Jump to content
Larry Ullman's Book Forums

Recommended Posts

I've got this script working nicely but while I was testing 2 questions cropped up:

 

1. If the new password entered is the same as the current password, it is rejected. Is that a feature of mysql?

 

2. mysqli_error didn't show up the error that I was encountering as a result of question 1. Is there something wrong with my code?

 

echo '<h1>System Error</h1>
  <p class="error">You password could not be changed due to a system error. We apologise
  for any inconvenience.</p>';
  echo '<p>' . mysqli_error($dbc) . '</p><p>Query: ' . $q . '</p>';

 

Everything displayed including the $q variable but not the mysqli_error($dbc). Thanks for replying.

Share this post


Link to post
Share on other sites
1. If the new password entered is the same as the current password, it is rejected. Is that a feature of mysql?

 

When you do a password change, you are using an UPDATE query. An UPDATE query is supposed to say "change value x to value y". In your case, the old password is the same as the new. In effect you are telling mysql: Please update value x to value x. Which makes no sense. This is why mysql returns 0 Rows Affected because nothing happened and no rows were changed - as your UPDATE query doesn't make sense.

 

 

 

2. mysqli_error didn't show up the error that I was encountering as a result of question 1. Is there something wrong with my code?

mysqli_error shows no error because there was no error! Your update query is perfect valid syntactically. It just doesn't do anything because the old password and the new password are identical. But no error occurred.

 

Side point: Please delete the line -

 

 

[color=#000000][font=monospace][size=2]echo [/size][/font][/color][color=#008800][font=monospace][size=2]'<p>'[/size][/font][/color][color=#000000][font=monospace][size=2] [/size][/font][/color][color=#666600][font=monospace][size=2].[/size][/font][/color][color=#000000][font=monospace][size=2] mysqli_error[/size][/font][/color][color=#666600][font=monospace][size=2]([/size][/font][/color][color=#000000][font=monospace][size=2]$dbc[/size][/font][/color][color=#666600][font=monospace][size=2])[/size][/font][/color][color=#000000][font=monospace][size=2] [/size][/font][/color][color=#666600][font=monospace][size=2].[/size][/font][/color][color=#000000][font=monospace][size=2] [/size][/font][/color][color=#008800][font=monospace][size=2]'</p><p>Query: '[/size][/font][/color][color=#000000][font=monospace][size=2] [/size][/font][/color][color=#666600][font=monospace][size=2].[/size][/font][/color][color=#000000][font=monospace][size=2] $q [/size][/font][/color][color=#666600][font=monospace][size=2].[/size][/font][/color][color=#000000][font=monospace][size=2] [/size][/font][/color][color=#008800][font=monospace][size=2]'</p>';[/size][/font][/color]

You really don't want to be showing your users the mysqli error details. Doing so is a significant security flaw as your user will see details pertaining to the design of your database. You never want to be

  • Upvote 1

Share this post


Link to post
Share on other sites

[color=#000000][font=monospace][size=2]echo [/size][/font][/color][color=#008800][font=monospace][size=2]'<p>'[/size][/font][/color][color=#000000][font=monospace][size=2] [/size][/font][/color][color=#666600][font=monospace][size=2].[/size][/font][/color][color=#000000][font=monospace][size=2] mysqli_error[/size][/font][/color][color=#666600][font=monospace][size=2]([/size][/font][/color][color=#000000][font=monospace][size=2]$dbc[/size][/font][/color][color=#666600][font=monospace][size=2])[/size][/font][/color][color=#000000][font=monospace][size=2] [/size][/font][/color][color=#666600][font=monospace][size=2].[/size][/font][/color][color=#000000][font=monospace][size=2] [/size][/font][/color][color=#008800][font=monospace][size=2]'</p><p>Query: '[/size][/font][/color][color=#000000][font=monospace][size=2] [/size][/font][/color][color=#666600][font=monospace][size=2].[/size][/font][/color][color=#000000][font=monospace][size=2] $q [/size][/font][/color][color=#666600][font=monospace][size=2].[/size][/font][/color][color=#000000][font=monospace][size=2] [/size][/font][/color][color=#008800][font=monospace][size=2]'</p>';[/size][/font][/color]

 

I meant this:

echo '<p>' . mysqli_error($dbc) . '</p><p>Query: ' . $q . '</p>';

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...