------=_Part_6700_20102362.1204034102283
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi everyone,

I'm just getting into PHP at the moment and was wondering; what code would I
need to look at a field value entered in a form, then if that value is found
in my table, enter all the other information entered in the form, to the
other fields on that record.
Basically, what I'm trying to do is give a load of users an individual
password that they enter, with various other pieces of information such as
year of birth, single/married or whatever, into a form. In MySQL I have a
table with three fields, but only the password one has any data in them. A
script will then took in the table to find the password entered in the form,
and then append all the other information (i.e. data for the other two
fields) to the particular record that holds the password value entered.

Hope that made sense, but I'd be so grateful if someone could help me with
this....

Thanks,
Max

------=_Part_6700_20102362.1204034102283--

On Feb 26, 2008, at 8:55 AM, Henry Felton wrote:

> Hi everyone,
>
> I'm just getting into PHP at the moment and was wondering; what code
> would I
> need to look at a field value entered in a form, then if that value
> is found
> in my table, enter all the other information entered in the form, to
> the
> other fields on that record.
> Basically, what I'm trying to do is give a load of users an individual
> password that they enter, with various other pieces of information
> such as
> year of birth, single/married or whatever, into a form. In MySQL I
> have a
> table with three fields, but only the password one has any data in
> them. A
> script will then took in the table to find the password entered in
> the form,
> and then append all the other information (i.e. data for the other two
> fields) to the particular record that holds the password value
> entered.
>
> Hope that made sense, but I'd be so grateful if someone could help
> me with
> this....

What you're looking for to me sounds like using the UPDATE syntax in
MySQL... something along the lines of:

$sql = "UPDATE tablename field1="$MySuperData1" field2="$MySuperData2"
where password="$MySuperHardPassword";

Of course, this is untested check the mysql site for specifics on
using update. Also... always be sure to escape your data or you are
asking for trouble...

That should be enough to get you started!



--

Jason Pruim
Raoset Inc.
Technology Manager
MQC Specialist
3251 132nd ave
Holland, MI, 49424-9337
www.raoset.com
japruim [at] raoset.com

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Lemme see if I get this right:

You could just do this:

UPDATE userPW SET field1=3D$satinized_post_field1,
field2=3D$sanitized_post_field2 WHERE userid=3D$userId and =
password=3D$userPw


if (mysql_affected_rows($conn) > 0){
echo "updated"
}else{
echo "error: ".mysql_error($conn);
}

http://docs.php.net/manual/function.mysql-query.php

I suppose you have a relationship between pw and user (as stated in
userid=3D$userid).


Hope this helps!

-----Mensagem original-----
De: Henry Felton [mailto:hdcfelton [at] gmail.com]
Enviada em: ter=E7a-feira, 26 de fevereiro de 2008 10:55
Para: php-db [at] lists.php.net
Assunto: [PHP-DB] PHP, MySQL and Lookups

Hi everyone,

I'm just getting into PHP at the moment and was wondering; what code =
would I
need to look at a field value entered in a form, then if that value is =
found
in my table, enter all the other information entered in the form, to the
other fields on that record.
Basically, what I'm trying to do is give a load of users an individual
password that they enter, with various other pieces of information such =
as
year of birth, single/married or whatever, into a form. In MySQL I have =
a
table with three fields, but only the password one has any data in them. =
A
script will then took in the table to find the password entered in the =
form,
and then append all the other information (i.e. data for the other two
fields) to the particular record that holds the password value entered.

Hope that made sense, but I'd be so grateful if someone could help me =
with
this....

Thanks,
Max

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

On Tue, Feb 26, 2008 at 8:55 AM, Henry Felton <hdcfelton [at] gmail.com> wrote:
> Hi everyone,
>
> I'm just getting into PHP at the moment and was wondering; what code would I
> need to look at a field value entered in a form, then if that value is found
> in my table, enter all the other information entered in the form, to the
> other fields on that record.
> Basically, what I'm trying to do is give a load of users an individual
> password that they enter, with various other pieces of information such as
> year of birth, single/married or whatever, into a form. In MySQL I have a
> table with three fields, but only the password one has any data in them. A
> script will then took in the table to find the password entered in the form,
> and then append all the other information (i.e. data for the other two
> fields) to the particular record that holds the password value entered.

