for [man]Strings[/man] it will explain it much more comprehensively.

transfield

Thanks a lot, rincewind. I will certainly do some reading on string functions. I appreciate your reply.

Warm Regards.