Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>First of all, it's not recommended to use POST data directly into your query. You'd better escape this data first, to avoid injections.</p> <p>Also, I think your way of using if's isn't the best way. There's no need for a status variable in my opinion. That's for sure in this case. <code>$status</code> is set to <code>NOTOK</code> just before you test it's value. So it'll always be <code>NOTOK</code>, which will cause your script to never update any password.</p> <p>I changed the structure of your tests to an, in my opinion, better one. Have a good look on what you would like to test on, because now your tests are all mixed up.</p> <pre><code>&lt;html&gt; &lt;head&gt; &lt;title&gt;Password Change&lt;/title&gt; &lt;/head&gt; &lt;body&gt; &lt;?php // MySQL connection details $todo=mysql_real_escape_string($_POST['todo']); $username=mysql_real_escape_string($_POST['userid']); $password=mysql_real_escape_string($_POST['password']); $password2=mysql_real_escape_string($_POST['password2']); $oldpass=mysql_real_escape_string($_POST['oldpass']); if(isset($todo) and $todo == "change-password"){ $results = mysql_query("SELECT password FROM kb_users WHERE username = '$username'") or die(mysql_error()); $q1 = mysql_fetch_array($results); if (!$q1) { // The user does not exist in the database. } if ($oldpass == $q1) { // The current password matches the input from the oldpass field. if (strlen($password) &gt; 3 or strlen($password) &lt; 10) { // Password meets requirements if ($password == $password2) { //Passwords match, update the password in the database } else { // The new passwords do not match. } } else { // Password is too short / long } } } ?&gt; &lt;/body&gt; </code></pre> <p></p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload