So, I'm looking at making a form for updating user details.
if(strlen($pwd) >3){
echo "password too short";
}else{
$password=sha1($pwd);
$sqlUpdate="update user set first_name='$firstname',
last_name='$lastname',
email='$email',
username='$username',
password=SHA1('$pwd')
where user_id='$id'";
if ($upresult = mysqli_query($dbc, $sqlUpdate)){
}
}
}
else{
$sql="select * from user where user_id=" . $id ;
$result = mysqli_query($dbc, $sql);
while ($newarray=mysqli_fetch_array($result)){
$firstname=$newarray['first_name'];
$lastname=$newarray['last_name'];
$email=$newarray['email'];
$username=$newarray['username'];
$password=$newarray['password'];
}
}
That is the code I've got currently, and it works perfectly. However, I'm annoyed by the requirement to always enter the password. After some googling, it appears the most prevalent suggested solution is to run an update query where the password is not updated.
if (){
$sqlUpdate="update user set first_name='$firstname',
last_name='$lastname',
email='$email',
username='$username'
where user_id='$id'";
}else{
if(strlen($pwd) >3){
echo "password too short";
}else{
$password=sha1($pwd);
$sqlUpdate="update user set first_name='$firstname',
last_name='$lastname',
email='$email',
username='$username',
password=SHA1('$pwd')
where user_id='$id'";
if ($upresult = mysqli_query($dbc, $sqlUpdate)){
}
}
}
}
else{
$sql="select * from user where user_id=" . $id ;
$result = mysqli_query($dbc, $sql);
while ($newarray=mysqli_fetch_array($result)){
$firstname=$newarray['first_name'];
$lastname=$newarray['last_name'];
$email=$newarray['email'];
$username=$newarray['username'];
$password=$newarray['password'];
}
}
You will notice that the first if statement in the second block of code is empty. That's because no matter what I put in there to make the update happen with the password having been left empty, nothing has worked. If I put a password in, it will run THAT update just fine.
if ($pwd == ''){
if ($pwd === ''){
if (empty($pwd)){
if (empty($pwd)==TRUE){
Those are the suggestions I saw by browsing Google... I'm really stumped. What am I missing?
...ah, I can edit this. Okay.
if(isset($_POST['update'])){
...
$pwd=$_POST['password'];
is how I'm getting $pwd.
Flu and rental inspections are annoying. After inserting a var_dump($_POST['password']); as requested, the output of that is:
string 'jojo13' (length=6)
string '' (length=0)
Depending on what password I attempt to insert, the result changes. However, it appears to clearly understand that I have left the password blank, and returns string ''.
This may be the wrong way to do it, but out of curiosity, I tried running
if (strlen($_POST['password']) == 0)
It still doesn't update the database. But. Before I had it like this, entering no password caused the "password is too short" message to appear. The "password is too short" message does not appear anymore with the if statement above.