Henry (AKA: "Max"),

Try this:

<?
include('config.php'); // Your database configuration and connection
information....

if($_POST) {
$dob = mysql_real_escape_string($_POST['dob']);
$married = mysql_real_escape_string($_POST['married']);
$pass = mysql_real_escape_string($_POST['pass']);

// When designing the database, call the password field `pass`
(without quotes).
// The word `password` is a MySQL reserved word and could cause errors.
$sql = "UPDATE table_name SET dob='".$dob."',
married='".$married."' WHERE
pass='".$pass."' LIMIT 1";
mysql_query($sql) or die("Incorrect password specified. Please
try again.");

// If we've reached here, then we can do whatever we want to acknowledge.
// Let's redirect to a thank you page, sending the variables as a
GET request
// to be parsed by the thank you page script.
header("Location: thankyou.php?dob=".$dob."&married=".$married);
exit;
}
?>
<form method="post" action="<?=$_SERVER['PHP_SELF'];?>" />
Password: <input type="password" name="pass" />

Date of birth (mm/dd/yyyy): <input type="text" name="dob" />

Status: <input type="radio" name="married" value="Married" />Married
<input type="radio" name="married" value="Single" />Single
<input type="radio" name="married" value="Widowed" />Widowed
<input type="radio" name="married" value="Divorced" />Divorced
<input type="radio" name="married" value="Wishing"
/>Wishing I Was Single

<input type="submit" value="Process Now" />
</form>
--
</Dan>

Daniel P. Brown
Senior Unix Geek
<? while(1) { $me = $mind--; sleep(86400); } ?>

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Daniel Brown wrote:
> On Tue, Feb 26, 2008 at 8:55 AM, Henry Felton <hdcfelton [at] gmail.com> wrote:
>
>> Hi everyone,
>>
>> I'm just getting into PHP at the moment and was wondering; what code would I
>> need to look at a field value entered in a form, then if that value is found
>> in my table, enter all the other information entered in the form, to the
>> other fields on that record.
>> Basically, what I'm trying to do is give a load of users an individual
>> password that they enter, with various other pieces of information such as
>> year of birth, single/married or whatever, into a form. In MySQL I have a
>> table with three fields, but only the password one has any data in them. A
>> script will then took in the table to find the password entered in the form,
>> and then append all the other information (i.e. data for the other two
>> fields) to the particular record that holds the password value entered.
>>
>
> Henry (AKA: "Max"),
>
> Try this:
>
> <?
> include('config.php'); // Your database configuration and connection
> information....
>
> if($_POST) {
> $dob = mysql_real_escape_string($_POST['dob']);
> $married = mysql_real_escape_string($_POST['married']);
> $pass = mysql_real_escape_string($_POST['pass']);
>
> // When designing the database, call the password field `pass`
> (without quotes).
> // The word `password` is a MySQL reserved word and could cause errors.
> $sql = "UPDATE table_name SET dob='".$dob."',
> married='".$married."' WHERE
> pass='".$pass."' LIMIT 1";
> mysql_query($sql) or die("Incorrect password specified. Please
> try again.");
>
> // If we've reached here, then we can do whatever we want to acknowledge.
> // Let's redirect to a thank you page, sending the variables as a
> GET request
> // to be parsed by the thank you page script.
> header("Location: thankyou.php?dob=".$dob."&married=".$married);
> exit;
> }
> ?>
> <form method="post" action="<?=$_SERVER['PHP_SELF'];?>" />
> Password: <input type="password" name="pass" />

> Date of birth (mm/dd/yyyy): <input type="text" name="dob" />

> Status: <input type="radio" name="married" value="Married" />Married
> <input type="radio" name="married" value="Single" />Single
> <input type="radio" name="married" value="Widowed" />Widowed
> <input type="radio" name="married" value="Divorced" />Divorced
> <input type="radio" name="married" value="Wishing"
> />Wishing I Was Single

> <input type="submit" value="Process Now" />
> </form>
>

Consider this, if you have not already:
What if two users happen to have the same password?

It is wrong to assume that no two users will never have the same
password. Doing an update like that, just based on the password column,
is an accident waiting to happen.

You should have a uniquely distinguished name or designation for each
user, and validate the user and password combination. Also, such a
designation should be unique, and keeping entries in a column unique can
be enforced with MySQL.

/Tobias

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

On Wed, Feb 27, 2008 at 9:52 AM, Tobias Franz=E9n <lists.zxinn [at] otaking.se> =
wrote:
> Consider this, if you have not already:
> What if two users happen to have the same password?
>
> It is wrong to assume that no two users will never have the same
> password. Doing an update like that, just based on the password column,
> is an accident waiting to happen.
>
> You should have a uniquely distinguished name or designation for each
> user, and validate the user and password combination. Also, such a
> designation should be unique, and keeping entries in a column unique can
> be enforced with MySQL.

It's also safe to presume, however, that - since the OP said,
"Basically, what I'm trying to do is give a load of users an
individual password...." - by "individual password" he means that the
password *will* be the unique key.

Just a thought. ;-P

For all other intents and purposes, however, you're 100% correct.
Using a unique auto_increment key would be your best bet.

--
</Dan>

Daniel P. Brown
Senior Unix Geek
<? while(1) { $me =3D $mind--; sleep(86400); } ?>

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php