Home/ Questions/Q 8840509
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T10:28:49+00:00

Possible Duplicate: PHP/MySQL – SQL syntax error? I am trying to update a user

  • 0

Possible Duplicate:
PHP/MySQL – SQL syntax error?

I am trying to update a user password with the below script, however I am just getting the following error. I have been using PHP and MySQL for only about 2 months now so am still a beginner so I would really appreciate any comments regarding my below code. Thank you in advance for your help.

You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use
near ‘(password, salt) VALUES (
‘fcf829e6c3478752799b7d49798a14640f110dd4f8767’ at line 1

<?php

//Pull in form info

$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];

//Chrck if the 2 password fields match
if($pass1 != $pass2) {
    header('Location: ../admin/pass-change.php?pw=notmatched');
    die();
}

//encrypts the password

$hash = hash('sha256', $pass1);

//creates a 3 character sequence

function createSalt()
{
    $string = md5(uniqid(rand(), true));
    return substr($string, 0, 3);
}
$salt = createSalt();
$hash = hash('sha256', $salt . $hash);

//initialise connection with databse

require_once('../Connections/EliteGrooming.php');

mysql_select_db($database_EliteGrooming, $EliteGrooming);

//Execute the query

$username = $_SESSION['username'];

$query = "UPDATE admin_users (password, salt)
        VALUES ( '$hash', '$salt' )
        WHERE username = '$username';";
mysql_query($query) or die(mysql_error());;
mysql_close();
header('Location: ../admin/pass-change.php?PassChanged');

?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    no, it should be

    UPDATE admin_users 
   SET password = '$hash', 
        salt = '$salt' 
WHERE username = '$username'

    beware, your query is vulnerable with SQL Injection, please the article below

    • 0