Display error message PHP Mysql

Question

i am unable to get the last 2 echos to work, even if the update query fails it still displays success. If anyone has any suggestions on this code to be improved on any line, please do!

<?php
        if(!empty($_POST['username']) && !empty($_POST['answer']))  { 
            $username = $_POST['username'];
            $idfetch = mysql_query("SELECT id FROM users WHERE username ='$username'") //check it
            or die(mysql_error());
            $fetched = mysql_fetch_array($idfetch);  
            $id = $fetched['id']; //get users id for checking
            $answer = $_POST['answer'];
            $password = (mysql_real_escape_string($_POST['password']));
            $confpass = (mysql_real_escape_string($_POST['confpass']));
            if ($password != $confpass) {
                echo ("Passwords do not match, please try again.");
                exit;
            }
            $updatequery = mysql_query("UPDATE users SET PASSWORD='$password' WHERE id='$id' AND username='$username' AND answer='$answer'");
            if($updatequery)  {  
                echo "<h1>Success</h1>";  
                echo "<p>Your account password was successfully changed. Please <a href=\"login.php\">click here to login</a>.</p>";  
            }  
            else  {  
                echo "<h1>Error</h1>";  
                echo "<p>Sorry, but a field was incorrect.</p>";  
            }  
       } 
?>

Thanks in advance!

Please don't use mysql_query in new applications. It's terribly dangerous if not used perfectly which is an enormous nuisance to do, though I've seen you're at least trying here. You escaped two out of three variables and introduced a gigantic injection hole, though. Close enough is not good enough on the public internet. At the very least you should be using PDO unless you have a very good reason because when using SQL placeholders these mistakes are usually non-existent. — tadman
– tadman, Commented Dec 17, 2012 at 6:54
Thanks for this comment, i appreciate it and i will look into this. I haven't seen anything on it but ill do my research! — sparkones
– sparkones, Commented Dec 17, 2012 at 7:31
There's several tutorials on how to use PDO effectively. If you haven't seen anything about it, you need better reference material. mysql_query is a relic of the 1990s. — tadman
– tadman, Commented Dec 17, 2012 at 15:37

Arun Killu · Accepted Answer · 2012-12-17 06:48:07Z

2

mysql_query("UPDATE users SET PASSWORD='$password' WHERE id='$id' AND username='$username' AND answer='$answer'") or die(mysql_error()."update failed");

and use

mysql_affected_rows()

Returns the number of affected rows on success, and -1 if the last query failed.

answered Dec 17, 2012 at 6:48

Arun Killu

14.3k5 gold badges38 silver badges66 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

Akhilraj N S · Accepted Answer · 2012-12-17 06:40:23Z

use try catch and try to get the error enable error reporting in php also

<?php
        error_reporting(E_ALL);
        ini_set('display_errors','On');
        if(!empty($_POST['username']) && !empty($_POST['answer']))  { 
        $username = $_POST['username'];
        $idfetch = mysql_query("SELECT id FROM users WHERE username ='$username'") //check it
        or die(mysql_error());
        $fetched = mysql_fetch_array($idfetch);  
        $id = $fetched['id']; //get users id for checking
        $answer = $_POST['answer'];
        $password = (mysql_real_escape_string($_POST['password']));
        $confpass = (mysql_real_escape_string($_POST['confpass']));
        if ($password != $confpass) {
        echo ("Passwords do not match, please try again.");
        exit;}

        try{
        $updatequery = mysql_query("UPDATE users SET PASSWORD='$password' WHERE id='$id' AND username='$username' AND answer='$answer'");
        if($updatequery)  {  
        echo "<h1>Success</h1>";  
        echo "<p>Your account password was successfully changed. Please <a href=\"login.php\">click here to login</a>.</p>";  }  
        else  {  
        echo "<h1>Error</h1>";  
        echo "<p>Sorry, but a field was incorrect.</p>";  
        }  

        }catch(Exception $e){
            print_R($e);
        }
        }

sicKo · Accepted Answer · 2012-12-17 06:41:20Z

0

use or die(mysql_error()) as it will display mysql error if there is an error with your query.

$updatequery = mysql_query("UPDATE users SET PASSWORD='$password' WHERE id='$id' AND username='$username' AND answer='$answer'") or die(mysql_error());

edited Dec 17, 2012 at 6:41

answered Dec 17, 2012 at 6:38

sicKo

1,2561 gold badge16 silver badges36 bronze badges

Comments

Chetana Kestikar · Accepted Answer · 2012-12-17 06:43:53Z

0

Try this:

$idfetch = mysql_query("SELECT id FROM users WHERE username ='$username'");
if(!idfetch){
  die(mysql_error());
}

Do the same for all other queries too.

answered Dec 17, 2012 at 6:43

Chetana Kestikar

5706 silver badges23 bronze badges

Comments

RaJeSh · Accepted Answer · 2012-12-17 06:48:00Z

try this, first count the row count value its great 1 then proceed the login process.

<?php
    if(!empty($_POST['username']) && !empty($_POST['answer']))  { 
        $username = $_POST['username'];
        $idfetch = mysql_query("SELECT id FROM users WHERE username ='$username'") //check it
        or die(mysql_error());
        $fetched = mysql_fetch_array($idfetch);

        $count= mysql_num_rows($idfetch);

        if($count>0){
        $id = $fetched['id']; //get users id for checking
        $answer = $_POST['answer'];
        $password = (mysql_real_escape_string($_POST['password']));
        $confpass = (mysql_real_escape_string($_POST['confpass']));
        if ($password != $confpass) {
            echo ("Passwords do not match, please try again.");
            exit;
        }

        $updatequery = mysql_query("UPDATE users SET PASSWORD='$password' WHERE id='$id' AND username='$username' AND answer='$answer'");

          if($updatequery)  {  
            echo "<h1>Success</h1>";  
            echo "<p>Your account password was successfully changed. Please <a href=\"login.php\">click here to login</a>.</p>";  
         }  
           else  {  
             echo "<h1>Error</h1>";  
             echo "<p>Sorry, but a field was incorrect.</p>";  
           }  
   } } ?>

Stefan Fandler · Accepted Answer · 2012-12-17 06:48:24Z

0

Use

if(mysql_num_rows($updatequery)  > 0) {
    // success
} else {
    // error
}

$updatequery will always be true (not NULL), until there is an error in your query

edited Dec 17, 2012 at 6:48

answered Dec 17, 2012 at 6:36

Stefan Fandler

1,1437 silver badges13 bronze badges

2 Comments

Damien Pirsy Over a year ago

Wouldn't mysql_affected_rows() be the right function instead?

Sean Over a year ago

@DamienPirsy is correct. From the manual: mysql_affected_rows() - Get the number of affected rows by the last INSERT, UPDATE, REPLACE or DELETE query. mysql_num_rows() - Retrieves the number of rows from a result set. This command is only valid for statements like SELECT or SHOW that return an actual result set. To retrieve the number of rows affected by a INSERT, UPDATE, REPLACE or DELETE query, use mysql_affected_rows().

Collectives™ on Stack Overflow

Display error message PHP Mysql

6 Answers 6

Comments

Comments

Comments

Comments

Comments

2 Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

6 Answers 6

Comments

Comments

Comments

Comments

Comments

2 Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related