ok so i am running a reset password script, its supposed to replace the password with the sha1 hashed version of password01 if successful it should return the success message if not then the failed message, but its returning the failure message weather it works or not which it always does! any ideas? i have inserted the code below:
<?php
session_start();
$host= $_SESSION["dbhost"];
$username= $_SESSION["dbuser"];
$password= $_SESSION["dbpass"];
$db_name= $_SESSION["dbname"];
$tbl_name="users"; // Table name
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$userid = $_POST['id'];
$password = 'password01';
$hashpass = sha1($password);
//$result = mysql_query("SELECT password FROM $tbl_name WHERE id='$userid'");
$sql=mysql_query("UPDATE $tbl_name SET password='$hashpass' where id='$userid'");
if (mysql_query($sql)) {
echo "<ul id='breadcrumbs-one'>";
echo "<li><a href=''>Users</a></li>";
echo "<li><a href='' class='current'>Reset</a></li>";
echo "</ul>";
echo "<div class='tn-box tn-box-color-3 mcenterlow'>";
echo "<p>The Opperation was Sucessful!<br><a href='?users'>Add Another?</a></p>";
echo "<div class='tn-progress'></div>";
echo "</div>";
}
else {
echo "<ul id='breadcrumbs-one'>";
echo "<li><a href=''>Users</a></li>";
echo "<li><a href='' class='current'>Reset</a></li>";
echo "</ul>";
echo "<div class='tn-box tn-box-color-1 mcenterlow'>";
echo "<p>The Opperation was Not Sucessful!<br><a href='?users'>Try Again?</a></p>";
echo "<div class='tn-progress'></div>";
echo "</div>";
}
?>
Apart from the comments below your question, the reason your
ifis failing, is that you are usingmysql_queryon the result of another call tomysql_query.To solve that, you should change your condition to:
(for an
UPDATEquery,mysql_queryreturntrueon success andfalseon failure)And you should really switch to PDO (or mysqli) with prepared statements and bound variables to get rid of the sql injection problem you have.