0

I am testing a password update process with php/mysql. I don't get any error on submit, but my values are not updated. Any ideas?

if (!empty($_POST['password']) && !empty($_POST['password2'])){
    $id = $_GET['id'];
    $password = md5(mysql_real_escape_string($_POST['password']));
    $sql = mysql_query("UPDATE users SET `Password` = '$password' WHERE UserID = '$id'");
    if ($sql){
        echo $password, $id;
    }else{
        echo mysql_error();
    }
}
Improve this question
5
  • More debugging: print out the resulting query, try it in phpmyadmin etc. Does your code reach the echo $pw, $id at all? Commented Nov 23, 2013 at 5:01
  • 1
    You're combining $_GET and $_POST. Is this deliberate, or should $_GET['id'] be $_POST['id'] instead? Commented Nov 23, 2013 at 5:03
  • Try $query = "UPDATE users SET Password = '$password' WHERE UserID = '$id'" and debug $query variable and check if it will work in your backend. Commented Nov 23, 2013 at 5:04
  • That's probably the answer @PatJ. You should post that as an answer. ;-) Commented Nov 23, 2013 at 5:05
  • I'm passing an id in the url to verify the user when they retrieve the link in their inbox. I am try to GET that id from the URL to compare it with what I have stored. Commented Nov 23, 2013 at 20:50

5 Answers 5

Reset to default
1

Just a hunch. Try removing quotation marks around the variable, $id:

if (!empty($_POST['password']) && !empty($_POST['password2'])){
    $id = $_GET['id'];
    $password = md5(mysql_real_escape_string($_POST['password']));
    $sql = mysql_query("UPDATE users SET `Password` = '$password' WHERE UserID = {$id}");
    if ($sql){
        echo $password, $id;
    }else{
        echo mysql_error();
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You've combined $_GET and $_POST. Try changing $_GET['id'] to $_POST['id']. If that doesn't work, try adding

var_dump( $_POST );
var_dump( $_GET );

to your code. That might help you debug.

Improve this answer

4 Comments

It is possible to have $_POST and $_GET though. But you are right that a little more information from the OP is helpful.
True. If nothing else, it'll eliminate $_GET/$_POST as the problem.
I'm passing an id in the url to verify the user when they retrieve the link in their inbox. I am try to GET that id from the URL to compare it with what I have stored. ../reset_password.php?id=1
Ah, OK. Make sure, though, that you ensure that your ID is an integer (right?) by doing something like $id = intval( $_GET['id'] );. See Data Validation for more details.
0

mysql_real_escape_string returns TRUE/FALSE

just use it like this

if(mysql_real_escape_string($_POST['password']))
{
    $password = md5($_POST['password']);
}

It will work now !

Suggestion :

Go one way. Either GET or POST

Improve this answer

Comments

0

This seemed to work:

$id = $_REQUEST['id'];
if (!empty($_POST['password']) && !empty($_POST['password2'])){
    $password = md5(mysql_real_escape_string($_POST['password']));
    $sql = mysql_query("UPDATE users SET Password = '".$password."' WHERE UserID = '".$id."'");
    if ($sql){
        echo "Password reset.";
        echo "<meta http-equiv='refresh' content='1;index.php' />";
    }else{
        echo mysql_error();
    }
}else{
?>
<form role="form" action="[Leave blank]" method="post" name="resetpassword" id="resetpassword">
Improve this answer

2 Comments

One more check you might want to do: $_POST['password'] == $_POST['password2'].
Tks! Just trying to get it to work at this point, then on to error/form checking.
-2

Is it the right ID that you are trying to update?

Improve this answer

5 Comments

add this is as a comment to the question if you're not answering the question.
It is an answer but in the form of a question
So its an answer in a form of a question. Really?
ok then Sico. No problem :)
Sorry, up way past my bedtime in the UK :)

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.