Jump to content
Larry Ullman's Book Forums

Recommended Posts

I've got this script working nicely but while I was testing 2 questions cropped up:

 

1. If the new password entered is the same as the current password, it is rejected. Is that a feature of mysql?

 

2. mysqli_error didn't show up the error that I was encountering as a result of question 1. Is there something wrong with my code?

 

echo '<h1>System Error</h1>
  <p class="error">You password could not be changed due to a system error. We apologise
  for any inconvenience.</p>';
  echo '<p>' . mysqli_error($dbc) . '</p><p>Query: ' . $q . '</p>';

 

Everything displayed including the $q variable but not the mysqli_error($dbc). Thanks for replying.

Link to comment
Share on other sites

1. If the new password entered is the same as the current password, it is rejected. Is that a feature of mysql?

 

When you do a password change, you are using an UPDATE query. An UPDATE query is supposed to say "change value x to value y". In your case, the old password is the same as the new. In effect you are telling mysql: Please update value x to value x. Which makes no sense. This is why mysql returns 0 Rows Affected because nothing happened and no rows were changed - as your UPDATE query doesn't make sense.

 

 

 

2. mysqli_error didn't show up the error that I was encountering as a result of question 1. Is there something wrong with my code?

mysqli_error shows no error because there was no error! Your update query is perfect valid syntactically. It just doesn't do anything because the old password and the new password are identical. But no error occurred.

 

Side point: Please delete the line -

 

 

[color=#000000][font=monospace][size=2]echo [/size][/font][/color][color=#008800][font=monospace][size=2]'<p>'[/size][/font][/color][color=#000000][font=monospace][size=2] [/size][/font][/color][color=#666600][font=monospace][size=2].[/size][/font][/color][color=#000000][font=monospace][size=2] mysqli_error[/size][/font][/color][color=#666600][font=monospace][size=2]([/size][/font][/color][color=#000000][font=monospace][size=2]$dbc[/size][/font][/color][color=#666600][font=monospace][size=2])[/size][/font][/color][color=#000000][font=monospace][size=2] [/size][/font][/color][color=#666600][font=monospace][size=2].[/size][/font][/color][color=#000000][font=monospace][size=2] [/size][/font][/color][color=#008800][font=monospace][size=2]'</p><p>Query: '[/size][/font][/color][color=#000000][font=monospace][size=2] [/size][/font][/color][color=#666600][font=monospace][size=2].[/size][/font][/color][color=#000000][font=monospace][size=2] $q [/size][/font][/color][color=#666600][font=monospace][size=2].[/size][/font][/color][color=#000000][font=monospace][size=2] [/size][/font][/color][color=#008800][font=monospace][size=2]'</p>';[/size][/font][/color]

You really don't want to be showing your users the mysqli error details. Doing so is a significant security flaw as your user will see details pertaining to the design of your database. You never want to be

  • Upvote 1
Link to comment
Share on other sites

[color=#000000][font=monospace][size=2]echo [/size][/font][/color][color=#008800][font=monospace][size=2]'<p>'[/size][/font][/color][color=#000000][font=monospace][size=2] [/size][/font][/color][color=#666600][font=monospace][size=2].[/size][/font][/color][color=#000000][font=monospace][size=2] mysqli_error[/size][/font][/color][color=#666600][font=monospace][size=2]([/size][/font][/color][color=#000000][font=monospace][size=2]$dbc[/size][/font][/color][color=#666600][font=monospace][size=2])[/size][/font][/color][color=#000000][font=monospace][size=2] [/size][/font][/color][color=#666600][font=monospace][size=2].[/size][/font][/color][color=#000000][font=monospace][size=2] [/size][/font][/color][color=#008800][font=monospace][size=2]'</p><p>Query: '[/size][/font][/color][color=#000000][font=monospace][size=2] [/size][/font][/color][color=#666600][font=monospace][size=2].[/size][/font][/color][color=#000000][font=monospace][size=2] $q [/size][/font][/color][color=#666600][font=monospace][size=2].[/size][/font][/color][color=#000000][font=monospace][size=2] [/size][/font][/color][color=#008800][font=monospace][size=2]'</p>';[/size][/font][/color]

 

I meant this:

echo '<p>' . mysqli_error($dbc) . '</p><p>Query: ' . $q . '</p>';

Link to comment
Share on other sites

 Share

×
×
  • Create New...