Member Avatar for slr

Hello

I am making a simple page with one form.

I want to update the password for a user in a table in MySQL - there is only one user in the table.

The code DOES work. It really does update the table record, but once its updated, if succesfful I want it to redirect to another page... it brings out an error - I think its my result query

<?
if(isset($_GET['password']))
{
	$password = $_GET['password'];
	
	// Connect to MySQL
	
	mysql_connect("localhost", "removed", "removed") or die(mysql_error());
	mysql_select_db("table") or die(mysql_error());
	
	// Update the database, where the admin ID is 1 and set the new password.
	
	$query = 'UPDATE `table`.`admin` SET `password` = \''.$password.'\' WHERE `admin`.`id` = 1 LIMIT 1;';
	$result = mysql_query($query) or die("Error: " . mysql_error());
	
		// If the password has been updated - redirect to the login page
		
		if(mysql_num_rows($result)==1)
			{
				// Details match, create the string
					
				$ok=yes;
					
				// Redirect for security reasons
					
				print '<script type="text/javascript">window.location="login.php?newpass='.$ok.'";</script>';
  
			} else {
				
				// Error, the password cannot be reset
				
				$err='Sorry the password has not been updated. Try again';
				
			}
			
}
	
// Create the page
	
print "	
<html>
	<head>
	<title>Admin Area Reset Password</title>
	<link href='/table.css' rel='stylesheet' media='screen, projection' />
	</head>
<body>
<div class='site'>
<div class='yellowbox'>Change Password to the Admin Area<br /> <a style='color:#000;' href='/admin/index.php?confirm=yes'>Back to Admin Area</a><strong>".$err."</strong></div>
	<form action='changepass.php' method='GET'>
		<p>new password:
			<input type='password' name='password' size='20' />
		</p>
		<input type='submit' value='Change password' />
	</form>
</div>
</body>
</html>";
?>

Error is

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /admin/newpass.php on line 18

Line 18

if(mysql_num_rows($result)==1)

Please can someone help?

Edited by slr because: Removed passwords! :$
  • 5 Contributors
  • 17 Replies
  • 273 Views
  • 2 Years Discussion Span
  • Latest Post Latest Post by yewbhex
Member Avatar for DARK_BYTE

I think its because of the ';' inside the query string or something

Edited by DARK_BYTE because: n/a
Member Avatar for slr

Thanks for the reply.

Still the same error.

$query = 'UPDATE `table`.`admin` SET `password` = \''.$password.'\' WHERE `admin`.`id` = 1';

I even removed the LIMIT. It updated the table with the new dummy password though - strange!

Member Avatar for DARK_BYTE

Maybe rewriting the query like this will solve the prblm:
$query="UPDATE admin SET password='$password' WHERE id='1'";

Edited by DARK_BYTE because: n/a
Member Avatar for slr

No. The same error. I think its the actual line 18:


if(mysql_num_rows($result)==1)

Member Avatar for JRM

You have boolean inside the argument.
try this:

var_dump($result); //check what is coming from the query,if anything

if(mysql_num_rows($result) = 1) ; //It's a value result , not boolean
Member Avatar for slr

bool(true)
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /admin/newpass.php on line 20

Thats the error. Line 20

if(mysql_num_rows($result)==1)

If I change it to:

if(mysql_num_rows($result)=1) // note - only one equal sign =

It gives this error:

Fatal error: Can't use function return value in write context in /newpass.php on line 20

Member Avatar for JRM

Sometimes you have to go with the flow...

$test = mysql_num_rows($result); //set to a variable
//test for the existence of $test. You only want know if it's there
If($test)
{
// code
}
Member Avatar for slr

What do you mean? Sorry

Member Avatar for JRM

I mean try the code that I posted!

Sometimes functions inside of statements don't play well together. Thus "go with the flow" and separate them.

Member Avatar for slr

I get the same error on line 18: This is line 18 and the code

$action = mysql_num_rows($result);
		
			if($action)
			
			{	
				print '<script type="text/javascript">window.location="login.php</script>';
  
			} else {
				
				// Error, the password cannot be reset
				
				$err='Sorry the password has not been updated. Try again';
			}
Member Avatar for JRM

I get the same error on line 18: This is line 18 and the code

$action = mysql_num_rows($result);
		
			if($action)
			
			{	
				print '<script type="text/javascript">window.location="login.php</script>';
  
			} else {
				
				// Error, the password cannot be reset
				
				$err='Sorry the password has not been updated. Try again';
			}

I think you need to go back and fix that query as others have mentioned.
The synatx does not look correct to me.
Also, it just occurred to me that you are doing an update not a select.
This function may work better.

$test = msql_affected_rows($result);

However, you should revisit that query syntax. Did you check it with PHPmyadmin? There's just too much gooblygock there, seems to me.

$query = 'UPDATE `table`.`admin` SET `password` = \''.$password.'\' WHERE `admin`.`id` = 1';

A gereic version might be:

$query =" UPDATE 'databaseName.tableName'  SET 'password' = ". $password.
"WHERE 'tableName.id' =1";

Are you sure that you only want to keep updating id =1 ???

Member Avatar for slr

OK I changed the whole setup

login.php

<?
print "	
	<form action='changepass.php' method='GET'>
		<p>new password:
			<input type='password' name='password' size='20' />
		</p>
		<input type='submit' value='Change password' />
	</form>";
?>

changepass.php

<?
$password = $_GET['password'];
	
// Connect to MySQL

$con = mysql_connect("localhost","","");
if (!$con)
{
	die('Could not connect: ' . mysql_error());
}
mysql_select_db("", $con);

// Update the password.

mysql_query("UPDATE `admin` SET `password` = '". $password. "' WHERE `id` =1)");		

// Redirect

print '<script type="text/javascript">window.location="login.php";</script>';
?>

Now NOTHING gets updated in my database

Member Avatar for slr

MySQL PHP code without the GET String (phpMyADMIN)

$sql = 'UPDATE `table`.`admin` SET `password` = \'test\' WHERE `admin`.`id` = 1 LIMIT 1;';

Member Avatar for JRM

I asume that the query works to your satisfaction in PHPmyadmin?
Just a minor change should do it in the code:

$sql = "UPDATE `table`.`admin` SET `password` = ".$password."WHERE `admin`.`id` = 1 LIMIT 1;" ;

There were too many ticks in the sql. PHP need the quotes so that the password variable can be properly concatenated.

Member Avatar for JRM

Forgot to mention the $_get IS NOT the way collect passwords! they are displayed in the URL.
Use the POST method on the form instead.
collect with $_POST()

Member Avatar for sharikul

If anyone is finding themselves in this similar situation, try to wrap the variable names in double quotation marks. I was having a similar issue just today and wrapping my variable names within a MySQL query statement seems to have fixed it.

Member Avatar for yewbhex

//this will update the password
$update=mysql_query("UPDATE table.admin SET password = '$password' WHERE admin.id ='$id'") or die("couldn't update");

//after these all u need to do is wirte these code b/c if not updated it will display couldn't update else it will go to the next code that is the code below
header("location:login.php");

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.